Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHOST.EXE COM Surrogate issue


  • This topic is locked This topic is locked
45 replies to this topic

#1 bigrobb52

bigrobb52

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 29 October 2014 - 05:44 AM

I have run combo fix, rouge killer and malwarebytes all in safe mode and regular mode and can't seem to get rid of the dllhost.exe issue. Upon shutdown of the computer 6 to 8 instances of internet explorer appear that are not visible as the machine is running. CPU usage is at 100% therefore the pc is running slow as molasses.  Any help would be appreciated.

Edited by Queen-Evie, 29 October 2014 - 09:56 AM.
moved from Anti-Virus and Anti-Malware Software to the appropriate forum


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:09 AM

Posted 29 October 2014 - 09:48 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 29 October 2014 - 11:10 AM

Hi,

 

I am away from the machine and will be for a few hours. Are you available later to walk through these steps?



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:09 AM

Posted 29 October 2014 - 12:40 PM

Hello,

 

I guess that we have different timezone so I am not sure if I'll be available later today. However I receive notifications on my phone when someone post on a topic where i am subscribed, so I'll try my best to reply in short intervals. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#5 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 29 October 2014 - 06:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by office (administrator) on OFFICE-PC on 29-10-2014 19:10:38
Running from C:\Users\office\Downloads
Loaded Profile: office (Available profiles: office)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-13] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {CDB7660F-A8D9-4E1A-8FF7-0EB2546C6F9C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-28]
CHR Extension: (Google Sheets) - C:\Users\office\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-28]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\office\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
S4 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-02-04] ( )
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-05-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-05-23] (Intuit Inc.) [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog) [File not signed]
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-29 19:10 - 2014-10-29 19:13 - 00024383 _____ () C:\Users\office\Downloads\FRST.txt
2014-10-29 19:10 - 2014-10-29 19:10 - 02113536 _____ (Farbar) C:\Users\office\Downloads\FRST64.exe
2014-10-29 19:10 - 2014-10-29 19:10 - 00000000 ____D () C:\FRST
2014-10-28 22:42 - 2014-10-28 22:42 - 00025189 _____ () C:\ComboFix.txt
2014-10-28 22:21 - 2014-10-28 22:21 - 05591695 ____R () C:\Users\office\Downloads\ComboFix.exe
2014-10-28 21:42 - 2014-10-28 21:42 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-10-28 21:29 - 2014-10-28 21:41 - 00000000 ____D () C:\Program Files (x86)\RegTweaker
2014-10-28 19:40 - 2014-10-28 19:44 - 00000000 ____D () C:\AdwCleaner
2014-10-28 18:40 - 2014-10-28 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 23:20 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-27 23:20 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-27 23:20 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-27 23:20 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-27 23:20 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-27 23:20 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-27 23:20 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-27 23:20 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-27 22:00 - 2014-10-27 22:00 - 00000000 ____D () C:\Windows\pss
2014-10-27 21:46 - 2014-10-28 22:42 - 00000000 ____D () C:\Qoobox
2014-10-27 21:44 - 2014-10-28 05:12 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 20:30 - 2014-10-27 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-26 21:31 - 2014-10-26 21:31 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-26 21:06 - 2014-10-28 00:03 - 00000000 ____D () C:\ProgramData\j9tbgsdger04q
2014-10-26 17:03 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Doasmo
2014-10-26 17:02 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Weybidaw
2014-10-26 17:02 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Cyhicova
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Pehura
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Oxkiobco
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Miubnato
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Imasynne
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Enozebit
2014-10-26 17:00 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Tebeage
2014-10-26 17:00 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Riyqzei
2014-10-26 16:56 - 2014-10-26 16:56 - 00070656 _____ () C:\Windows\system32\dhbdnp.dll
2014-10-26 16:56 - 2014-10-26 16:56 - 00003858 _____ () C:\Windows\System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD}
2014-10-26 16:56 - 2014-10-26 16:56 - 00000000 _____ () C:\Windows\system32\szyortk.dll
2014-10-25 21:40 - 2014-10-25 21:40 - 00277376 _____ () C:\Windows\Minidump\102514-28267-01.dmp
2014-10-25 20:08 - 2014-10-25 20:08 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-25 19:18 - 2014-10-25 19:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-25 13:41 - 2014-10-25 13:41 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-10-25 13:30 - 2014-10-25 13:32 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-10-22 20:51 - 2014-10-22 20:51 - 00008516 _____ () C:\Users\office\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-22 20:51 - 2014-10-22 20:51 - 00004198 _____ () C:\Users\office\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-22 20:51 - 2014-10-22 20:51 - 00000272 _____ () C:\Users\office\Documents\INSTALL_TOR.URL
2014-10-22 19:52 - 2014-10-22 19:52 - 00008516 _____ () C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:52 - 2014-10-22 19:52 - 00008516 _____ () C:\Users\office\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:52 - 2014-10-22 19:52 - 00004198 _____ () C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:52 - 2014-10-22 19:52 - 00004198 _____ () C:\Users\office\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:52 - 2014-10-22 19:52 - 00000272 _____ () C:\Users\office\AppData\Roaming\INSTALL_TOR.URL
2014-10-22 19:52 - 2014-10-22 19:52 - 00000272 _____ () C:\Users\office\AppData\INSTALL_TOR.URL
2014-10-22 19:48 - 2014-10-22 19:48 - 00008516 _____ () C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:48 - 2014-10-22 19:48 - 00004198 _____ () C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:48 - 2014-10-22 19:48 - 00000272 _____ () C:\Users\office\AppData\Local\INSTALL_TOR.URL
2014-10-22 19:41 - 2014-10-22 19:41 - 00008516 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:41 - 2014-10-22 19:41 - 00004198 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:41 - 2014-10-22 19:41 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-22 16:54 - 2014-10-25 09:25 - 00000000 ____D () C:\bd5467d
2014-10-22 16:39 - 2014-10-26 20:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-20 21:29 - 2014-10-20 21:29 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-20 21:29 - 2014-10-20 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-20 21:28 - 2014-10-20 21:29 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-20 21:28 - 2014-10-20 21:29 - 00000000 ____D () C:\Program Files\iTunes
2014-10-20 21:28 - 2014-10-20 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-10-20 21:28 - 2014-10-20 21:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-15 17:11 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:11 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 17:11 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 17:11 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:11 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 17:11 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 17:11 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 17:11 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 17:11 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 17:11 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:11 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:11 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:11 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 17:11 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 17:11 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:11 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 17:11 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:11 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 17:11 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 17:11 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:11 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:11 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:11 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:11 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 17:11 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 17:11 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 17:11 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 17:11 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 17:11 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 17:11 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:11 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 17:11 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 17:11 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:11 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 17:11 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 17:11 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:11 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 17:11 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:11 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 17:11 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 17:11 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 17:11 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 17:11 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 17:11 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 17:11 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:11 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:11 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 17:11 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 17:11 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:11 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 17:11 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 17:11 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 17:11 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:11 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 17:11 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 17:11 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 17:11 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 17:11 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:09 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 17:09 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 17:09 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 17:09 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 17:08 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:08 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 17:08 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:08 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 17:08 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 17:08 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 17:08 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 17:08 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 17:08 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 17:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-08 05:13 - 2014-10-08 05:13 - 00277376 _____ () C:\Windows\Minidump\100814-20373-01.dmp
2014-10-04 14:53 - 2014-10-04 14:54 - 00462784 _____ () C:\Users\office\Documents\American Revolution.pptx
2014-10-01 18:15 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 18:15 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-29 19:12 - 2009-07-14 01:10 - 02068947 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 19:07 - 2010-07-10 10:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-29 19:07 - 2010-07-10 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-29 19:07 - 2010-05-05 22:09 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-29 19:06 - 2010-07-10 10:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 19:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 19:06 - 2009-07-14 00:51 - 00132921 _____ () C:\Windows\setupact.log
2014-10-29 05:43 - 2010-07-10 10:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 05:42 - 2011-03-12 18:29 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 05:38 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 05:38 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 05:31 - 2010-05-05 23:59 - 03509706 _____ () C:\Windows\PFRO.log
2014-10-28 22:39 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 22:07 - 2010-09-28 13:04 - 00000000 ____D () C:\Users\office\AppData\Local\CrashDumps
2014-10-28 21:55 - 2012-04-08 10:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 19:31 - 2010-07-10 10:53 - 00000000 ____D () C:\Users\office\Documents\Quicken
2014-10-28 18:53 - 2011-01-04 20:46 - 00000000 ____D () C:\Windows\Sun
2014-10-28 18:18 - 2009-07-14 01:13 - 00783682 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 05:15 - 2014-04-22 15:36 - 00000000 ____D () C:\Users\dub_cm_auto
2014-10-28 01:03 - 2009-07-13 22:34 - 25165824 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-28 01:03 - 2009-07-13 22:34 - 103284736 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-28 01:03 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-28 01:03 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-28 01:03 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-27 20:30 - 2014-05-03 19:34 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus.lnk
2014-10-26 16:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-25 21:40 - 2011-02-28 09:11 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 21:39 - 2011-02-28 09:11 - 510626625 _____ () C:\Windows\MEMORY.DMP
2014-10-23 05:44 - 2014-02-13 07:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-23 02:33 - 2010-07-10 10:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 02:33 - 2010-07-10 10:49 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 20:56 - 2014-07-22 06:05 - 00000000 ___RD () C:\Users\office\Google Drive
2014-10-22 20:51 - 2012-12-26 22:07 - 00000000 ____D () C:\Users\office\Documents\TomTom
2014-10-22 20:09 - 2010-08-26 06:15 - 00000000 ____D () C:\Users\office\Documents\Symantec
2014-10-22 20:08 - 2011-01-31 14:37 - 00000000 ____D () C:\Users\office\Documents\My Photos
2014-10-22 20:08 - 2010-08-31 21:23 - 00000000 ____D () C:\Users\office\Documents\My Scans
2014-10-22 20:07 - 2013-07-01 15:22 - 00000000 ____D () C:\Users\office\Documents\Garmin
2014-10-22 19:52 - 2012-12-26 22:07 - 00000000 ____D () C:\Users\office\AppData\Roaming\TomTom
2014-10-22 19:52 - 2011-03-12 18:28 - 00000000 ____D () C:\Users\office\AppData\Roaming\Skype
2014-10-22 19:51 - 2012-02-14 23:59 - 00000000 ____D () C:\Users\office\AppData\Roaming\CompanionLink
2014-10-22 19:51 - 2010-08-30 22:51 - 00000000 ____D () C:\Users\office\AppData\Roaming\HP
2014-10-22 19:51 - 2010-07-10 10:44 - 00000000 ____D () C:\Users\office\AppData\Roaming\Intuit
2014-10-22 19:51 - 2010-07-10 10:40 - 00000000 ____D () C:\Users\office\AppData\Roaming\Arcsoft
2014-10-22 19:51 - 2010-07-10 10:19 - 00000000 ____D () C:\Users\office\AppData\Roaming\Apple Computer
2014-10-22 19:49 - 2010-07-10 10:27 - 00000000 ____D () C:\Users\office\AppData\Roaming\Adobe
2014-10-22 19:48 - 2012-12-31 09:27 - 00000000 ____D () C:\Users\office\AppData\Local\Symantec
2014-10-22 19:48 - 2012-02-22 21:43 - 00000000 ____D () C:\Users\office\AppData\Local\Quicken WillMaker Plus 2011
2014-10-22 19:48 - 2011-01-10 11:39 - 00000000 ____D () C:\Users\office\AppData\Local\Quicken Legal Business Pro
2014-10-22 19:48 - 2011-01-10 11:36 - 00000000 ____D () C:\Users\office\AppData\Local\Quicken WillMaker
2014-10-22 19:48 - 2010-07-10 10:09 - 00000000 ____D () C:\Users\office\AppData\Local\SupportSoft
2014-10-22 19:41 - 2013-07-08 20:17 - 00000000 ____D () C:\ProgramData\WebEx
2014-10-22 19:41 - 2012-12-14 02:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-22 19:41 - 2010-07-10 10:40 - 00000000 ____D () C:\Users\office\AppData\Local\ArcSoft
2014-10-22 19:41 - 2010-07-10 10:33 - 00000000 ____D () C:\Users\office\AppData\Local\Google
2014-10-22 19:41 - 2010-07-10 10:19 - 00000000 ____D () C:\Users\office\AppData\Local\Apple Computer
2014-10-22 19:40 - 2012-01-09 22:46 - 00000000 ____D () C:\ProgramData\Motive
2014-10-22 19:40 - 2011-03-12 18:28 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 19:40 - 2010-11-15 22:09 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-10-22 19:40 - 2010-08-26 06:14 - 00000000 ____D () C:\ProgramData\Norton
2014-10-22 19:40 - 2010-07-10 10:43 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-22 19:40 - 2010-07-10 10:35 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-22 19:40 - 2010-05-05 22:16 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-22 19:32 - 2013-07-01 15:17 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-22 19:32 - 2010-08-30 22:14 - 00000000 ____D () C:\ProgramData\HP
2014-10-22 19:32 - 2010-07-10 10:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-22 19:32 - 2010-05-05 22:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-20 21:28 - 2014-09-16 05:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 21:28 - 2014-01-25 09:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-16 04:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 03:40 - 2009-07-14 00:45 - 00433032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:20 - 2010-07-17 10:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 03:15 - 2013-08-10 03:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:02 - 2010-07-13 07:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-01 05:38 - 2014-06-23 19:17 - 00001121 _____ () C:\Users\Public\Desktop\Polar FlowSync.lnk
2014-10-01 05:35 - 2014-06-23 19:18 - 00000000 ____D () C:\ProgramData\boost_interprocess
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 22:00
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by office at 2014-10-29 19:14:22
Running from C:\Users\office\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM-x32\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.13 - Audible, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVDFab 8.1.1.2 (08/08/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Polar FlowSync version 2.2.6 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.2.6 - Polar Electro Oy)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4007.2305 - Intuit Inc.)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.6.25 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-10-2014 03:21:01 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-28 20:14 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {124981A8-4A10-4B67-A638-DD3ED9CF75F5} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {5606D177-E3EA-4416-81C6-FBEF524AA703} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {5BF2248D-9DE9-456C-B52F-9CCAF40D6E86} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {65C1DFF1-9E9E-42CD-8091-68EE04A08527} - System32\Tasks\Installation App Launcher => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {6EBD3D95-79C6-4BA0-95D2-A016020C4C25} - System32\Tasks\{CB850AE1-9F33-4D38-B1EE-0E3C544F3E4C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {9E86D668-AF0F-4EA3-945F-EF38EA0A835F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {AC8AC9A4-9D5D-4625-8085-07FE6678AFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BAF60F23-8190-4992-ADA6-50A2F95913E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C4F69F2A-EAB7-4313-BD78-D933BA13F4BC} - System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD} => C:\Windows\system32\dhbdnp.dll [2014-10-26] ()
Task: {C7EB7186-9CDD-4C73-8E15-6661DDFD919D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {E619BE88-47BA-4047-9017-269647F16E05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-16 07:47 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-22 14:00 - 2013-08-22 14:00 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2014-06-15 14:53 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-10-16 03:49 - 2014-10-16 03:49 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\c29d8779b3a3599f44e21e017541cd0c\VistaBridgeLibrary.ni.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-05-05 22:09 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-15 14:53 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-29 05:42 - 2014-10-22 00:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 05:42 - 2014-10-22 00:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 05:42 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 05:42 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 05:42 - 2014-10-22 00:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-02-13 07:01 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06049061.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38890463.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06049061.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38890463.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2036248038-1645555011-1603749898-500 - Administrator - Disabled)
Guest (S-1-5-21-2036248038-1645555011-1603749898-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2036248038-1645555011-1603749898-1002 - Limited - Enabled)
office (S-1-5-21-2036248038-1645555011-1603749898-1001 - Administrator - Enabled) => C:\Users\office
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/28/2014 10:21:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (10/28/2014 10:21:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/28/2014 10:21:44 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (10/28/2014 10:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001201e2
Faulting process id: 0x27d4
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (10/28/2014 10:02:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001601e2
Faulting process id: 0x2900
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (10/28/2014 09:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002701e2
Faulting process id: 0x2518
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (10/28/2014 09:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001601e2
Faulting process id: 0x24ac
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (10/28/2014 09:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002501e2
Faulting process id: 0x185c
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (10/28/2014 07:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garmin.Cartography.MapUpdate.CoreService.exe, version: 2.2.21.0, time stamp: 0x52165fb0
Faulting module name: MSVCR110_CLR0400.dll, version: 11.0.50938.18408, time stamp: 0x52310cfe
Exception code: 0xc0000005
Fault offset: 0x0000156e
Faulting process id: 0x70c
Faulting application start time: 0xGarmin.Cartography.MapUpdate.CoreService.exe0
Faulting application path: Garmin.Cartography.MapUpdate.CoreService.exe1
Faulting module path: Garmin.Cartography.MapUpdate.CoreService.exe2
Report Id: Garmin.Cartography.MapUpdate.CoreService.exe3
 
Error: (10/28/2014 07:52:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garmin.Cartography.MapUpdate.CoreService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at System.Runtime.InteropServices.Marshal.PtrToStructureHelper(IntPtr, System.Object, Boolean)
   at System.Runtime.InteropServices.Marshal.PtrToStructure(IntPtr, System.Type)
   at Garmin.Cartography.MapUpdate.CoreService.Device.DeviceNotifier_Release.NotifyDeviceEvent(Int32, IntPtr)
   at Garmin.Cartography.MapUpdate.CoreService.ServiceMain.HandleServiceEvent(Int32, Int32, IntPtr, IntPtr)
   at System.ServiceProcess.NativeMethods.StartServiceCtrlDispatcher(IntPtr)
   at System.ServiceProcess.ServiceBase.Run(System.ServiceProcess.ServiceBase[])
   at System.ServiceProcess.ServiceBase.Run(System.ServiceProcess.ServiceBase)
   at Garmin.Cartography.MapUpdate.CoreService.Program.Run()
   at Garmin.Cartography.MapUpdate.CoreService.Program.Main()
 
 
System errors:
=============
Error: (10/29/2014 07:07:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/29/2014 07:07:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/29/2014 05:32:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/29/2014 05:32:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/28/2014 10:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/28/2014 10:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/28/2014 10:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/28/2014 10:44:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/28/2014 10:44:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/28/2014 10:44:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/28/2014 10:21:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (10/28/2014 10:21:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (10/28/2014 10:21:44 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (10/28/2014 10:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001201e227d401cff31d121c44b6C:\Windows\syswow64\dllhost.exeunknown50f1ac28-5f10-11e4-a054-00256487f9ac
 
Error: (10/28/2014 10:02:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001601e2290001cff31c582732a8C:\Windows\syswow64\dllhost.exeunknown96bf6924-5f0f-11e4-a054-00256487f9ac
 
Error: (10/28/2014 09:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002701e2251801cff31ba2a09927C:\Windows\syswow64\dllhost.exeunknowne19175b8-5f0e-11e4-a054-00256487f9ac
 
Error: (10/28/2014 09:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005001601e224ac01cff31aebd3597cC:\Windows\syswow64\dllhost.exeunknown2a1901f3-5f0e-11e4-a054-00256487f9ac
 
Error: (10/28/2014 09:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002501e2185c01cff31a2bbd3551C:\Windows\syswow64\dllhost.exeunknown6a282e47-5f0d-11e4-a054-00256487f9ac
 
Error: (10/28/2014 07:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Garmin.Cartography.MapUpdate.CoreService.exe2.2.21.052165fb0MSVCR110_CLR0400.dll11.0.50938.1840852310cfec00000050000156e70c01cff30a032a6d0fC:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exeC:\Windows\system32\MSVCR110_CLR0400.dll78f80b52-5efd-11e4-920f-00256487f9ac
 
Error: (10/28/2014 07:52:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garmin.Cartography.MapUpdate.CoreService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at System.Runtime.InteropServices.Marshal.PtrToStructureHelper(IntPtr, System.Object, Boolean)
   at System.Runtime.InteropServices.Marshal.PtrToStructure(IntPtr, System.Type)
   at Garmin.Cartography.MapUpdate.CoreService.Device.DeviceNotifier_Release.NotifyDeviceEvent(Int32, IntPtr)
   at Garmin.Cartography.MapUpdate.CoreService.ServiceMain.HandleServiceEvent(Int32, Int32, IntPtr, IntPtr)
   at System.ServiceProcess.NativeMethods.StartServiceCtrlDispatcher(IntPtr)
   at System.ServiceProcess.ServiceBase.Run(System.ServiceProcess.ServiceBase[])
   at System.ServiceProcess.ServiceBase.Run(System.ServiceProcess.ServiceBase)
   at Garmin.Cartography.MapUpdate.CoreService.Program.Run()
   at Garmin.Cartography.MapUpdate.CoreService.Program.Main()
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-28 00:58:07.473
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-28 00:58:07.052
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 6108.98 MB
Available physical RAM: 3185.77 MB
Total Pagefile: 12216.15 MB
Available Pagefile: 8781.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.95 GB) (Free:393.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 78033E78)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:09 AM

Posted 30 October 2014 - 12:49 AM

Hi,

 

 

Your computer is very badly infected with a multitude of viruses.

You also appear to be infected with cryptowall. Check the link below for more information:

CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

 

 

Please download the following file => [attachment=156967:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 04:54 AM

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by office at 2014-10-30 05:42:49 Run:1
Running from C:\Users\office\Desktop
Loaded Profile: office (Available profiles: office)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
DeleteKey: HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {CDB7660F-A8D9-4E1A-8FF7-0EB2546C6F9C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\office\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx []
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
cmd: type C:\ComboFix.txt
2014-10-26 21:06 - 2014-10-28 00:03 - 00000000 ____D () C:\ProgramData\j9tbgsdger04q
2014-10-26 17:03 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Doasmo
2014-10-26 17:02 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Weybidaw
2014-10-26 17:02 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Cyhicova
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Pehura
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Oxkiobco
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Miubnato
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Imasynne
2014-10-26 17:01 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Enozebit
2014-10-26 17:00 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Tebeage
2014-10-26 17:00 - 2014-10-28 18:52 - 00000000 ____D () C:\Users\office\AppData\Roaming\Riyqzei
2014-10-26 16:56 - 2014-10-26 16:56 - 00070656 _____ () C:\Windows\system32\dhbdnp.dll
2014-10-26 16:56 - 2014-10-26 16:56 - 00003858 _____ () C:\Windows\System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD}
2014-10-26 16:56 - 2014-10-26 16:56 - 00000000 _____ () C:\Windows\system32\szyortk.dll
2014-10-22 20:51 - 2014-10-22 20:51 - 00008516 _____ () C:\Users\office\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-22 20:51 - 2014-10-22 20:51 - 00004198 _____ () C:\Users\office\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-22 20:51 - 2014-10-22 20:51 - 00000272 _____ () C:\Users\office\Documents\INSTALL_TOR.URL
2014-10-22 19:52 - 2014-10-22 19:52 - 00008516 _____ () C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:52 - 2014-10-22 19:52 - 00008516 _____ () C:\Users\office\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:52 - 2014-10-22 19:52 - 00004198 _____ () C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:52 - 2014-10-22 19:52 - 00004198 _____ () C:\Users\office\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:52 - 2014-10-22 19:52 - 00000272 _____ () C:\Users\office\AppData\Roaming\INSTALL_TOR.URL
2014-10-22 19:52 - 2014-10-22 19:52 - 00000272 _____ () C:\Users\office\AppData\INSTALL_TOR.URL
2014-10-22 19:48 - 2014-10-22 19:48 - 00008516 _____ () C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:48 - 2014-10-22 19:48 - 00004198 _____ () C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:48 - 2014-10-22 19:48 - 00000272 _____ () C:\Users\office\AppData\Local\INSTALL_TOR.URL
2014-10-22 19:41 - 2014-10-22 19:41 - 00008516 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-22 19:41 - 2014-10-22 19:41 - 00004198 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-22 19:41 - 2014-10-22 19:41 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-22 16:54 - 2014-10-25 09:25 - 00000000 ____D () C:\bd5467d
2014-10-22 16:39 - 2014-10-26 20:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-01 05:35 - 2014-06-23 19:18 - 00000000 ____D () C:\ProgramData\boost_interprocess
Task: {C4F69F2A-EAB7-4313-BD78-D933BA13F4BC} - System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD} => C:\Windows\system32\dhbdnp.dll [2014-10-26] ()
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06049061.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38890463.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06049061.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38890463.sys => ""="Driver"
cmd: dir /a/s "%temp%"
emptytemp:
end
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF0511D-8F4C-4476-95F8-B7D65162CB7F}" => Key deleted successfully.
"HKCR\CLSID\{BDF0511D-8F4C-4476-95F8-B7D65162CB7F}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDB7660F-A8D9-4E1A-8FF7-0EB2546C6F9C}" => Key deleted successfully.
"HKCR\CLSID\{CDB7660F-A8D9-4E1A-8FF7-0EB2546C6F9C}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
"C:\Users\office\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx" => File/Directory not found.
TrueSight => Service deleted successfully.
catchme => Service deleted successfully.
 
=========  type C:\ComboFix.txt =========
 
ComboFix 14-10-27.01 - office 10/28/2014  22:22:32.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.5143 [GMT -4:00]
Running from: c:\users\office\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-29  )))))))))))))))))))))))))))))))
.
.
2014-10-29 02:39 . 2014-10-29 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-29 01:42 . 2014-10-29 01:42 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2014-10-29 01:29 . 2014-10-29 01:41 -------- d-----w- c:\program files (x86)\RegTweaker
2014-10-28 23:40 . 2014-10-28 23:44 -------- d-----w- C:\AdwCleaner
2014-10-28 22:40 . 2014-10-28 22:40 -------- d-----w- c:\programdata\Malwarebytes
2014-10-27 01:31 . 2014-10-27 01:31 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-27 01:06 . 2014-10-28 04:03 -------- d-----w- c:\programdata\j9tbgsdger04q
2014-10-26 21:03 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Doasmo
2014-10-26 21:02 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Weybidaw
2014-10-26 21:02 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Cyhicova
2014-10-26 21:01 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Imasynne
2014-10-26 21:01 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Pehura
2014-10-26 21:01 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Miubnato
2014-10-26 21:01 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Enozebit
2014-10-26 21:01 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Oxkiobco
2014-10-26 21:00 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Riyqzei
2014-10-26 21:00 . 2014-10-28 22:52 -------- d-----w- c:\users\office\AppData\Roaming\Tebeage
2014-10-26 20:56 . 2014-10-26 20:56 0 ----a-w- c:\windows\system32\szyortk.dll
2014-10-26 20:56 . 2014-10-26 20:56 70656 ----a-w- c:\windows\system32\dhbdnp.dll
2014-10-26 00:08 . 2014-10-26 00:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-25 23:18 . 2014-10-25 23:18 -------- d-----w- c:\programdata\RogueKiller
2014-10-22 20:54 . 2014-10-25 13:25 -------- d-----w- C:\bd5467d
2014-10-21 01:28 . 2014-10-21 01:28 -------- d-----w- c:\program files\iPod
2014-10-21 01:28 . 2014-10-21 01:29 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 01:28 . 2014-10-21 01:29 -------- d-----w- c:\program files\iTunes
2014-10-21 01:28 . 2014-10-21 01:28 -------- d-----w- c:\program files (x86)\iTunes
2014-10-15 21:09 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-15 21:09 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-15 21:09 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 21:09 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-01 22:15 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 22:15 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 07:02 . 2010-07-13 11:03 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 00:55 . 2012-04-08 14:27 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-25 00:55 . 2011-06-29 10:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 22:11 . 2014-09-24 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 09:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-28 09:28 . 2010-06-24 15:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 03:44 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 03:44 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-22 10:05 . 2014-08-22 10:05 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53 . 2014-09-11 09:48 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 09:48 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
.
c:\users\office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-15 6282040]
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2014-6-15 8453376]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
R4 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-18 17:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 00:55]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 06:33]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 06:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
TCP: DhcpNameServer = 192.168.2.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2036248038-1645555011-1603749898-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2036248038-1645555011-1603749898-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28  22:42:49
ComboFix-quarantined-files.txt  2014-10-29 02:42
ComboFix2.txt  2014-10-28 09:15
.
Pre-Run: 421,855,195,136 bytes free
Post-Run: 422,180,306,944 bytes free
.
- - End Of File - - 948E320D4119EC3F99B057A452A81679
CDB4DE4BBD714F152979DA2DCBEF57EB
 
========= End of CMD: =========
 
C:\ProgramData\j9tbgsdger04q => Moved successfully.
C:\Users\office\AppData\Roaming\Doasmo => Moved successfully.
C:\Users\office\AppData\Roaming\Weybidaw => Moved successfully.
C:\Users\office\AppData\Roaming\Cyhicova => Moved successfully.
C:\Users\office\AppData\Roaming\Pehura => Moved successfully.
C:\Users\office\AppData\Roaming\Oxkiobco => Moved successfully.
C:\Users\office\AppData\Roaming\Miubnato => Moved successfully.
C:\Users\office\AppData\Roaming\Imasynne => Moved successfully.
C:\Users\office\AppData\Roaming\Enozebit => Moved successfully.
C:\Users\office\AppData\Roaming\Tebeage => Moved successfully.
C:\Users\office\AppData\Roaming\Riyqzei => Moved successfully.
C:\Windows\system32\dhbdnp.dll => Moved successfully.
C:\Windows\System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD} => Moved successfully.
Could not move "C:\Windows\system32\szyortk.dll" => Scheduled to move on reboot.
C:\Users\office\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\office\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\office\Documents\INSTALL_TOR.URL => Moved successfully.
C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\office\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\office\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\office\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\office\AppData\Roaming\INSTALL_TOR.URL => Moved successfully.
C:\Users\office\AppData\INSTALL_TOR.URL => Moved successfully.
C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\office\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\office\AppData\Local\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\INSTALL_TOR.URL => Moved successfully.
C:\bd5467d => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4F69F2A-EAB7-4313-BD78-D933BA13F4BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F69F2A-EAB7-4313-BD78-D933BA13F4BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBEB229C-9DCC-A6CF-6B52-B7A6A0F4DFDD}" => Key deleted successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\06049061.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\38890463.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\06049061.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\38890463.sys" => Key deleted successfully.
 
=========  dir /a/s "%temp%" =========
 
 Volume in drive C is OS
 Volume Serial Number is 4441-CB36
 
 Directory of C:\Users\office\AppData\Local\Temp
 
10/30/2014  05:42 AM    <DIR>          .
10/30/2014  05:42 AM    <DIR>          ..
10/29/2014  05:42 AM                 0 chrome_installer.log
10/29/2014  07:38 PM             2,216 dat8C76.tmp
10/28/2014  10:42 PM    <DIR>          f0
05/03/2014  07:25 PM                 0 FXSAPIDebugLogFile.txt
10/30/2014  05:28 AM             1,272 hpqddusr.log
10/29/2014  07:22 PM             1,313 MAR18EC.tmp
10/29/2014  07:22 PM             1,285 MAR192B.tmp
10/29/2014  05:32 AM             1,313 MAR3EF2.tmp
10/29/2014  05:32 AM             1,285 MAR3F61.tmp
10/30/2014  05:28 AM             1,313 MAR7A8B.tmp
10/30/2014  05:28 AM             1,285 MAR7E92.tmp
10/29/2014  07:07 PM             1,313 MARE7ED.tmp
10/29/2014  07:07 PM             1,285 MARE9D2.tmp
10/30/2014  05:29 AM            10,962 RedboxLog.txt
10/30/2014  05:34 AM    <DIR>          TeamViewer
10/30/2014  05:28 AM    <DIR>          WPDNSE
              13 File(s)         24,842 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
10/28/2014  10:42 PM    <DIR>          AppData
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0\AppData
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
10/28/2014  10:42 PM    <DIR>          Roaming
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0\AppData\Roaming
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
10/28/2014  10:42 PM    <DIR>          Microsoft
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0\AppData\Roaming\Microsoft
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
10/28/2014  10:42 PM    <DIR>          Windows
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0\AppData\Roaming\Microsoft\Windows
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
10/28/2014  10:42 PM    <DIR>          IECompatCache
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\f0\AppData\Roaming\Microsoft\Windows\IECompatCache
 
10/28/2014  10:42 PM    <DIR>          .
10/28/2014  10:42 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\TeamViewer
 
10/30/2014  05:34 AM    <DIR>          .
10/30/2014  05:34 AM    <DIR>          ..
10/30/2014  05:34 AM    <DIR>          Version8
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\TeamViewer\Version8
 
10/30/2014  05:34 AM    <DIR>          .
10/30/2014  05:34 AM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Users\office\AppData\Local\Temp\WPDNSE
 
10/30/2014  05:28 AM    <DIR>          .
10/30/2014  05:28 AM    <DIR>          ..
               0 File(s)              0 bytes
 
     Total Files Listed:
              13 File(s)         24,842 bytes
              29 Dir(s)  421,967,581,184 bytes free
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1.7 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-30 05:51:43)<=
 
C:\Windows\system32\szyortk.dll => Is moved successfully.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:09 AM

Posted 30 October 2014 - 06:52 AM

Good,

 

Next I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

That's it for now. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 07:12 PM

Rkill did not produce a log.



#10 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 07:31 PM

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : office [Administrator]
Mode : Scan -- Date : 10/30/2014  20:28:29
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2036248038-1645555011-1603749898-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750528AS +++++
--- User ---
[MBR] 80a7da04d940938bca491963aa6a8c35
[BSP] b689a285b9fb589571be9d69c096bbe2 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 700363 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_10282014_201501.log - RKreport_DEL_10282014_202615.log - RKreport_SCN_10282014_201316.log - RKreport_SCN_10282014_202119.log


#11 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 07:40 PM

21:00:10.0075 0x1150  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:00:54.0543 0x1150  ============================================================
21:00:57.0552 0x1150  Current date / time: 2014/10/26 21:00:54.0543
21:00:57.0552 0x1150  SystemInfo:
21:00:57.0552 0x1150  
21:00:57.0552 0x1150  OS Version: 6.1.7601 ServicePack: 1.0
21:00:57.0552 0x1150  Product type: Workstation
21:00:57.0552 0x1150  ComputerName: OFFICE-PC
21:00:57.0559 0x1150  UserName: office
21:00:57.0559 0x1150  Windows directory: C:\Windows
21:00:57.0559 0x1150  System windows directory: C:\Windows
21:00:57.0559 0x1150  Running under WOW64
21:00:57.0559 0x1150  Processor architecture: Intel x64
21:00:57.0559 0x1150  Number of processors: 2
21:00:57.0559 0x1150  Page size: 0x1000
21:00:57.0559 0x1150  Boot type: Normal boot
21:00:57.0559 0x1150  ============================================================
21:01:43.0882 0x1150  KLMD registered as C:\Windows\system32\drivers\82178391.sys
21:01:52.0605 0x1150  System UUID: {75F77E86-5061-9243-4386-5E8ADCD46CC9}
21:02:00.0269 0x1150  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:02:00.0316 0x1150  Drive \Device\Harddisk5\DR5 - Size: 0x3BA300000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:02:00.0318 0x1150  ============================================================
21:02:00.0318 0x1150  \Device\Harddisk0\DR0:
21:02:00.0318 0x1150  MBR partitions:
21:02:00.0318 0x1150  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:02:00.0318 0x1150  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x557E5EF0
21:02:00.0318 0x1150  \Device\Harddisk5\DR5:
21:02:00.0319 0x1150  MBR partitions:
21:02:00.0319 0x1150  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
21:02:00.0319 0x1150  ============================================================
21:02:00.0367 0x1150  C: <-> \Device\Harddisk0\DR0\Partition2
21:02:00.0367 0x1150  ============================================================
21:02:00.0367 0x1150  Initialize success
21:02:00.0367 0x1150  ============================================================
21:05:54.0371 0x05e8  ============================================================
21:05:54.0372 0x05e8  Scan started
21:05:54.0372 0x05e8  Mode: Manual; 
21:05:54.0372 0x05e8  ============================================================
21:05:54.0372 0x05e8  KSN ping started
21:06:07.0813 0x05e8  KSN ping finished: true
21:06:25.0001 0x05e8  ================ Scan system memory ========================
21:06:25.0001 0x05e8  System memory - ok
21:06:25.0045 0x05e8  ================ Scan services =============================
21:06:26.0804 0x05e8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:06:27.0525 0x05e8  1394ohci - ok
21:06:30.0208 0x05e8  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:06:31.0017 0x05e8  ACDaemon - ok
21:06:32.0601 0x05e8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:06:32.0611 0x05e8  ACPI - ok
21:06:32.0644 0x05e8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:06:33.0046 0x05e8  AcpiPmi - ok
21:06:34.0837 0x05e8  [ 765FE0463E711E5A68AC7B69538ED922, A1D31DECBE8F703DB2FAF4B1A10D3B70FBBA0AD776CDC1B813387BFEDAE9D0A0 ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:06:35.0025 0x05e8  AdobeActiveFileMonitor8.0 - ok
21:06:38.0167 0x05e8  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:38.0170 0x05e8  AdobeARMservice - ok
21:06:44.0436 0x05e8  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:06:44.0496 0x05e8  AdobeFlashPlayerUpdateSvc - ok
21:06:51.0397 0x05e8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:52.0028 0x05e8  adp94xx - ok
21:06:57.0329 0x05e8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:06:57.0631 0x05e8  adpahci - ok
21:07:02.0322 0x05e8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:07:02.0346 0x05e8  adpu320 - ok
21:07:04.0239 0x05e8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:07:04.0246 0x05e8  AeLookupSvc - ok
21:07:05.0423 0x05e8  [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
21:07:05.0424 0x05e8  Afc - ok
21:07:08.0167 0x05e8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:07:08.0177 0x05e8  AFD - ok
21:07:09.0201 0x05e8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:07:09.0240 0x05e8  agp440 - ok
21:07:12.0080 0x05e8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:07:12.0174 0x05e8  ALG - ok
21:07:16.0703 0x05e8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:07:16.0765 0x05e8  aliide - ok
21:07:22.0816 0x05e8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:07:22.0836 0x05e8  amdide - ok
21:07:23.0957 0x05e8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:07:23.0981 0x05e8  AmdK8 - ok
21:07:24.0381 0x05e8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:07:24.0401 0x05e8  AmdPPM - ok
21:07:25.0648 0x05e8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:07:25.0703 0x05e8  amdsata - ok
21:07:26.0141 0x05e8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:07:26.0166 0x05e8  amdsbs - ok
21:07:26.0186 0x05e8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:07:26.0193 0x05e8  amdxata - ok
21:07:26.0421 0x05e8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:07:26.0465 0x05e8  AppID - ok
21:07:26.0996 0x05e8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:07:27.0120 0x05e8  AppIDSvc - ok
21:07:33.0942 0x05e8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:07:33.0945 0x05e8  Appinfo - ok
21:07:39.0874 0x05e8  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:07:39.0876 0x05e8  Apple Mobile Device - ok
21:07:44.0033 0x05e8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:07:44.0070 0x05e8  arc - ok
21:07:48.0163 0x05e8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:07:48.0186 0x05e8  arcsas - ok
21:07:49.0770 0x05e8  Scan was interrupted by user!
21:07:49.0770 0x05e8  Waiting for KSN requests completion. In queue: 2
21:07:50.0772 0x05e8  Waiting for KSN requests completion. In queue: 1
21:07:51.0773 0x05e8  Waiting for KSN requests completion. In queue: 1
21:07:52.0798 0x05e8  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
21:07:53.0421 0x05e8  Win FW state via NFP2: enabled
21:07:56.0496 0x05e8  ============================================================
21:07:56.0496 0x05e8  Scan finished
21:07:56.0496 0x05e8  ============================================================
21:08:01.0811 0x1254  Detected object count: 0
21:08:01.0811 0x1254  Actual detected object count: 0
21:08:22.0225 0x286c  Deinitialize success


#12 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 07:41 PM

Found the Rkill Log

 

kill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/30/2014 08:03:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:09 AM

Posted 30 October 2014 - 07:54 PM

Rkill did not produce a log.

 

Can you please restart the computer and try again?

 

Also you used an old version of TDSSKiller:

 

21:00:10.0075 0x1150  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

 

The latest version is 3.0.0.41

 

Please download and run the latest one from the link in my previous post (or post the correct log)...you probably posted an old one:
 

 

Current date / time: 2014/10/26 21:00:54.0543

 

 

Thanks! :)


cXfZ4wS.png


#14 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 08:01 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/30/2014
Scan Time: 8:43:45 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.30.13
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: office
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370305
Time Elapsed: 15 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 bigrobb52

bigrobb52
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 30 October 2014 - 08:08 PM

http://pastebin.com/Rzcb4A2Z






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users