Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate/dllhost.exe*32 taxing system resources


  • This topic is locked This topic is locked
36 replies to this topic

#1 shomer

shomer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 02 November 2014 - 10:43 PM

Hello,

 

Similar it seems to many others recently, my machine has been infected with this malware. A high number of processes running are eating up memory and CPU function- dllhost.exe*32, uxroa.exe*32, dyvaqi.exe*32, Nbhdtgwszae.exe*32, are the names of some that appear repeatedly as open processes- end the processes as many times as I want, but more continue to pop up. Running VIPRE antivirus which has detected several trojans over the past couple days and also have scanned with Malware Bytes, many malicious files found and quarantined, but to no avail- problem still persists. Your assistance in removing this would be most welcome and kindly appreciated. DDS Log posted below and attached. Thank you in advance!!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by PIMPDADDY4 at 14:42:34 on 2014-11-02
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\consent.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd\dyvaqi.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
C:\Users\PIMPDADDY4\AppData\LocalLow\PlayReady\Xnejbblbxhe\iaecloevs\Nhbdtgwszae.exe
C:\Users\PIMPDADDY4\AppData\LocalLow\PlayReady\Xnejbblbxhe\iaecloevs\Nhbdtgwszae.exe
C:\Users\PIMPDADDY4\AppData\LocalLow\PlayReady\Xnejbblbxhe\iaecloevs\Nhbdtgwszae.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
mWinlogon: Userinit = userinit.exe,
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSG.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - 
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll
uRun: [uqabvzhvngaw] regsvr32.exe /s "C:\Users\PIMPDADDY4\AppData\Local\AMD\uqabvzhvngaw.dll"
uRun: [movziuz] rundll32 "C:\Users\PIMPDADDY4\AppData\Local\movziuz.dll",movziuz
uRun: [JotebUboly] regsvr32.exe "C:\ProgramData\JotebUboly\JotebUboly.dat"
uRun: [Ozlafyapywfidu] C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
uRun: [Leebuqipzupy] C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd\dyvaqi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{A9A41BEB-207C-437F-B0AB-1DFD27168267} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R? amdiox64;AMD IO Driver
R? AODDriver4.2;AODDriver4.2
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gfiark;gfiark
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? RTL8167;Realtek 8167 NT Driver
R? sbwtis;sbwtis
R? TsUsbFlt;TsUsbFlt
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AMD FUEL Service;AMD FUEL Service
S? AODDriver4.01;AODDriver4.01
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? cmudaxp;HTO CLARO Audio Interface
S? EPSON_PM_RPCV4_06;EPSON V3 Service4(06)
S? gfiutil;gfiutil
S? MBAMSwissArmy;MBAMSwissArmy
S? SBAMSvc;VIPRE Antivirus
S? sbapifs;sbapifs
S? SBPIMSvc;SB Recovery Service
S? WSDScan;WSD Scan Support via UMB
.
=============== Created Last 30 ================
.
2014-11-02 21:52:26 -------- d-----w- C:\Users\PIMPDADDY4\AppData\Roaming\Xeemeqpo
2014-11-02 21:51:48 -------- d-----w- C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo
2014-11-02 21:46:34 -------- d-----w- C:\ProgramData\JotebUboly
2014-11-02 21:46:24 23552 ----a-w- C:\Users\PIMPDADDY4\AppData\Local\movziuz.dll
2014-11-01 21:13:03 121856 ----a-w- C:\Users\PIMPDADDY4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\21b49a2.exe
2014-11-01 21:09:42 -------- d-----w- C:\Windows\pss
2014-11-01 21:00:16 -------- d-----w- C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd
2014-11-01 20:42:21 121856 ----a-w- C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
2014-11-01 05:11:12 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-01 05:10:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-01 05:10:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-01 05:10:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 00:47:30 -------- d-----w- C:\Users\PIMPDADDY4\AppData\Roaming\FrameworkUpdate7
2014-10-31 00:47:16 -------- d--h--w- C:\21b49a2
2014-10-19 19:40:44 -------- d-----w- C:\Program Files (x86)\EPSON Software
2014-10-16 03:22:38 3241472 ----a-w- C:\Windows\System32\msi.dll
.
==================== Find3M  ====================
.
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 16:59:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 16:59:06 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 14:55:02.10 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 06 November 2014 - 04:45 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 07 November 2014 - 02:16 AM

Hello Georgi,

 

Many thanks for your assistance...sincerely appreciate the help. After posting the DDS log I shut down the machine and it has remained unused and disconnected from the internet until just a short time ago.

 

Here is the FRST log posted and attached as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by PIMPDADDY4 (administrator) on PIMPDADDY4-PC on 06-11-2014 22:02:04
Running from C:\Users\PIMPDADDY4\Desktop
Loaded Profile: PIMPDADDY4 (Available profiles: PIMPDADDY4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
() C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...\Run: [Ozlafyapywfidu] => C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe [288731 2012-08-10] ()
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\PIMPDADDY4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\21b49a2.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE4AAEE9F7B7ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Search) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR StartMenuInternet: Google Chrome - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1447424 2011-09-23] (C-Media Inc)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 22:53 - 2014-11-06 22:53 - 00000104 _____ () C:\Windows\system32\SBRC.dat
2014-11-06 22:02 - 2014-11-06 22:54 - 00012046 _____ () C:\Users\PIMPDADDY4\Desktop\FRST.txt
2014-11-06 21:59 - 2014-11-06 22:04 - 00000000 ____D () C:\FRST
2014-11-06 21:54 - 2014-11-06 21:55 - 02114560 _____ (Farbar) C:\Users\PIMPDADDY4\Desktop\FRST64.exe
2014-11-02 14:55 - 2014-11-02 14:55 - 00014480 _____ () C:\Users\PIMPDADDY4\Desktop\dds.txt
2014-11-02 14:55 - 2014-11-02 14:55 - 00006960 _____ () C:\Users\PIMPDADDY4\Desktop\attach.txt
2014-11-02 14:35 - 2014-11-02 14:36 - 00688992 ____R (Swearware) C:\Users\PIMPDADDY4\Downloads\dds.com
2014-11-02 14:19 - 2014-11-02 14:19 - 00791393 _____ (Lars Hederer ) C:\Users\PIMPDADDY4\Downloads\erunt-setup.exe
2014-11-02 14:16 - 2014-11-02 14:18 - 00003680 _____ () C:\Users\PIMPDADDY4\Desktop\Rkill.txt
2014-11-02 14:03 - 2014-11-02 14:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\PIMPDADDY4\Downloads\iExplore.exe
2014-11-02 13:52 - 2014-11-02 13:52 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Xeemeqpo
2014-11-02 13:51 - 2014-11-02 13:51 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo
2014-11-02 13:46 - 2014-11-06 21:21 - 00000000 ____D () C:\ProgramData\JotebUboly
2014-11-01 13:09 - 2014-11-01 13:10 - 231211280 ____H () C:\Users\PIMPDADDY4\Downloads\House.of.Lies.S02E08.HDTV.x264-2HD.mp4.o06
2014-11-01 13:09 - 2014-11-01 13:09 - 00000000 ____D () C:\Windows\pss
2014-11-01 13:00 - 2014-11-06 21:21 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd
2014-11-01 12:42 - 2014-11-01 12:42 - 00121856 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
2014-10-31 22:17 - 2014-10-31 22:18 - 74973456 ____H () C:\Users\PIMPDADDY4\Downloads\Homeland.S03E01.x264-HOMELAND.mp4.gd7
2014-10-31 21:11 - 2014-11-02 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 21:10 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 17:08 - 2014-10-30 17:08 - 00008536 _____ () C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:08 - 2014-10-30 17:08 - 00004208 _____ () C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:08 - 2014-10-30 17:08 - 00000272 _____ () C:\Users\PIMPDADDY4\Documents\INSTALL_TOR.URL
2014-10-30 17:02 - 2014-10-30 17:02 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:02 - 2014-10-30 17:02 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:02 - 2014-10-30 17:02 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:02 - 2014-10-30 17:02 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:02 - 2014-10-30 17:02 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\INSTALL_TOR.URL
2014-10-30 17:02 - 2014-10-30 17:02 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\INSTALL_TOR.URL
2014-10-30 17:01 - 2014-10-30 17:01 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:01 - 2014-10-30 17:01 - 00008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:01 - 2014-10-30 17:01 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:01 - 2014-10-30 17:01 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:01 - 2014-10-30 17:01 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\Local\INSTALL_TOR.URL
2014-10-30 17:01 - 2014-10-30 17:01 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-30 16:48 - 2014-11-01 12:43 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 16:47 - 2014-11-01 12:43 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 16:47 - 2014-11-01 12:42 - 00000000 ___HD () C:\21b49a2
2014-10-30 16:47 - 2014-11-01 12:42 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\FrameworkUpdate7
2014-10-30 16:47 - 2014-10-30 16:47 - 00000448 ____H () C:\Users\PIMPDADDY4\AppData\Roaming\麽鎒駓覜
2014-10-30 16:46 - 2014-11-02 13:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-10-15 19:23 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:23 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:23 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:23 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:23 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:23 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:23 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 19:23 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 19:23 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 19:23 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 19:23 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 19:23 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 19:23 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:23 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:23 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:23 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 19:23 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 19:23 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:23 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:23 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 19:23 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:23 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 19:22 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 19:22 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 19:22 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:22 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:22 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:22 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 19:22 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 19:22 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 12:30 - 2014-10-15 12:30 - 02070944 _____ () C:\Users\PIMPDADDY4\Downloads\fwd403s.zip
2014-10-15 10:34 - 2014-10-15 10:34 - 03974160 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF Submarkets 10.6.14.xlsx
2014-10-15 10:34 - 2014-10-15 10:34 - 00662224 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF ASN 10.6.14.xlsx
2014-10-10 21:25 - 2014-11-06 22:28 - 00000911 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-11-06 22:27 - 00000725 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-10-10 21:25 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
2014-10-10 21:25 - 2014-10-10 21:25 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 22:39 - 2012-03-22 21:29 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louis CK - 2011 Special- Direct Rip
2014-11-06 22:39 - 2011-10-30 20:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie Season 2
2014-11-06 22:36 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-06 22:28 - 2013-10-05 20:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 22:28 - 2012-11-27 21:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie
2014-11-06 22:24 - 2011-09-23 21:35 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA.job
2014-11-06 22:18 - 2011-11-27 01:05 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Loosies.2011.VODRip.XviD.MP3- SiC
2014-11-06 22:14 - 2013-01-02 11:52 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Looper 2012 DVDRip AC3 XViD-RemixHD
2014-11-06 21:59 - 2013-03-28 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 21:50 - 2012-05-12 17:35 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lionel Richie
2014-11-06 21:50 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:50 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:45 - 2011-07-25 10:31 - 01715219 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 21:38 - 2013-01-08 22:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
2014-11-06 21:27 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:21 - 2013-10-05 20:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 21:21 - 2011-09-23 21:43 - 00369240 _____ () C:\Windows\PFRO.log
2014-11-06 21:21 - 2011-09-23 20:15 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\AMD
2014-11-06 21:21 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 21:21 - 2009-07-13 20:51 - 00043793 _____ () C:\Windows\setupact.log
2014-11-02 13:06 - 2013-01-02 17:43 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Life.Of.Pi.2012.SILVER.TS.XVID-26K
2014-11-01 15:09 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Deployment
2014-11-01 13:46 - 2012-05-14 19:39 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\King Crimson - Discipline 1981 (320k) Progressive
2014-11-01 13:45 - 2013-09-22 08:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Iron Man 2 (2010) DVDRip XviD-MAXSPEED
2014-11-01 13:42 - 2011-09-23 22:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Indiana Jones Quadrilogy 1981 2008 Bluray 720p x264 aac
2014-11-01 13:25 - 2012-03-31 16:30 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Hugo.2011.DVDRip.XviD- AMIABLE
2014-11-01 13:25 - 2012-01-04 01:22 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\iBooks
2014-11-01 13:03 - 2014-03-07 21:36 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S03E04 HDTV x264-2HD[ettv]
2014-11-01 13:02 - 2013-02-24 23:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S02E06 HDTV x264-EVOLVE[ettv]
2014-11-01 13:02 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies
2014-11-01 09:32 - 2011-09-23 21:37 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\uTorrent
2014-11-01 09:31 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Spotify
2014-11-01 08:15 - 2011-09-23 21:35 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core.job
2014-10-31 22:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2014-10-31 22:07 - 2012-01-15 23:40 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Homeland
2014-10-31 21:51 - 2014-07-27 13:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gorillaz discography from Gorillaz (2001) to The Fall (2010) MP3
2014-10-31 21:46 - 2014-06-05 18:27 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Getting Ready and Ring Shots Edit
2014-10-31 21:42 - 2013-02-11 19:06 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gangster Squad 2013 R6 HDRiP XVID 1MPERiUM
2014-10-31 21:38 - 2012-06-02 17:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Fools Rush In
2014-10-31 21:36 - 2012-11-27 21:04 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Episodes
2014-10-31 21:31 - 2013-11-21 14:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Elysium (2013) DVDRip XviD-MAXSPEED
2014-10-31 21:26 - 2011-09-27 21:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Drive.2011.SCR.XviD-playXD
2014-10-31 21:24 - 2013-01-08 22:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Django Unchained 2012 DVDSCR X264 AAC-P2P
2014-10-31 21:18 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 2 of 2
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-31 21:06 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 1 of 2 (1)
2014-10-31 20:59 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Spotify
2014-10-30 18:24 - 2014-06-05 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION, CERAMONY  EDIT
2014-10-30 18:20 - 2012-01-19 00:11 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Dexter
2014-10-30 18:08 - 2013-01-02 17:47 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Cloud.Atlas.2012.READNFO.BRRip.XviD-g3noc1d3
2014-10-30 18:03 - 2013-11-21 14:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Captain Phillips 2013 CAM XViD-UNiQUE
2014-10-30 18:03 - 2012-12-11 22:50 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Christmas (Deluxe Special Edition)
2014-10-30 18:03 - 2012-02-09 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Car Research
2014-10-30 17:54 - 2012-02-15 23:48 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Californication
2014-10-30 17:48 - 2012-07-14 21:15 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Breaking.Bad.Season.4
2014-10-30 17:37 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Boss
2014-10-30 17:20 - 2012-01-25 23:31 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beginners.2010.LIMITED.BDRip.XviD-TARGET
2014-10-30 17:20 - 2011-11-16 21:28 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Black Star
2014-10-30 17:18 - 2013-01-08 22:55 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beasts Of The Southern Wild 2012 LIMITED DVDRip XviD-SPARKS
2014-10-30 17:16 - 2013-01-02 17:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Argo.2012.WEBRip.READNFO.XviD-RESiSTANCE
2014-10-30 17:16 - 2012-11-20 00:20 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\attachments
2014-10-30 17:08 - 2014-08-10 12:13 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\Wedding Album Shots
2014-10-30 17:02 - 2014-01-26 18:24 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\2014_01_26
2014-10-30 17:02 - 2014-01-07 10:47 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\VIPRE
2014-10-30 17:02 - 2013-10-05 18:23 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Intuit
2014-10-30 17:02 - 2013-06-27 17:22 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Canon
2014-10-30 17:02 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Apple Computer
2014-10-30 17:02 - 2011-09-23 20:39 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Adobe
2014-10-30 17:01 - 2014-01-13 12:10 - 00000000 ____D () C:\ProgramData\VIPRE
2014-10-30 17:01 - 2013-11-22 09:19 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-10-30 17:01 - 2013-10-05 18:22 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-30 17:01 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Apple Computer
2014-10-30 17:01 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Google
2014-10-21 19:54 - 2014-06-22 08:18 - 00034928 _____ () C:\Users\PIMPDADDY4\Documents\2014 Personal Budget.xlsx
2014-10-19 19:22 - 2013-10-05 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 19:22 - 2013-10-05 20:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 08:10 - 2011-09-23 21:35 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA
2014-10-18 08:10 - 2011-09-23 21:35 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core
2014-10-16 03:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:38 - 2009-07-13 20:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:18 - 2012-01-05 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2011-09-24 20:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 07:17 - 2013-03-17 21:40 - 00717824 ___SH () C:\Users\PIMPDADDY4\Downloads\Thumbs.db
 
Some content of TEMP:
====================
C:\Users\PIMPDADDY4\AppData\Local\Temp\devcon.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\install_flashplayer11x32au_mssa_aaa_aih.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\lowproc.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\ose00000.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\qskufpm.dll
C:\Users\PIMPDADDY4\AppData\Local\Temp\setup-pscombined-bunndle-1.0-x86x64.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\stubhelper.dll
C:\Users\PIMPDADDY4\AppData\Local\Temp\stuprt.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmp6805.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmp6872.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmp6EA.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmp7B2A.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmp92BD.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\tmpC560.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\UpdateFlashPlayer_38a2c280.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\UpdateFlashPlayer_7879b59a.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\UpdateFlashPlayer_79fe68bb.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\UpdateFlashPlayer_d6edc007.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\uttD678.tmp.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\PIMPDADDY4\AppData\Local\Temp\vlc-2.0.8-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-29 18:59
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 07 November 2014 - 04:55 AM

Your computer is very badly infected with a multitude of viruses.

You also appear to be infected with cryptowall. Check the link below for more information:

CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

 

 

Please go ahead and uninstall the following programs:

 

uTorrentBar Toolbar

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 08 November 2014 - 02:14 AM

Hello Georgi,
 
When I attempted to remove u TorrentBar Toolbar, I got an error message indicating it had already been removed and would I like to remove it from the add/remove programs list? I opted to remove it from the list. I then proceeded to run fix on FRST as you advised and it worked fine. 
 
I am definitely infected with CryptoWall...it seems that it is done scanning my machine and I've got the ransom notes posted in several of the folders that I've casually browsed through to this point. Apparently now that it is done performing its sordid little task, the machine runs a lot more smoothly...though several of those suspect programs noted in my initial post are still running in the background.
 
I read through the information guide you posted and it sounds pretty grim. Again...appreciate any and all help you can provide...Thanks.  
 
FRST Fixlog posted below:
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014
Ran by PIMPDADDY4 at 2014-11-07 22:32:04 Run:1
Running from C:\Users\PIMPDADDY4\Desktop
Loaded Profile: PIMPDADDY4 (Available profiles: PIMPDADDY4)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...\Run: [Ozlafyapywfidu] => C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo\uxroa.exe [288731 2012-08-10] ()
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\PIMPDADDY4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\21b49a2.exe
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-11-02 13:52 - 2014-11-02 13:52 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Xeemeqpo
2014-11-02 13:51 - 2014-11-02 13:51 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo
2014-11-02 13:46 - 2014-11-06 21:21 - 00000000 ____D () C:\ProgramData\JotebUboly
2014-11-01 13:00 - 2014-11-06 21:21 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd
2014-11-01 12:42 - 2014-11-01 12:42 - 00121856 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
2014-10-30 17:08 - 2014-10-30 17:08 - 00008536 _____ () C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:08 - 2014-10-30 17:08 - 00004208 _____ () C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:08 - 2014-10-30 17:08 - 00000272 _____ () C:\Users\PIMPDADDY4\Documents\INSTALL_TOR.URL
2014-10-30 17:02 - 2014-10-30 17:02 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:02 - 2014-10-30 17:02 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:02 - 2014-10-30 17:02 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:02 - 2014-10-30 17:02 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:02 - 2014-10-30 17:02 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\Roaming\INSTALL_TOR.URL
2014-10-30 17:02 - 2014-10-30 17:02 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\INSTALL_TOR.URL
2014-10-30 17:01 - 2014-10-30 17:01 - 00008536 _____ () C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:01 - 2014-10-30 17:01 - 00008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-30 17:01 - 2014-10-30 17:01 - 00004208 _____ () C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:01 - 2014-10-30 17:01 - 00004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-30 17:01 - 2014-10-30 17:01 - 00000272 _____ () C:\Users\PIMPDADDY4\AppData\Local\INSTALL_TOR.URL
2014-10-30 17:01 - 2014-10-30 17:01 - 00000272 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-30 16:48 - 2014-11-01 12:43 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 16:47 - 2014-11-01 12:43 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 16:47 - 2014-11-01 12:42 - 00000000 ___HD () C:\21b49a2
2014-10-30 16:47 - 2014-11-01 12:42 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\FrameworkUpdate7
2014-10-30 16:47 - 2014-10-30 16:47 - 00000448 ____H () C:\Users\PIMPDADDY4\AppData\Roaming\麽鎒駓覜
2014-10-30 16:46 - 2014-11-02 13:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
AlternateDataStreams: C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe:1
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^PIMPDADDY4^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^21b49a2.exe" /f
C:\Windows\pss\21b49a2.exe.Startup
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\21b49a" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\21b49a2" /f
emptytemp:
end
*****************
 
Processes closed successfully.
HKU\S-1-5-21-653642107-481044146-3502075997-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Ozlafyapywfidu => value deleted successfully.
"HKU\S-1-5-21-653642107-481044146-3502075997-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-653642107-481044146-3502075997-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\21b49a2.exe => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
C:\Users\PIMPDADDY4\AppData\Roaming\Xeemeqpo => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\Nyirudo => Moved successfully.
C:\ProgramData\JotebUboly => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe => Moved successfully.
C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\PIMPDADDY4\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\PIMPDADDY4\Documents\INSTALL_TOR.URL => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\PIMPDADDY4\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\INSTALL_TOR.URL => Moved successfully.
C:\Users\PIMPDADDY4\AppData\INSTALL_TOR.URL => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Local\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\21b49a2 => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\FrameworkUpdate7 => Moved successfully.
C:\Users\PIMPDADDY4\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
"C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe" => ":1" ADS not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^PIMPDADDY4^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^21b49a2.exe" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\Windows\pss\21b49a2.exe.Startup => Moved successfully.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\21b49a" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\21b49a2" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 8.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 08 November 2014 - 03:40 AM

Hi,

 

Regarding the log the fix was successful. :)

Just in case to check for leftovers please re-run FRST (make sure that Addition.txt is checked before you press the Scan button) and post both logs in your next reply.

Also let me know how are things after the fix above.

 

We can scan and fix all malware related entries and we can remove all Cryptowall leftovers but the decryption is a different story.

You may visit the page  below at a later stage in attempt to decrypt your files:

https://www.decryptcryptolocker.com/

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 09 November 2014 - 01:37 AM

Hi Georgi,

 

Scan completed pretty quickly this time compared to the last one. The machine seems to be running mostly back to normal subsequent to running the fix on FRST...with the exception of the encrypted files. Here is the log posted and addition.txt attached.

 

Thanks!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by PIMPDADDY4 (administrator) on PIMPDADDY4-PC on 08-11-2014 22:31:52
Running from C:\Users\PIMPDADDY4\Desktop
Loaded Profile: PIMPDADDY4 (Available profiles: PIMPDADDY4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...\Run: [21b49a2] => C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE4AAEE9F7B7ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Search) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR StartMenuInternet: Google Chrome - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1447424 2011-09-23] (C-Media Inc)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 22:31 - 2014-11-08 22:31 - 00000000 ____D () C:\Users\PIMPDADDY4\Desktop\FRST-OlderVersion
2014-11-07 22:31 - 2014-11-07 22:32 - 177209616 ____H () C:\Users\PIMPDADDY4\Downloads\Masters.of.Sex.S01E07.HDTV.x264-KILLERS.mp4.06h
2014-11-06 22:57 - 2014-11-06 22:58 - 00028112 _____ () C:\Users\PIMPDADDY4\Desktop\Addition.txt
2014-11-06 22:02 - 2014-11-08 22:32 - 00010934 _____ () C:\Users\PIMPDADDY4\Desktop\FRST.txt
2014-11-06 21:59 - 2014-11-08 22:31 - 00000000 ____D () C:\FRST
2014-11-06 21:54 - 2014-11-08 22:31 - 02115584 _____ (Farbar) C:\Users\PIMPDADDY4\Desktop\FRST64.exe
2014-11-02 14:55 - 2014-11-02 14:55 - 00014480 _____ () C:\Users\PIMPDADDY4\Desktop\dds.txt
2014-11-02 14:55 - 2014-11-02 14:55 - 00006960 _____ () C:\Users\PIMPDADDY4\Desktop\attach.txt
2014-11-02 14:35 - 2014-11-02 14:36 - 00688992 ____R (Swearware) C:\Users\PIMPDADDY4\Downloads\dds.com
2014-11-02 14:19 - 2014-11-02 14:19 - 00791393 _____ (Lars Hederer ) C:\Users\PIMPDADDY4\Downloads\erunt-setup.exe
2014-11-02 14:16 - 2014-11-02 14:18 - 00003680 _____ () C:\Users\PIMPDADDY4\Desktop\Rkill.txt
2014-11-02 14:03 - 2014-11-02 14:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\PIMPDADDY4\Downloads\iExplore.exe
2014-11-01 13:09 - 2014-11-07 22:32 - 00000000 ____D () C:\Windows\pss
2014-11-01 13:09 - 2014-11-01 13:10 - 231211280 ____H () C:\Users\PIMPDADDY4\Downloads\House.of.Lies.S02E08.HDTV.x264-2HD.mp4.o06
2014-10-31 22:17 - 2014-10-31 22:18 - 74973456 ____H () C:\Users\PIMPDADDY4\Downloads\Homeland.S03E01.x264-HOMELAND.mp4.gd7
2014-10-31 21:11 - 2014-11-02 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 21:10 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-10-15 19:23 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:23 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:23 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:23 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:23 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:23 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:23 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 19:23 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 19:23 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 19:23 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 19:23 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 19:23 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 19:23 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:23 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:23 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:23 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 19:23 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 19:23 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:23 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:23 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 19:23 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:23 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 19:22 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 19:22 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 19:22 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:22 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:22 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:22 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 19:22 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 19:22 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 12:30 - 2014-10-15 12:30 - 02070944 _____ () C:\Users\PIMPDADDY4\Downloads\fwd403s.zip
2014-10-15 10:34 - 2014-10-15 10:34 - 03974160 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF Submarkets 10.6.14.xlsx
2014-10-15 10:34 - 2014-10-15 10:34 - 00662224 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF ASN 10.6.14.xlsx
2014-10-10 21:25 - 2014-11-08 22:25 - 00000911 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-11-08 22:25 - 00000725 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-10-10 21:25 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
2014-10-10 21:25 - 2014-10-10 21:25 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-08 22:27 - 2013-10-05 20:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 22:27 - 2011-07-25 10:31 - 01761996 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 22:25 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-08 22:15 - 2011-09-23 21:35 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA.job
2014-11-08 21:59 - 2013-03-28 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 20:27 - 2013-10-05 20:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 09:24 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 09:24 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 09:16 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 09:16 - 2009-07-13 20:51 - 00043961 _____ () C:\Windows\setupact.log
2014-11-07 22:56 - 2011-09-23 21:43 - 00370230 _____ () C:\Windows\PFRO.log
2014-11-07 22:25 - 2012-03-22 21:29 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louis CK - 2011 Special- Direct Rip
2014-11-07 22:24 - 2011-09-23 22:20 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\foobar2000
2014-11-06 22:39 - 2011-10-30 20:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie Season 2
2014-11-06 22:28 - 2012-11-27 21:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie
2014-11-06 22:18 - 2011-11-27 01:05 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Loosies.2011.VODRip.XviD.MP3- SiC
2014-11-06 22:14 - 2013-01-02 11:52 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Looper 2012 DVDRip AC3 XViD-RemixHD
2014-11-06 21:50 - 2012-05-12 17:35 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lionel Richie
2014-11-06 21:38 - 2013-01-08 22:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
2014-11-06 21:27 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:21 - 2011-09-23 20:15 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\AMD
2014-11-02 13:06 - 2013-01-02 17:43 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Life.Of.Pi.2012.SILVER.TS.XVID-26K
2014-11-01 15:09 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Deployment
2014-11-01 13:46 - 2012-05-14 19:39 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\King Crimson - Discipline 1981 (320k) Progressive
2014-11-01 13:45 - 2013-09-22 08:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Iron Man 2 (2010) DVDRip XviD-MAXSPEED
2014-11-01 13:42 - 2011-09-23 22:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Indiana Jones Quadrilogy 1981 2008 Bluray 720p x264 aac
2014-11-01 13:25 - 2012-03-31 16:30 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Hugo.2011.DVDRip.XviD- AMIABLE
2014-11-01 13:25 - 2012-01-04 01:22 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\iBooks
2014-11-01 13:03 - 2014-03-07 21:36 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S03E04 HDTV x264-2HD[ettv]
2014-11-01 13:02 - 2013-02-24 23:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S02E06 HDTV x264-EVOLVE[ettv]
2014-11-01 13:02 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies
2014-11-01 09:32 - 2011-09-23 21:37 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\uTorrent
2014-11-01 09:31 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Spotify
2014-11-01 08:15 - 2011-09-23 21:35 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core.job
2014-10-31 22:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2014-10-31 22:07 - 2012-01-15 23:40 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Homeland
2014-10-31 21:51 - 2014-07-27 13:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gorillaz discography from Gorillaz (2001) to The Fall (2010) MP3
2014-10-31 21:46 - 2014-06-05 18:27 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Getting Ready and Ring Shots Edit
2014-10-31 21:42 - 2013-02-11 19:06 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gangster Squad 2013 R6 HDRiP XVID 1MPERiUM
2014-10-31 21:38 - 2012-06-02 17:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Fools Rush In
2014-10-31 21:36 - 2012-11-27 21:04 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Episodes
2014-10-31 21:31 - 2013-11-21 14:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Elysium (2013) DVDRip XviD-MAXSPEED
2014-10-31 21:26 - 2011-09-27 21:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Drive.2011.SCR.XviD-playXD
2014-10-31 21:24 - 2013-01-08 22:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Django Unchained 2012 DVDSCR X264 AAC-P2P
2014-10-31 21:18 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 2 of 2
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-31 21:06 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 1 of 2 (1)
2014-10-31 20:59 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Spotify
2014-10-30 18:24 - 2014-06-05 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION, CERAMONY  EDIT
2014-10-30 18:20 - 2012-01-19 00:11 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Dexter
2014-10-30 18:08 - 2013-01-02 17:47 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Cloud.Atlas.2012.READNFO.BRRip.XviD-g3noc1d3
2014-10-30 18:03 - 2013-11-21 14:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Captain Phillips 2013 CAM XViD-UNiQUE
2014-10-30 18:03 - 2012-12-11 22:50 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Christmas (Deluxe Special Edition)
2014-10-30 18:03 - 2012-02-09 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Car Research
2014-10-30 17:54 - 2012-02-15 23:48 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Californication
2014-10-30 17:48 - 2012-07-14 21:15 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Breaking.Bad.Season.4
2014-10-30 17:37 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Boss
2014-10-30 17:20 - 2012-01-25 23:31 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beginners.2010.LIMITED.BDRip.XviD-TARGET
2014-10-30 17:20 - 2011-11-16 21:28 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Black Star
2014-10-30 17:18 - 2013-01-08 22:55 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beasts Of The Southern Wild 2012 LIMITED DVDRip XviD-SPARKS
2014-10-30 17:16 - 2013-01-02 17:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Argo.2012.WEBRip.READNFO.XviD-RESiSTANCE
2014-10-30 17:16 - 2012-11-20 00:20 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\attachments
2014-10-30 17:08 - 2014-08-10 12:13 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\Wedding Album Shots
2014-10-30 17:02 - 2014-01-26 18:24 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\2014_01_26
2014-10-30 17:02 - 2014-01-07 10:47 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\VIPRE
2014-10-30 17:02 - 2013-10-05 18:23 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Intuit
2014-10-30 17:02 - 2013-06-27 17:22 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Canon
2014-10-30 17:02 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Apple Computer
2014-10-30 17:02 - 2011-09-23 20:39 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Adobe
2014-10-30 17:01 - 2014-01-13 12:10 - 00000000 ____D () C:\ProgramData\VIPRE
2014-10-30 17:01 - 2013-11-22 09:19 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-10-30 17:01 - 2013-10-05 18:22 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-30 17:01 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Apple Computer
2014-10-30 17:01 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Google
2014-10-21 19:54 - 2014-06-22 08:18 - 00034928 _____ () C:\Users\PIMPDADDY4\Documents\2014 Personal Budget.xlsx
2014-10-19 19:22 - 2013-10-05 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 19:22 - 2013-10-05 20:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 08:10 - 2011-09-23 21:35 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA
2014-10-18 08:10 - 2011-09-23 21:35 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core
2014-10-16 03:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:38 - 2009-07-13 20:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:18 - 2012-01-05 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2011-09-24 20:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 07:17 - 2013-03-17 21:40 - 00717824 ___SH () C:\Users\PIMPDADDY4\Downloads\Thumbs.db
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-08 09:46
 
==================== End Of Log ============================

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 09 November 2014 - 06:33 AM

Hi,

 

 

The log look better but we should remove a few leftovers of malware on the system.
 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next please rerun FRST for one last time and run a fresh scan make sure that Addition.txt is checked). Post back the logs in your next reply. :)

 

Regards,
Georgi


Edited by B-boy/StyLe/, 10 November 2014 - 04:33 AM.
typo.

cXfZ4wS.png


#9 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 09 November 2014 - 09:12 PM

Hi Georgi,

 

OK, so I ran the fix and scanned again. Here is the fixlog and the subsequent scan log after...also posting addition.txt as an attachment.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by PIMPDADDY4 at 2014-11-09 12:26:57 Run:2
Running from C:\Users\PIMPDADDY4\Desktop
Loaded Profile: PIMPDADDY4 (Available profiles: PIMPDADDY4)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-653642107-481044146-3502075997-1002\...\Run: [21b49a2] => C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
ListPermissions: C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
Unlock: C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe
C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg/Leebuqipzupy" /f
end
*****************
 
Processes closed successfully.
HKU\S-1-5-21-653642107-481044146-3502075997-1002\Software\Microsoft\Windows\CurrentVersion\Run\\21b49a2 => value deleted successfully.
 
"C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe -> Listing permissions failed. File\Directory not found.
"C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe" => Not found.
"C:\Users\PIMPDADDY4\AppData\Roaming\21b49a2.exe" => File/Directory not found.
"C:\Users\PIMPDADDY4\AppData\Roaming\Uvvaugd" => File/Directory not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg/Leebuqipzupy" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by PIMPDADDY4 (administrator) on PIMPDADDY4-PC on 09-11-2014 15:14:33
Running from C:\Users\PIMPDADDY4\Desktop
Loaded Profile: PIMPDADDY4 (Available profiles: PIMPDADDY4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE4AAEE9F7B7ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E732D739-126E-4E43-890D-F5A372DB012B} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-653642107-481044146-3502075997-1002: @tools.google.com/Google Update;version=3 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-653642107-481044146-3502075997-1002: @tools.google.com/Google Update;version=9 -> C:\Users\PIMPDADDY4\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Search) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR StartMenuInternet: Google Chrome - C:\Users\PIMPDADDY4\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1447424 2011-09-23] (C-Media Inc)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 22:31 - 2014-11-09 12:26 - 00000000 ____D () C:\Users\PIMPDADDY4\Desktop\FRST-OlderVersion
2014-11-07 22:31 - 2014-11-07 22:32 - 177209616 ____H () C:\Users\PIMPDADDY4\Downloads\Masters.of.Sex.S01E07.HDTV.x264-KILLERS.mp4.06h
2014-11-06 22:57 - 2014-11-08 22:33 - 00027108 _____ () C:\Users\PIMPDADDY4\Desktop\Addition.txt
2014-11-06 22:02 - 2014-11-09 15:15 - 00010644 _____ () C:\Users\PIMPDADDY4\Desktop\FRST.txt
2014-11-06 21:59 - 2014-11-09 15:14 - 00000000 ____D () C:\FRST
2014-11-06 21:54 - 2014-11-09 12:26 - 02116096 _____ (Farbar) C:\Users\PIMPDADDY4\Desktop\FRST64.exe
2014-11-02 14:55 - 2014-11-02 14:55 - 00014480 _____ () C:\Users\PIMPDADDY4\Desktop\dds.txt
2014-11-02 14:55 - 2014-11-02 14:55 - 00006960 _____ () C:\Users\PIMPDADDY4\Desktop\attach.txt
2014-11-02 14:35 - 2014-11-02 14:36 - 00688992 ____R (Swearware) C:\Users\PIMPDADDY4\Downloads\dds.com
2014-11-02 14:19 - 2014-11-02 14:19 - 00791393 _____ (Lars Hederer ) C:\Users\PIMPDADDY4\Downloads\erunt-setup.exe
2014-11-02 14:16 - 2014-11-02 14:18 - 00003680 _____ () C:\Users\PIMPDADDY4\Desktop\Rkill.txt
2014-11-02 14:03 - 2014-11-02 14:04 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\PIMPDADDY4\Downloads\iExplore.exe
2014-11-01 13:09 - 2014-11-07 22:32 - 00000000 ____D () C:\Windows\pss
2014-11-01 13:09 - 2014-11-01 13:10 - 231211280 ____H () C:\Users\PIMPDADDY4\Downloads\House.of.Lies.S02E08.HDTV.x264-2HD.mp4.o06
2014-10-31 22:17 - 2014-10-31 22:18 - 74973456 ____H () C:\Users\PIMPDADDY4\Downloads\Homeland.S03E01.x264-HOMELAND.mp4.gd7
2014-10-31 21:11 - 2014-11-02 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-31 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 21:10 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 21:10 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-10-19 11:40 - 2014-10-19 11:40 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-10-15 19:23 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:23 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:23 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:23 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:23 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:23 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:23 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:23 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:23 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 19:23 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:23 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 19:23 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 19:23 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 19:23 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 19:23 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 19:23 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 19:23 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 19:23 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 19:23 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:23 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:23 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:23 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:23 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 19:23 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 19:23 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 19:23 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 19:23 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:23 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 19:23 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:23 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 19:23 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:23 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 19:23 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:23 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:23 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:23 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 19:23 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 19:22 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 19:22 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 19:22 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:22 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:22 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:22 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 19:22 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 19:22 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 19:22 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 19:22 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 19:22 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 12:30 - 2014-10-15 12:30 - 02070944 _____ () C:\Users\PIMPDADDY4\Downloads\fwd403s.zip
2014-10-15 10:34 - 2014-10-15 10:34 - 03974160 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF Submarkets 10.6.14.xlsx
2014-10-15 10:34 - 2014-10-15 10:34 - 00662224 _____ () C:\Users\PIMPDADDY4\Downloads\403 SF ASN 10.6.14.xlsx
2014-10-10 21:25 - 2014-11-09 14:25 - 00000911 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-11-09 14:25 - 00000725 _____ () C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}.job
2014-10-10 21:25 - 2014-10-10 21:25 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Update {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
2014-10-10 21:25 - 2014-10-10 21:25 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON WF-4630 Series Invitation {E37D5761-45F1-40CF-A3ED-B00E358CC2BE}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 15:15 - 2011-09-23 21:35 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA.job
2014-11-09 14:59 - 2013-03-28 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 14:27 - 2013-10-05 20:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 14:25 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-09 12:57 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 12:57 - 2009-07-13 20:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 12:53 - 2011-07-25 10:31 - 01766121 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 12:49 - 2013-10-05 20:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 12:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 12:49 - 2009-07-13 20:51 - 00044017 _____ () C:\Windows\setupact.log
2014-11-09 09:15 - 2011-09-23 21:35 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core.job
2014-11-07 22:56 - 2011-09-23 21:43 - 00370230 _____ () C:\Windows\PFRO.log
2014-11-07 22:25 - 2012-03-22 21:29 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louis CK - 2011 Special- Direct Rip
2014-11-07 22:24 - 2011-09-23 22:20 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\foobar2000
2014-11-06 22:39 - 2011-10-30 20:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie Season 2
2014-11-06 22:28 - 2012-11-27 21:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Louie
2014-11-06 22:18 - 2011-11-27 01:05 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Loosies.2011.VODRip.XviD.MP3- SiC
2014-11-06 22:14 - 2013-01-02 11:52 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Looper 2012 DVDRip AC3 XViD-RemixHD
2014-11-06 21:50 - 2012-05-12 17:35 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lionel Richie
2014-11-06 21:38 - 2013-01-08 22:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
2014-11-06 21:27 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:21 - 2011-09-23 20:15 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\AMD
2014-11-02 13:06 - 2013-01-02 17:43 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Life.Of.Pi.2012.SILVER.TS.XVID-26K
2014-11-01 15:09 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Deployment
2014-11-01 13:46 - 2012-05-14 19:39 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\King Crimson - Discipline 1981 (320k) Progressive
2014-11-01 13:45 - 2013-09-22 08:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Iron Man 2 (2010) DVDRip XviD-MAXSPEED
2014-11-01 13:42 - 2011-09-23 22:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Indiana Jones Quadrilogy 1981 2008 Bluray 720p x264 aac
2014-11-01 13:25 - 2012-03-31 16:30 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Hugo.2011.DVDRip.XviD- AMIABLE
2014-11-01 13:25 - 2012-01-04 01:22 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\iBooks
2014-11-01 13:03 - 2014-03-07 21:36 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S03E04 HDTV x264-2HD[ettv]
2014-11-01 13:02 - 2013-02-24 23:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies S02E06 HDTV x264-EVOLVE[ettv]
2014-11-01 13:02 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\House of Lies
2014-11-01 09:32 - 2011-09-23 21:37 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\uTorrent
2014-11-01 09:31 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Spotify
2014-10-31 22:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2014-10-31 22:07 - 2012-01-15 23:40 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Homeland
2014-10-31 21:51 - 2014-07-27 13:03 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gorillaz discography from Gorillaz (2001) to The Fall (2010) MP3
2014-10-31 21:46 - 2014-06-05 18:27 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Getting Ready and Ring Shots Edit
2014-10-31 21:42 - 2013-02-11 19:06 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Gangster Squad 2013 R6 HDRiP XVID 1MPERiUM
2014-10-31 21:38 - 2012-06-02 17:23 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Fools Rush In
2014-10-31 21:36 - 2012-11-27 21:04 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Episodes
2014-10-31 21:31 - 2013-11-21 14:56 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Elysium (2013) DVDRip XviD-MAXSPEED
2014-10-31 21:26 - 2011-09-27 21:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Drive.2011.SCR.XviD-playXD
2014-10-31 21:24 - 2013-01-08 22:53 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Django Unchained 2012 DVDSCR X264 AAC-P2P
2014-10-31 21:18 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 2 of 2
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 21:10 - 2012-11-14 23:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-31 21:06 - 2014-05-31 15:44 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION,Rehersal Dinner EDIT 1 of 2 (1)
2014-10-31 20:59 - 2011-10-14 22:43 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Spotify
2014-10-30 18:24 - 2014-06-05 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\DION, CERAMONY  EDIT
2014-10-30 18:20 - 2012-01-19 00:11 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Dexter
2014-10-30 18:08 - 2013-01-02 17:47 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Cloud.Atlas.2012.READNFO.BRRip.XviD-g3noc1d3
2014-10-30 18:03 - 2013-11-21 14:57 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Captain Phillips 2013 CAM XViD-UNiQUE
2014-10-30 18:03 - 2012-12-11 22:50 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Christmas (Deluxe Special Edition)
2014-10-30 18:03 - 2012-02-09 19:07 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Car Research
2014-10-30 17:54 - 2012-02-15 23:48 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Californication
2014-10-30 17:48 - 2012-07-14 21:15 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Breaking.Bad.Season.4
2014-10-30 17:37 - 2012-01-19 00:12 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Boss
2014-10-30 17:20 - 2012-01-25 23:31 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beginners.2010.LIMITED.BDRip.XviD-TARGET
2014-10-30 17:20 - 2011-11-16 21:28 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Black Star
2014-10-30 17:18 - 2013-01-08 22:55 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Beasts Of The Southern Wild 2012 LIMITED DVDRip XviD-SPARKS
2014-10-30 17:16 - 2013-01-02 17:45 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\Argo.2012.WEBRip.READNFO.XviD-RESiSTANCE
2014-10-30 17:16 - 2012-11-20 00:20 - 00000000 ____D () C:\Users\PIMPDADDY4\Downloads\attachments
2014-10-30 17:08 - 2014-08-10 12:13 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\Wedding Album Shots
2014-10-30 17:02 - 2014-01-26 18:24 - 00000000 ____D () C:\Users\PIMPDADDY4\Documents\2014_01_26
2014-10-30 17:02 - 2014-01-07 10:47 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\VIPRE
2014-10-30 17:02 - 2013-10-05 18:23 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Intuit
2014-10-30 17:02 - 2013-06-27 17:22 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Canon
2014-10-30 17:02 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Apple Computer
2014-10-30 17:02 - 2011-09-23 20:39 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Roaming\Adobe
2014-10-30 17:01 - 2014-01-13 12:10 - 00000000 ____D () C:\ProgramData\VIPRE
2014-10-30 17:01 - 2013-11-22 09:19 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-10-30 17:01 - 2013-10-05 18:22 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-30 17:01 - 2011-12-30 22:00 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Apple Computer
2014-10-30 17:01 - 2011-09-23 21:35 - 00000000 ____D () C:\Users\PIMPDADDY4\AppData\Local\Google
2014-10-21 19:54 - 2014-06-22 08:18 - 00034928 _____ () C:\Users\PIMPDADDY4\Documents\2014 Personal Budget.xlsx
2014-10-19 19:22 - 2013-10-05 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 19:22 - 2013-10-05 20:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 08:10 - 2011-09-23 21:35 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002UA
2014-10-18 08:10 - 2011-09-23 21:35 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-653642107-481044146-3502075997-1002Core
2014-10-16 03:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:38 - 2009-07-13 20:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:18 - 2012-01-05 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2011-09-24 20:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 07:17 - 2013-03-17 21:40 - 00717824 ___SH () C:\Users\PIMPDADDY4\Downloads\Thumbs.db
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-08 09:46
 
==================== End Of Log ============================

 



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 10 November 2014 - 04:38 AM

Hi,

 

You forgot to attach the Addition.txt? :)

The FRST.txt log look good now.

 

 

Next let's make a few other scans just in case:

 

 

STEP 1

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 2

 

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 3

 

logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png

 

 

That's it for now.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#11 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 11 November 2014 - 01:58 AM

Hi Georgi,

 

So I did...my apologies...addition.txt from yesterday's scan attached here. I will start running through the other steps in your reply now and will post the results as soon as possible. Not sure I have enough time to get through them in one shot, so please give me a day or two just in case...

 

Thanks!

 

 

Attached Files



#12 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 11 November 2014 - 02:28 AM

OK...so I made the time...=)

 

Step 1 complete...here is RogueKiller Log:

 

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : PIMPDADDY4 [Administrator]
Mode : Scan -- Date : 11/10/2014  23:05:37
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI SCSI Disk Device +++++
--- User ---
[MBR] d7e8614f7c08d21ad6c4b699751a1faf
[BSP] adbd152e5ca81e68328c163f0c3abeb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Hitachi HDS721010CLA SCSI Disk Device +++++
--- User ---
[MBR] 928c7f1ea41347ea94c6f23d507c94ef
[BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive2: SAMSUNG HD204UI SCSI Disk Device +++++
--- User ---
[MBR] 014ac1488bcd6d0ad7cb1ede9dfb64b3
[BSP] aa3d68eb5a3ff08196726c7dd37d6084 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
Now on to Step 2...Malwarebytes Scan:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/10/2014
Scan Time: 11:09:34 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.11.02
Rootkit Database: v2014.11.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PIMPDADDY4
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317035
Time Elapsed: 11 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
And Step 3...ESET Poweliks:
 
 
[2014.11.10 23:26:20.656] - Begin
[2014.11.10 23:26:20.656] - 
[2014.11.10 23:26:20.659] -     ....................................
[2014.11.10 23:26:20.660] -   ..::::::::::::::::::....................
[2014.11.10 23:26:20.661] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.10 23:26:20.663] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.10 23:26:20.665] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.10 23:26:20.666] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.10 23:26:20.668] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.10 23:26:20.668] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.10 23:26:20.669] -     ....................................
[2014.11.10 23:26:20.669] - 
[2014.11.10 23:26:20.669] - --------------------------------------------------------------------------------
[2014.11.10 23:26:20.669] - 
[2014.11.10 23:26:20.670] - INFO: OS: 6.1.7601 SP1
[2014.11.10 23:26:20.670] - INFO: Product Type: Workstation
[2014.11.10 23:26:20.671] - INFO: WoW64: True
[2014.11.10 23:26:20.671] - INFO: Machine guid: D401C312-1C84-4DAC-B660-92B2E6554FA6 
[2014.11.10 23:26:20.671] - 
[2014.11.10 23:26:22.646] - INFO: Scanning for system infection...
[2014.11.10 23:26:22.646] - --------------------------------------------------------------------------------
[2014.11.10 23:26:22.646] - 
[2014.11.10 23:26:22.646] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.10 23:26:22.647] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.10 23:26:22.647] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.10 23:26:22.648] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.10 23:26:22.648] - INFO: Processing classes...
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{08FB66B9-2D2D-4B35-A747-D5D9E9F472E2}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
[2014.11.10 23:26:22.649] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{1793FE32-120E-4D33-8BE9-19EF4AD165F6}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{21902B91-1E80-4282-AFDE-AB014CB4ED5A}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{220DFF67-87CE-4D26-8020-27E0B554A880}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
[2014.11.10 23:26:22.651] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{3A6EE5C3-7A28-452B-832D-08FE74C7EEAD}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{546958A5-5C48-48BE-9396-599811623E60}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
[2014.11.10 23:26:22.652] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{A1436E43-F58F-4D3B-B908-B6DA44563B00}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{A480C024-04D0-4F28-8CF0-ADACE2BD839C}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{B41AD4BE-25BA-4A51-A0BB-FC1584E316F1}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}]
[2014.11.10 23:26:22.653] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{CD221623-4F9A-4FA5-A9EE-A77EC8F0E7BD}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{DBFA3C03-20D5-4EE5-8C06-B8C4C2B71783}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{FD10EA6A-0D14-4AA2-A376-0C8D51CA8779}]
[2014.11.10 23:26:22.654] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
[2014.11.10 23:26:22.656] - INFO: Processing clsid [\Registry\User\S-1-5-21-653642107-481044146-3502075997-1002\SOFTWARE\Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}]
[2014.11.10 23:26:22.657] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 23:26:22.659] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.662] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.662] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 23:26:22.662] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.662] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.662] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.662] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 23:26:22.663] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 23:26:22.663] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.10 23:26:22.666] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.10 23:26:22.669] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.10 23:26:22.669] - INFO: Win32/Poweliks not found
[2014.11.10 23:26:43.699] - End
 
 


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 11 November 2014 - 07:57 AM

Hi,

 

Nice work. We are almost there. :)

 

 

STEP 1

 

 

Please re-run RogueKiller.
Wait until Prescan has finished.
Click on Scan.
Now click the Registry tab and locate these:
 

[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} -> Found

Place a checkmark on them, leave the others unchecked.
Now press the Delete button.

When it is finished click on the Report button and save the log to a folder of your choice.

Post the log in your next reply.

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

That's if for now. :)

 

Regards,

Georgi


cXfZ4wS.png


#14 shomer

shomer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 12 November 2014 - 01:50 AM

Hello Georgi,

 

Ok...all three steps completed and accompanying logs posted in order below. All registry keys were deleted with Rogue Killer as directed.

 

 

 

 

 

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : PIMPDADDY4 [Administrator]
Mode : Delete -- Date : 11/11/2014  22:30:02
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} -> Deleted
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} -> Deleted
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI SCSI Disk Device +++++
--- User ---
[MBR] d7e8614f7c08d21ad6c4b699751a1faf
[BSP] adbd152e5ca81e68328c163f0c3abeb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Hitachi HDS721010CLA SCSI Disk Device +++++
--- User ---
[MBR] 928c7f1ea41347ea94c6f23d507c94ef
[BSP] 9f92ebe1d0fc88fdd3e9e5c0f0b2867c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive2: SAMSUNG HD204UI SCSI Disk Device +++++
--- User ---
[MBR] 014ac1488bcd6d0ad7cb1ede9dfb64b3
[BSP] aa3d68eb5a3ff08196726c7dd37d6084 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
============================================
RKreport_SCN_11102014_230537.log - RKreport_SCN_11112014_222815.log
 
 
 
 
 
# AdwCleaner v4.101 - Report created 11/11/2014 at 22:40:27
# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : PIMPDADDY4 - PIMPDADDY4-PC
# Running from : C:\Users\PIMPDADDY4\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\PIMPDADDY4\AppData\Local\Conduit
Folder Deleted : C:\Users\PIMPDADDY4\AppData\LocalLow\Conduit
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\answers.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [2782 octets] - [11/11/2014 22:34:10]
AdwCleaner[S0].txt - [2749 octets] - [11/11/2014 22:40:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2809 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by PIMPDADDY4 on Tue 11/11/2014 at 22:45:00.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/11/2014 at 22:47:05.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:42 AM

Posted 12 November 2014 - 05:12 PM

Hi,

 

 

Nice work! Just in case please go through the steps below and post back the results:

 

 

STEP 1
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users