TechSpot

Safe mode works well, normal startup is very slow

By FlyerT
Dec 15, 2014
  1. My computer starts in Safe Mode without issue. Unfortunately, normal start-up is extremely slow and unresponsive. Any help that is offered is greatly appreciated!

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 12/15/2014
    Scan Time: 5:10:21 PM
    Logfile:
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2014.12.15.05
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Todd
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 323602
    Time Elapsed: 28 min, 29 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.17420
    Run by Todd at 17:48:20 on 2014-12-15
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3572.2238 [GMT -5:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "c:\users\todd\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.mit.edu/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 89.101.160.4 89.101.160.5
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7} : DHCPNameServer = 89.101.160.4 89.101.160.5
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\2456C6B696E6F5E4F575962756C6563737F5236364242493 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\2456C6B696E6F5E4F575962756C6563737F5838344931344 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\4497E65687 : DHCPNameServer = 192.168.2.1 70.45.95.8 70.45.95.9
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\7657563747 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\84F6C6D6563735C6963656 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7}\A47565562796A7F6E6 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-10 343664]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-8-31 21256]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-8-31 146448]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-8-31 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-10 70728]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-10 114904]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-10 91672]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-10 43288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-12 102912]
    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-12-10 79576]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-10 65448]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2010-6-21 78720]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2010-6-21 228352]
    S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-6-21 156544]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2014-12-15 13:48:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-14 23:05:13 -------- d-----w- c:\windows\ERUNT
    2014-12-13 23:55:49 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-13 23:55:48 -------- d-----w- c:\programdata\RogueKiller
    2014-12-13 16:27:09 -------- d-----w- C:\AdwCleaner
    2014-12-12 19:03:37 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{becdc974-fcf3-4d54-b0cc-245f874ab621}\mpengine.dll
    2014-12-12 18:53:32 155136 ----a-w- c:\windows\system32\charmap.exe
    2014-12-12 18:53:13 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
    2014-12-12 18:53:12 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2014-12-12 18:53:12 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2014-12-12 18:53:12 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2014-12-12 18:53:12 145920 ----a-w- c:\windows\system32\WsmAuto.dll
    2014-12-10 08:34:36 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-10 08:31:34 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 08:31:34 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-12-10 08:31:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-12-06 22:16:39 -------- d-----w- c:\users\todd\appdata\local\gtk-2.0
    2014-12-06 22:16:39 -------- d-----w- c:\users\todd\.thumbnails
    2014-12-06 20:48:24 -------- d-----w- c:\users\todd\appdata\local\fontconfig
    2014-12-06 20:48:08 -------- d-----w- c:\users\todd\.gimp-2.8
    2014-12-06 20:48:07 -------- d-----w- c:\users\todd\appdata\local\gegl-0.2
    2014-11-19 00:01:14 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-19 00:01:14 186880 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-18 19:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
    .
    ==================== Find3M ====================
    .
    2014-11-21 11:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-06 03:28:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-06 03:28:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-06 03:13:43 501248 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-06 03:13:36 62464 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-06 03:12:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-06 03:10:58 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-06 02:59:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-06 02:59:34 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-06 02:58:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-06 02:51:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-06 02:42:36 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-06 02:21:49 4298240 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-06 02:21:25 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-06 02:20:37 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-06 01:52:35 1892864 ----a-w- c:\windows\system32\wininet.dll
    2014-11-05 17:50:47 254464 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-05 17:50:28 203776 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-05 17:47:40 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-04 19:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
    2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
    2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
    2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
    .
    ============= FINISH: 17:52:53.08 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/10/2010 6:28:06 PM
    System Uptime: 12/15/2014 4:54:36 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G868N
    Processor: Intel(R) Core(TM)2 Duo CPU T9550 @ 2.66GHz | Microprocessor | 773/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 23.643 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Reader XI (11.0.09)
    Adolix Split and Merge PDF v2.1
    ArcSoft Software Suite
    BurnAware Free 2.4.5
    Cisco AnyConnect VPN Client
    GAMS Distribution 23.6.4
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Photo Creations
    HP Photosmart Plus B210 series Basic Device Software
    HP Photosmart Plus B210 series Help
    HP Photosmart Plus B210 series Product Improvement Study
    HP Update
    JACOBIAN IDE
    Malwarebytes Anti-Malware version 2.0.4.1028
    McAfee Agent
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nikon Message Center
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OGA Notifier 2.0.0048.0
    ooVoo
    PictureProject
    Rosetta Stone Ltd Services
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
    Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    Skype Toolbars
    Skype™ 6.11
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veetle TV
    Viscom Store Image Viewer
    XnView 2.03
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/15/2014 4:56:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    12/15/2014 4:16:40 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    12/15/2014 4:15:15 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/15/2014 4:09:55 PM, Error: Service Control Manager [7022] - The McAfee McShield service hung on starting.
    12/15/2014 4:09:24 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    12/15/2014 4:09:13 PM, Error: Service Control Manager [7022] - The IP Helper service hung on starting.
    12/15/2014 4:08:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12/15/2014 3:23:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/15/2014 2:58:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/15/2014 2:58:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/15/2014 2:58:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/15/2014 2:58:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/15/2014 2:58:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/15/2014 2:57:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mfehidk spldr Wanarpv6
    12/15/2014 2:57:59 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    12/15/2014 2:57:59 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/15/2014 11:08:27 AM, Error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. FlyerT

    FlyerT TS Rookie Topic Starter

    Greetings, Broni! I am still having a lot of difficulty starting the computer in Normal mode. It takes approximately 20 minutes to start my computer in this mode. However, I was able to complete the actions above as requested.

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Todd [Administrator]
    Mode : Delete -- Date : 12/16/2014 14:26:26
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 6 ¤¤¤
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7} | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7} | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{512C5F83-C8D0-4339-B3EF-BDEB892329A7} | DhcpNameServer : 89.101.160.4 89.101.160.5 [IRELAND (IE)][IRELAND (IE)] -> Replaced ()
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500BJKT-75F4T0 +++++
    --- User ---
    [MBR] 5dcbedbee382a1283fb5a6c123ac5e95
    [BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 286720 | Size: 238334 MB
    User = LL1 ... OK
    User = LL2 ... OK

    ============================================
    RKreport_DEL_12132014_190131.log - RKreport_DEL_12132014_190135.log - RKreport_DEL_12132014_191102.log - RKreport_DEL_12132014_201203.log
    RKreport_DEL_12142014_021001.log - RKreport_DEL_12142014_085756.log - RKreport_DEL_12142014_100628.log - RKreport_DEL_12142014_181547.log
    RKreport_DEL_12152014_072224.log - RKreport_DEL_12152014_084632.log - RKreport_DEL_12152014_084700.log - RKreport_SCN_12132014_185934.log
    RKreport_SCN_12132014_190849.log - RKreport_SCN_12132014_191253.log - RKreport_SCN_12132014_200657.log - RKreport_SCN_12132014_201547.log
    RKreport_SCN_12142014_085708.log - RKreport_SCN_12142014_085806.log - RKreport_SCN_12142014_100309.log - RKreport_SCN_12142014_181352.log
    RKreport_SCN_12152014_072141.log - RKreport_SCN_12152014_074353.log - RKreport_SCN_12152014_084518.log - RKreport_SCN_12162014_141855.log


    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org
    Database version: v2014.12.16.04
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.17420
    Todd :: TODD-PC [administrator]
    12/16/2014 2:34:23 PM
    mbar-log-2014-12-16 (14-34-23).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 325786
    Time elapsed: 40 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.660000 GHz
    Memory total: 3745411072, free: 1808011264
    Downloaded database version: v2014.12.15.02
    Downloaded database version: v2014.12.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/15/2014 08:48:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\e1y6032.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl6.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\pfc.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStorV.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\imm32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\psapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\user32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\userenv.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87ca0030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff86f05028
    Lower Device Driver Name: \Driver\iaStorV\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87ca0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87c983a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87ca0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f05028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A42D04A3
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 286720 Numsec = 488108032
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.660000 GHz
    Memory total: 3745411072, free: 1800339456
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/15/2014 10:09:49
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\e1y6032.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl6.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\pfc.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStorV.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\imm32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\psapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\user32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\userenv.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87ca0030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff86f05028
    Lower Device Driver Name: \Driver\iaStorV\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87ca0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87c983a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87ca0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86f05028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A42D04A3
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 286720 Numsec = 488108032
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 11.0.9600.17420
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.660000 GHz
    Memory total: 3745411072, free: 1238577152
    Could not load protection driver
    Downloaded database version: v2014.12.16.04
    Downloaded database version: v2014.12.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/16/2014 14:34:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\mfetdik.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\e1y6032.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\bcmwl6.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\pfc.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStorV.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfebopk.sys
    \??\C:\Windows\System32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\shell32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\psapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imm32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\nsi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87c9d948
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff872c5028
    Lower Device Driver Name: \Driver\iaStorV\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87c9d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87c9d628, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87c9d948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff872c5028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A42D04A3
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 286720 Numsec = 488108032
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Will keep checking...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. FlyerT

    FlyerT TS Rookie Topic Starter

    I use McAfee VirusScan Enterprise version 8.7 and when I open the program console I was able to disable the Access Protection, Buffer Overflow Protection, On-Delivery Email Scanner, and On-Access Scanner. However, when I run Combofix I receive the warning “Combofix has detected the following real time scanner to be active: antivirus: McAfee VirusScan Enterprise”. Do I need to take additional steps to disable McAfee VirusScan Console before proceeding with Combofix?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That's fine. Disregard that warning .
     
  7. FlyerT

    FlyerT TS Rookie Topic Starter

    ComboFix 14-12-14.01 - Todd 12/16/2014 20:36:16.1.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3572.2116 [GMT -5:00]
    Running from: c:\users\Todd\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    c:\users\Todd\AppData\Roaming\Local
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-17 to 2014-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-17 01:43 . 2014-12-17 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-17 00:23 . 2014-12-17 00:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF10472D-6341-4AD5-BC80-9DF10BA45F80}\offreg.dll
    2014-12-16 19:25 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF10472D-6341-4AD5-BC80-9DF10BA45F80}\mpengine.dll
    2014-12-15 13:48 . 2014-12-16 21:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-14 23:05 . 2014-12-14 23:05 -------- d-----w- c:\windows\ERUNT
    2014-12-13 23:55 . 2014-12-16 19:06 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-13 23:55 . 2014-12-13 23:55 -------- d-----w- c:\programdata\RogueKiller
    2014-12-13 16:27 . 2014-12-14 23:00 -------- d-----w- C:\AdwCleaner
    2014-12-12 18:53 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
    2014-12-12 18:53 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
    2014-12-12 18:53 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2014-12-12 18:53 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2014-12-12 18:53 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
    2014-12-12 18:53 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2014-12-10 08:34 . 2014-12-16 19:34 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-10 08:31 . 2014-12-15 15:09 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 08:31 . 2014-12-10 08:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-12-10 08:31 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-12-06 22:16 . 2014-12-06 22:58 -------- d-----w- c:\users\Todd\AppData\Local\gtk-2.0
    2014-12-06 22:16 . 2014-12-06 22:16 -------- d-----w- c:\users\Todd\.thumbnails
    2014-12-06 20:48 . 2014-12-06 20:48 -------- d-----w- c:\users\Todd\AppData\Local\fontconfig
    2014-12-06 20:48 . 2014-12-06 22:58 -------- d-----w- c:\users\Todd\.gimp-2.8
    2014-12-06 20:48 . 2014-12-06 20:48 -------- d-----w- c:\users\Todd\AppData\Local\gegl-0.2
    2014-11-19 00:01 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-19 00:01 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-24 19:04 . 2010-03-11 00:19 229000 ------w- c:\windows\system32\MpSigStub.exe
    2014-11-21 11:14 . 2014-03-07 21:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-06 03:28 . 2014-11-13 01:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-06 03:28 . 2014-11-13 01:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-06 03:13 . 2014-11-13 01:44 501248 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-06 03:13 . 2014-11-13 01:44 62464 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-06 03:12 . 2014-11-13 01:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-06 03:10 . 2014-11-13 01:44 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-06 02:59 . 2014-11-13 01:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-06 02:59 . 2014-11-13 01:44 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-06 02:58 . 2014-11-13 01:44 620032 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-06 02:51 . 2014-11-13 01:44 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-06 02:42 . 2014-11-13 01:44 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-06 02:21 . 2014-11-13 01:44 4298240 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-06 02:21 . 2014-11-13 01:44 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-06 02:20 . 2014-11-13 01:44 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-06 01:52 . 2014-11-13 01:44 1892864 ----a-w- c:\windows\system32\wininet.dll
    2014-11-05 17:50 . 2014-11-13 01:45 254464 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-05 17:50 . 2014-11-13 01:45 203776 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-05 17:47 . 2014-11-13 01:45 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-10-25 01:32 . 2014-11-13 01:45 67584 ----a-w- c:\windows\system32\packager.dll
    2014-10-18 01:33 . 2014-11-13 01:45 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-14 01:56 . 2014-11-13 01:45 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 01:50 . 2014-11-13 01:45 523776 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 01:50 . 2014-11-13 01:45 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 01:50 . 2014-11-13 01:45 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 01:47 . 2014-11-13 01:45 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 01:46 . 2014-11-13 01:45 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-10 00:45 . 2014-11-13 01:45 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-10-03 01:44 . 2014-11-13 01:45 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-13 01:45 275968 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 01:44 . 2014-11-13 01:45 475136 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 01:44 . 2014-11-13 01:45 374784 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 01:44 . 2014-11-13 01:45 195584 ----a-w- c:\windows\system32\AudioSes.dll
    2014-09-25 01:40 . 2014-09-30 18:45 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-19 09:23 . 2014-11-13 01:45 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-09-19 09:23 . 2014-11-13 01:45 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-09-19 09:23 . 2014-11-13 01:45 248832 ----a-w- c:\windows\system32\schannel.dll
    2014-09-19 09:23 . 2014-11-13 01:45 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2014-09-19 09:23 . 2014-11-13 01:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-09-19 09:23 . 2014-11-13 01:45 17408 ----a-w- c:\windows\system32\credssp.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2009-06-11 1657376]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-18 280576]
    .
    c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-12-15 79576]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-09-01 65448]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 228352]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2009-09-01 21256]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-09-01 70728]
    S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 22:54]
    .
    2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 22:54]
    .
    2014-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001Core.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 00:44]
    .
    2014-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001UA.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 00:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: mit.edu\ca
    Trusted Zone: mit.edu\ca2
    Trusted Zone: mit.edu\insidemit-apps
    Trusted Zone: mit.edu\ca
    Trusted Zone: mit.edu\ca2
    TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3875672199-1589393617-4063248445-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%%Ã]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-3875672199-1589393617-4063248445-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%%Ã\OpenWithList]
    @Class="Shell"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-16 20:46:05
    ComboFix-quarantined-files.txt 2014-12-17 01:46
    .
    Pre-Run: 24,680,706,048 bytes free
    Post-Run: 27,096,936,448 bytes free
    .
    - - End Of File - - 5ACFD21585C7F8465CAA0128DA493D1E
    A36C5E4F47E84449FF07ED3517B43A31
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  9. FlyerT

    FlyerT TS Rookie Topic Starter

    # AdwCleaner v4.105 - Report created 17/12/2014 at 21:41:11
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-16.1 [Live]
    # Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
    # Username : Todd - TODD-PC
    # Running from : C:\Users\Todd\Desktop\adwcleaner_4.105.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17420

    -\\ Google Chrome v

    *************************
    AdwCleaner[R0].txt - [6130 octets] - [13/12/2014 11:27:14]
    AdwCleaner[R1].txt - [855 octets] - [13/12/2014 18:48:26]
    AdwCleaner[R2].txt - [973 octets] - [13/12/2014 19:03:50]
    AdwCleaner[R3].txt - [1030 octets] - [13/12/2014 19:56:47]
    AdwCleaner[R4].txt - [1173 octets] - [14/12/2014 17:58:45]
    AdwCleaner[R5].txt - [1329 octets] - [17/12/2014 21:38:22]
    AdwCleaner[S0].txt - [6339 octets] - [13/12/2014 11:29:31]
    AdwCleaner[S1].txt - [915 octets] - [13/12/2014 18:51:16]
    AdwCleaner[S2].txt - [1237 octets] - [14/12/2014 18:00:23]
    AdwCleaner[S3].txt - [1252 octets] - [17/12/2014 21:41:11]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1312 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Enterprise x86
    Ran by Todd on Wed 12/17/2014 at 21:56:11.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 12/17/2014 at 21:58:45.19
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
    Ran by Todd (administrator) on TODD-PC on 17-12-2014 21:59:38
    Running from C:\Users\Todd\Desktop
    Loaded Profile: Todd (Available profiles: Todd)
    Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [nwiz] => nwiz.exe /install
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [136512 2009-01-16] (McAfee, Inc.)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-08-31] (McAfee, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-04] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-17] (Microsoft Corporation)
    Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001 -> {59AF20E3-CB85-46EF-9940-14A4AD453D8E} URL = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7WZPC_enUS430
    SearchScopes: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.mit.edu/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
    Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
    FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3875672199-1589393617-4063248445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-3875672199-1589393617-4063248445-1001: @talk.google.com/O1DPlugin -> C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-3875672199-1589393617-4063248445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-3875672199-1589393617-4063248445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
    FF Plugin ProgramFiles/Appdata: C:\Users\Todd\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Todd\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    Chrome:
    =======
    CHR Profile: C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default
    CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe [21256 2009-08-31] (McAfee, Inc.)
    R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
    U2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [146448 2009-08-31] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [66896 2009-08-31] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [70728 2009-08-31] (McAfee, Inc.)
    S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.) [File not signed]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [79576 2014-12-15] (Malwarebytes Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-08-31] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91672 2009-08-31] (McAfee, Inc.)
    S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-08-31] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [343664 2009-08-31] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65448 2009-08-31] (McAfee, Inc.)
    R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63728 2009-08-31] (McAfee, Inc.)
    S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
    R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
    S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [78720 2010-06-21] (Sierra Wireless Inc.)
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [228352 2010-06-21] (Sierra Wireless Inc.)
    S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [156544 2010-06-21] (Sierra Wireless Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-16] ()
    S3 catchme; \??\C:\Users\Todd\AppData\Local\Temp\catchme.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-12-17 21:59 - 2014-12-17 22:00 - 00012863 _____ () C:\Users\Todd\Desktop\FRST.txt
    2014-12-17 21:59 - 2014-12-17 21:59 - 00000000 ____D () C:\FRST
    2014-12-17 21:58 - 2014-12-17 21:58 - 00000630 _____ () C:\Users\Todd\Desktop\JRT.txt
    2014-12-17 21:52 - 2014-12-17 21:52 - 00001392 _____ () C:\Users\Todd\Desktop\AdwCleaner[S3].txt
    2014-12-17 21:41 - 2014-12-17 21:41 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-17 21:37 - 2014-12-17 21:37 - 02121216 _____ (Farbar) C:\Users\Todd\Desktop\FRST64.exe
    2014-12-17 21:36 - 2014-12-17 21:36 - 01113600 _____ (Farbar) C:\Users\Todd\Desktop\FRST.exe
    2014-12-17 21:34 - 2014-12-17 21:34 - 02166272 _____ () C:\Users\Todd\Desktop\adwcleaner_4.105.exe
    2014-12-17 21:34 - 2014-12-17 21:34 - 01707646 _____ (Thisisu) C:\Users\Todd\Desktop\JRT.exe
    2014-12-16 20:46 - 2014-12-16 20:46 - 00012990 _____ () C:\ComboFix.txt
    2014-12-16 19:13 - 2014-12-16 20:46 - 00000000 ____D () C:\Qoobox
    2014-12-16 19:13 - 2014-12-16 20:44 - 00000000 ____D () C:\Windows\erdnt
    2014-12-16 19:13 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-16 19:13 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-16 19:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-16 19:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-16 19:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-16 19:13 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-16 19:13 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-16 19:13 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-16 19:01 - 2014-12-16 19:01 - 05601641 ____R (Swearware) C:\Users\Todd\Desktop\ComboFix.exe
    2014-12-16 14:32 - 2014-12-16 14:33 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Todd\Downloads\mbar-1.08.2.1001 (1).exe
    2014-12-16 14:14 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-15 17:45 - 2014-12-15 17:45 - 00688992 ____R (Swearware) C:\Users\Todd\Downloads\dds.com
    2014-12-15 17:41 - 2014-12-15 17:41 - 00001078 _____ () C:\Users\Todd\Desktop\Malwarebytes Scan 2014.12.15.txt
    2014-12-15 08:48 - 2014-12-16 16:44 - 00000000 ____D () C:\Users\Todd\Desktop\mbar
    2014-12-15 08:48 - 2014-12-16 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-15 08:47 - 2014-12-15 08:48 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Todd\Downloads\mbar-1.08.2.1001.exe
    2014-12-14 18:05 - 2014-12-14 18:05 - 01707646 _____ (Thisisu) C:\Users\Todd\Downloads\JRT.exe
    2014-12-14 18:05 - 2014-12-14 18:05 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-14 12:19 - 2014-12-14 12:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Todd\Downloads\SpyHunter-Installer.exe
    2014-12-13 18:55 - 2014-12-16 14:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-13 18:55 - 2014-12-13 18:55 - 15201368 _____ () C:\Users\Todd\Downloads\RogueKiller.exe
    2014-12-13 18:55 - 2014-12-13 18:55 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-13 11:27 - 2014-12-17 21:41 - 00000000 ____D () C:\AdwCleaner
    2014-12-13 11:26 - 2014-12-13 11:27 - 02166272 _____ () C:\Users\Todd\Downloads\adwcleaner_4.105.exe
    2014-12-13 11:23 - 2014-12-13 11:23 - 00852505 _____ () C:\Users\Todd\Downloads\SecurityCheck.exe
    2014-12-12 14:01 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-12 14:01 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-12 14:01 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-12 14:01 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-12 14:01 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-12 14:01 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-12 14:01 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-12 14:01 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-12 14:01 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-12 14:01 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-12 14:00 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-12 14:00 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-12 14:00 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-12 14:00 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-12 14:00 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-12 14:00 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-12 14:00 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-12 14:00 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-12 14:00 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-12 14:00 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-12 14:00 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-12 14:00 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-12 14:00 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-12 14:00 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-12 14:00 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-12 14:00 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-12 14:00 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-12 14:00 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-12 14:00 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-12 14:00 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-12 14:00 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-12 14:00 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-12 14:00 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-12 14:00 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-12 14:00 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-12 14:00 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-12 14:00 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-12 14:00 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-12 14:00 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-12 14:00 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-12 13:55 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-12 13:53 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-12 13:53 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-12 13:53 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-12 13:53 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-12 13:53 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-12 13:53 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-10 03:34 - 2014-12-16 14:34 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-10 03:31 - 2014-12-15 10:09 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-10 03:31 - 2014-12-10 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-10 03:31 - 2014-12-10 03:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-12-10 03:31 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-06 17:57 - 2014-12-06 17:57 - 00001459 _____ () C:\Users\Todd\AppData\Local\recently-used.xbel
    2014-12-06 17:16 - 2014-12-06 17:58 - 00000000 ____D () C:\Users\Todd\AppData\Local\gtk-2.0
    2014-12-06 17:16 - 2014-12-06 17:16 - 00000000 ____D () C:\Users\Todd\.thumbnails
    2014-12-06 15:48 - 2014-12-06 17:58 - 00000000 ____D () C:\Users\Todd\.gimp-2.8
    2014-12-06 15:48 - 2014-12-06 15:48 - 00000000 ____D () C:\Users\Todd\AppData\Local\gegl-0.2
    2014-12-06 15:48 - 2014-12-06 15:48 - 00000000 ____D () C:\Users\Todd\AppData\Local\fontconfig
    2014-12-06 14:34 - 2014-12-06 14:34 - 01174352 _____ () C:\Users\Todd\Downloads\gimp.exe
    2014-11-18 19:01 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 19:01 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-12-17 21:56 - 2010-06-10 15:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001UA.job
    2014-12-17 21:56 - 2009-07-13 23:34 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-17 21:56 - 2009-07-13 23:34 - 00023376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-17 21:52 - 2011-05-04 04:59 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-17 21:45 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-17 21:44 - 2010-03-10 18:32 - 00110764 _____ () C:\Windows\PFRO.log
    2014-12-17 21:44 - 2009-07-13 23:39 - 00309168 _____ () C:\Windows\setupact.log
    2014-12-17 21:41 - 2014-05-07 13:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-17 21:41 - 2010-03-10 18:28 - 00000000 ____D () C:\Users\Todd
    2014-12-17 21:41 - 2010-03-10 18:27 - 01885139 _____ () C:\Windows\WindowsUpdate.log
    2014-12-17 21:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-17 20:56 - 2010-06-10 15:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001Core.job
    2014-12-16 20:46 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
    2014-12-16 20:46 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
    2014-12-16 20:43 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
    2014-12-16 20:11 - 2011-05-04 04:59 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-16 14:16 - 2010-03-10 19:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-13 10:32 - 2010-03-16 01:08 - 00000000 ____D () C:\QUARANTINE
    2014-12-12 13:57 - 2013-08-16 15:44 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-12 13:49 - 2010-03-30 06:18 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-10 03:31 - 2014-03-07 16:57 - 00000000 ____D () C:\Users\Todd\AppData\Roaming\Malwarebytes
    2014-12-10 03:31 - 2014-03-07 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-10 03:31 - 2014-03-07 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-12-07 19:18 - 2010-03-10 18:30 - 00869718 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-06 18:42 - 2014-09-03 16:48 - 00000000 ____D () C:\Users\Todd\Desktop\songs
    2014-11-24 14:04 - 2010-03-10 19:19 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-11-21 06:14 - 2014-03-07 16:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-20 18:14 - 2012-12-08 17:46 - 00000000 ____D () C:\Windows\rescache
    2014-11-19 15:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    Some content of TEMP:
    ====================
    C:\Users\Todd\AppData\Local\Temp\catchme.dll
    C:\Users\Todd\AppData\Local\Temp\Quarantine.exe
    C:\Users\Todd\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-06 08:38
    ==================== End Of Log ============================
     
  10. FlyerT

    FlyerT TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
    Ran by Todd at 2014-12-17 22:00:59
    Running from C:\Users\Todd\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: McAfee VirusScan Enterprise (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adolix Split and Merge PDF v2.1 (HKLM\...\Adolix Split and Merge PDF_is1) (Version: - Adolix Software)
    ArcSoft Software Suite (HKLM\...\{EE7C3A14-1D20-49F6-B903-491561076F0F}) (Version: - )
    BurnAware Free 2.4.5 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
    Cisco AnyConnect VPN Client (HKLM\...\{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}) (Version: 2.4.0202 - Cisco Systems, Inc.)
    GAMS Distribution 23.6.4 (HKLM\...\GAMS_is1) (Version: GAMS 23.6.4 - GAMS Development)
    Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
    HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{BE962181-E347-464E-AE70-276DD63A8293}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Photosmart Plus B210 series Help (HKLM\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
    HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{5ECB4CCF-448D-4B52-B933-45961F4291A4}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
    HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
    JACOBIAN IDE (HKLM\...\InstallShield_{054FD117-EC78-458E-976B-832FCCA0CC0B}) (Version: 4.1.0 - RES Group Inc.)
    JACOBIAN IDE (Version: 4.1.0 - RES Group Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Agent (HKLM\...\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}) (Version: 4.0.0.1345 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.0 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
    Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{96327C3C-96BE-4C7A-A6F7-A71635E5949A}) (Version: 8.05.1054 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.8.0036 - ooVoo LLC.)
    PictureProject (HKLM\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )
    Rosetta Stone Ltd Services (HKLM\...\{326057C5-6185-4C85-A630-9C2FC2DB3F93}) (Version: 3.2.6 - Rosetta Stone Ltd.)
    Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Viscom Store Image Viewer (HKLM\...\Viscom Store Image Viewer_is1) (Version: - Viscom Software)
    XnView 2.03 (HKLM\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\Todd\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    ==================== Restore Points =========================
    17-12-2014 21:32:31 Windows Update
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:04 - 2014-12-16 20:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {0A813DF4-8F2F-4833-AE23-42DB434B25F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001UA => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
    Task: {1EC0CD73-AE12-4F10-8FC5-114F54816D31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001Core => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
    Task: {20DCF778-6677-438A-B9E1-0C38F4405D23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {377289EC-8A79-463A-BCAA-F31D3A36BEA0} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
    Task: {4A5951A2-AF65-41D8-BE5D-E6D79C88FFCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {9EF1F44B-EB3F-4F62-944B-2598902B419A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: {A4B58B96-E88B-469B-973F-0BD251D43908} - System32\Tasks\{5AF7E013-2B23-42D3-9020-16C0FE4F7734} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {A5A2E2C6-82F6-4247-AA59-1C8196485C22} - System32\Tasks\{EAEBF887-EACF-411B-9527-05A6CD3A5738} => pcalua.exe -a D:\PHOTOFINALESETUP.EXE -d D:\
    Task: {B194DCDF-332F-4DE5-93DD-C8F47FE5EE0B} - System32\Tasks\{028E0099-215B-423A-8C03-B9C26EEBC7F5} => pcalua.exe -a D:\Welcome.exe -d D:\
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001Core.job => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875672199-1589393617-4063248445-1001UA.job => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2005-08-22 15:38 - 2005-08-22 15:38 - 03264512 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
    2009-01-16 16:00 - 2009-01-16 16:00 - 00057344 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
    2009-04-29 20:07 - 2009-04-29 20:07 - 00148816 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================
    Administrator (S-1-5-21-3875672199-1589393617-4063248445-500 - Administrator - Disabled)
    Guest (S-1-5-21-3875672199-1589393617-4063248445-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3875672199-1589393617-4063248445-1002 - Limited - Enabled)
    Todd (S-1-5-21-3875672199-1589393617-4063248445-1001 - Administrator - Enabled) => C:\Users\Todd
    ==================== Faulty Device Manager Devices =============
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    Error: (08/10/2014 07:31:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 499 seconds with 0 seconds of active time. This session ended with a crash.
    Error: (07/14/2013 01:37:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2051 seconds with 120 seconds of active time. This session ended with a crash.
    Error: (02/10/2013 09:26:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 98 seconds with 60 seconds of active time. This session ended with a crash.
    Error: (12/01/2012 06:05:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22974 seconds with 960 seconds of active time. This session ended with a crash.
    Error: (07/14/2012 04:13:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1401 seconds with 120 seconds of active time. This session ended with a crash.
    Error: (05/09/2011 08:11:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5574 seconds with 720 seconds of active time. This session ended with a crash.
    Error: (02/06/2011 01:47:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5443 seconds with 120 seconds of active time. This session ended with a crash.
    Error: (05/05/2010 10:03:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 655 seconds with 240 seconds of active time. This session ended with a crash.
    Error: (04/29/2010 05:41:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2174 seconds with 240 seconds of active time. This session ended with a crash.
    Error: (04/20/2010 03:29:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 136 seconds with 0 seconds of active time. This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
    Date: 2014-06-02 10:15:39.428
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-06-02 10:15:39.412
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-06-02 10:15:39.412
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 18:49:13.557
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 18:49:13.542
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 18:49:13.479
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 17:28:58.827
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 17:28:58.827
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.
    Date: 2014-03-07 17:28:58.811
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\TMP00000015C8EE5E936A537ED4 because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM)2 Duo CPU T9550 @ 2.66GHz
    Percentage of memory in use: 41%
    Total physical RAM: 3571.9 MB
    Available physical RAM: 2090.91 MB
    Total Pagefile: 7142.09 MB
    Available Pagefile: 5747.63 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.72 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:232.75 GB) (Free:25.2 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A42D04A3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. FlyerT

    FlyerT TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
    Ran by Todd at 2014-12-17 22:50:26 Run:1
    Running from C:\Users\Todd\Desktop
    Loaded Profile: Todd (Available profiles: Todd)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]
    S3 catchme; \??\C:\Users\Todd\AppData\Local\Temp\catchme.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Users\Todd\AppData\Local\Temp\catchme.dll
    C:\Users\Todd\AppData\Local\Temp\Quarantine.exe
    C:\Users\Todd\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    *****************
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}" => Key deleted successfully.
    "HKCR\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9}" => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}" => Key deleted successfully.
    "HKCR\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9}" => Key not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae" => Key deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm" => Key deleted successfully.
    catchme => Service deleted successfully.
    SWUMX20 => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    C:\Users\Todd\AppData\Local\Temp\catchme.dll => Moved successfully.
    C:\Users\Todd\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Todd\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
    "HKU\S-1-5-21-3875672199-1589393617-4063248445-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    ==== End of Fixlog ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. FlyerT

    FlyerT TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.93
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader XI
    ````````Process Check: objlist.exe by Laurent````````
    McAfee VirusScan Enterprise engineserver.exe
    McAfee VirusScan Enterprise vstskmgr.exe
    McAfee VirusScan Enterprise mcshield.exe
    McAfee VirusScan Enterprise mfeann.exe
    McAfee VirusScan Enterprise shstat.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Todd (administrator) on 18-12-2014 at 05:43:11
    Running from "C:\Users\Todd\Desktop"
    Microsoft Windows 7 Enterprise Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed

    **** End of log ****
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Sophos?
     
  16. FlyerT

    FlyerT TS Rookie Topic Starter

    Sophos found no threats and there was nothing to clean. Since running Sophos I have not been able to boot the computer in Normal mode, I made this post using Safe Mode with Networking.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What does happen when you try to boot to normal mode?
     
  18. FlyerT

    FlyerT TS Rookie Topic Starter

    Very long delay at the Welcome screen. I am in normal mode now after a 15 minute hold-up on the Welcome screen.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go Start>Run (Start Search in Vista/7), type in:
    msconfig
    Click OK (hit Enter in Vista/7).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
  20. FlyerT

    FlyerT TS Rookie Topic Starter

    No problem. There was no hold up at the Welcome screen when starting in Normal mode.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK. You'll need some time and a gig cup of coffee :)
    Go back to "msconfig" and start re-enabling startups and services you just disabled BUT only one by one restarting computer each time until you find the culprit.
     
  22. FlyerT

    FlyerT TS Rookie Topic Starter

    OK, I will begin the process and report back when complete. One additional question. RogueKiller is still identifying PUM.Dns registry items for cleaning. Should I proceed with deleting these items using RogueKiller?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No.
     
  24. FlyerT

    FlyerT TS Rookie Topic Starter

    I found the culprit. The slow startup in Normal Mode is when I enable McAfee McShield. I enabled all other items under Service and Startup individually and McAfee McShield is the one that causes the slow startup.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...