Jump to content

gomer

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So far everything seems to be running smoothly. I have rebooted a few times today and have had internet each time. I think things are good. I really appreciate your help more than you know.
  2. ComboFix 14-04-20.01 - trico 04/24/2014 7:40.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6126.4423 [GMT -5:00] Running from: c:\users\trico\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll c:\programdata\PCDr\6426\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll c:\programdata\PCDr\6426\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll c:\programdata\PCDr\6426\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll c:\programdata\PCDr\6426\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll c:\programdata\PCDr\6426\AddOnDownloaded\32c9d170-59a5-4003-94c6-80a6c9dd3953.dll c:\programdata\PCDr\6426\AddOnDownloaded\39e74b65-3eda-422b-bbb4-2b208419be67.dll c:\programdata\PCDr\6426\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll c:\programdata\PCDr\6426\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll c:\programdata\PCDr\6426\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll c:\programdata\PCDr\6426\AddOnDownloaded\9a4d2a9e-ce47-421d-bbd6-98fd72255fed.dll c:\programdata\PCDr\6426\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll c:\programdata\PCDr\6426\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll c:\programdata\PCDr\6426\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll c:\programdata\PCDr\6426\AddOnDownloaded\cdf86821-bbfe-4586-8cae-bf998bb8d498.dll c:\programdata\PCDr\6426\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll . . ((((((((((((((((((((((((( Files Created from 2014-03-24 to 2014-04-24 ))))))))))))))))))))))))))))))) . . 2014-04-24 12:54 . 2014-04-24 12:54 -------- d-----w- c:\users\sbookout\AppData\Local\temp 2014-04-23 15:06 . 2014-04-23 15:06 -------- d-sh--w- c:\users\trico\AppData\Local\EmieUserList 2014-04-23 15:06 . 2014-04-23 15:06 -------- d-sh--w- c:\users\trico\AppData\Local\EmieSiteList 2014-04-23 14:19 . 2014-03-01 04:23 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-04-23 14:13 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78C014AA-E351-4155-A5CF-65BC29136298}\mpengine.dll 2014-04-22 22:28 . 2014-04-22 22:28 -------- d-----w- c:\windows\Migration 2014-04-22 22:27 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2014-04-22 21:02 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-04-22 20:50 . 2014-04-22 20:50 -------- d-----w- c:\windows\ERUNT 2014-04-22 20:36 . 2014-04-22 20:40 -------- d-----w- C:\AdwCleaner 2014-04-22 19:59 . 2014-04-11 12:55 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{554097A0-E069-4075-9B94-4B12FBE2CFA5}\gapaengine.dll 2014-04-22 18:35 . 2014-04-22 19:42 -------- d-----w- C:\FRST 2014-04-22 12:46 . 2014-04-22 12:46 -------- d-----w- C:\TDSSKiller_Quarantine 2014-04-15 12:34 . 2014-04-15 12:34 -------- d-----w- c:\programdata\Oracle 2014-04-15 12:34 . 2014-04-15 12:34 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-04-15 12:33 . 2014-04-15 12:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-14 13:36 . 2014-04-14 13:43 -------- d-----w- c:\programdata\BidExpressLogs 2014-04-14 13:35 . 2014-04-14 13:35 -------- d-----w- c:\users\trico\AppData\Roaming\gnupg 2014-04-14 13:27 . 2014-04-14 13:43 -------- d-----w- c:\programdata\PGPData 2014-04-11 23:13 . 2014-04-11 23:13 -------- d-----w- c:\programdata\PC-Doctor for Windows 2014-04-11 23:13 . 2014-04-11 23:13 -------- d-----w- c:\program files\My Dell 2014-04-11 22:58 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2014-04-11 22:58 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-04-11 22:58 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2014-04-11 22:58 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2014-04-11 22:58 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2014-04-11 22:18 . 2014-04-11 22:20 -------- d-----w- c:\windows\system32\MRT 2014-04-11 21:47 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2014-04-11 21:47 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2014-04-11 16:23 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2014-04-11 16:23 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2014-04-11 16:23 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll 2014-04-11 16:23 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2014-04-11 16:22 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2014-04-11 16:22 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2014-04-11 16:22 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2014-04-11 16:22 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2014-04-11 16:22 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-04-11 16:22 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2014-04-11 16:20 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll 2014-04-11 16:19 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2014-04-11 16:19 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2014-04-11 16:19 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys 2014-04-11 16:19 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys 2014-04-11 16:19 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys 2014-04-11 16:19 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2014-04-11 16:19 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-04-11 16:19 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys 2014-04-11 16:19 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys 2014-04-11 16:19 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys 2014-04-11 16:19 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2014-04-11 16:17 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2014-04-11 16:16 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-04-11 16:16 . 2013-11-27 01:42 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-04-11 16:16 . 2013-11-27 01:42 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-04-11 16:16 . 2013-11-27 01:42 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-04-11 16:16 . 2013-11-27 01:42 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-04-11 16:16 . 2013-11-27 01:42 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-04-11 16:16 . 2013-11-27 01:42 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-04-11 16:16 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll 2014-04-11 16:16 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll 2014-04-11 16:15 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2014-04-11 16:15 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2014-04-11 16:15 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2014-04-11 16:15 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2014-04-11 16:13 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx 2014-04-11 15:44 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2014-04-10 15:51 . 2014-04-22 14:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-04-10 13:37 . 2014-04-24 11:58 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-10 13:36 . 2014-04-22 14:02 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-10 13:36 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-10 13:36 . 2014-04-10 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-10 13:36 . 2014-04-10 13:36 -------- d-----w- c:\users\trico\AppData\Local\Programs 2014-04-10 13:08 . 2014-04-10 13:08 -------- d-----w- c:\program files\CCleaner 2014-04-02 12:39 . 2014-04-02 12:39 -------- d-----r- c:\users\trico\AppData\Roaming\Brother 2014-03-25 21:31 . 2014-04-22 21:24 -------- d-----w- c:\programdata\AVAST Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-15 12:26 . 2012-05-29 12:15 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-15 12:26 . 2012-05-29 12:15 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-11 12:55 . 2011-08-11 12:14 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-04-03 14:50 . 2012-12-19 21:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-31 08:51 . 2012-02-14 13:20 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-11 14:52 . 2011-04-27 20:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-04 09:17 . 2014-04-11 16:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-01-25 06:19 . 2014-01-25 06:19 268512 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-01-13 143360] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-10-18 2678784] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe" [2010-10-22 467224] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2011-3-1 5828952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 MWAC;MWAC;c:\windows\system32\drivers\;c:\windows\SYSNATIVE\drivers\ [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe;c:\program files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 SQLAgent$SMSSQL;SQL Server Agent (SMSSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\SQLAGENT.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 MSSQL$SMSSQL;SQL Server (SMSSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.SMSSQL\MSSQL\Binn\sqlservr.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBACCESSCONTROL *Deregistered* - MBAMWebAccessControl . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-11 12:44 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 12:26] . 2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11 12:39] . 2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11 12:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{14C5A9B1-1E23-4F08-B525-B885F1E1AB95}: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-66334995.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MWAC] "ImagePath"="\??\c:\windows\system32\drivers\" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c1,83,3b,a1,e2,a1,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-24 08:01:39 ComboFix-quarantined-files.txt 2014-04-24 13:01 . Pre-Run: 411,403,055,104 bytes free Post-Run: 410,969,264,128 bytes free . - - End Of File - - 243CAB4417DDACB8C76B491A111C0C5B
  3. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : trico [Admin rights] Mode : Scan -- Date : 04/23/2014 10:36:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ARRAY0 +++++ --- User --- [MBR] 77f5ee710d9915b00fff7b2ade5910ff [bSP] e64d6d7046b6969fa4775e39e8f0b05f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15614 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32059392 | Size: 461282 MB User = LL1 ... OK! Error reading LL2 MBR! ([0x57] The parameter is incorrect. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04232014_103646.txt >>
  4. I ran the JRT tool again and restarted and have internet again. However when I ran FSS it informed me that win defender is not working. It said the service was set to manual and not started. I changed it to automatic and hit start service. It said service started and then stopped again. Still have something lurking somewhere.
  5. It was the configuration file for our scale program. Also when I turned on the computer this morning the connection is down again and the network adapter is missing again.
  6. Ok....I found the file that was modified. I fixed it....whew....lol. I have to go ill post the results of the last scan in the morning
  7. Its a basic database program that runs an sql server. The form i print out has changed drastically. would a system restore fix it??
  8. Woah....something we ran jacked up my work program. sql server info is still there but it like reset the interface program to default settings.....
  9. Ok the securtiy check popped up and said unsupported operating system.
  10. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by trico on Tue 04/22/2014 at 15:50:20.11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{774870F7-9774-4AB2-808E-5F28F1F7FF19} Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{85498614-6F22-45C8-BCAF-B6DE4FC3DD29} Successfully deleted: [Empty Folder] C:\Users\trico\appdata\local\{F7DA45C5-5F3D-478B-8818-AEBE365F4F1A} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 04/22/2014 at 15:55:43.73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. # AdwCleaner v3.201 - Report created 22/04/2014 at 15:40:47 # Updated 22/04/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : trico - TRICO-PC # Running from : C:\Users\trico\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Users\trico\AppData\Local\PackageAware Folder Deleted : C:\Users\sbookout\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AskToolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : HKLM\Software\Freeze.com ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16866 -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\trico\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3684 octets] - [22/04/2014 15:36:26] AdwCleaner[s0].txt - [3556 octets] - [22/04/2014 15:40:47] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3616 octets] ##########
  12. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/22/2014 Scan Time: 3:31:39 PM Logfile: mwb.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.22.06 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: trico Scan Type: Threat Scan Result: Completed Objects Scanned: 381837 Time Elapsed: 8 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  13. Well my next question is do I have to uninstall MSE? Can I just leave it disabled?
  14. Yes the internet is working!! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014Ran by trico at 2014-04-22 14:42:01 Run:1Running from C:\Users\trico\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartS1 advrvahn; \??\C:\Windows\system32\drivers\advrvahn.sys [X]S1 armiuqou; \??\C:\Windows\system32\drivers\armiuqou.sys [X]S1 arxowlnf; \??\C:\Windows\system32\drivers\arxowlnf.sys [X]S1 asjcdjmz; \??\C:\Windows\system32\drivers\asjcdjmz.sys [X]S1 avemnlps; \??\C:\Windows\system32\drivers\avemnlps.sys [X]S1 bbozwcyl; \??\C:\Windows\system32\drivers\bbozwcyl.sys [X]S1 bczhknue; \??\C:\Windows\system32\drivers\bczhknue.sys [X]S1 boccnqre; \??\C:\Windows\system32\drivers\boccnqre.sys [X]S1 bpviphta; \??\C:\Windows\system32\drivers\bpviphta.sys [X]S1 bxctosuw; \??\C:\Windows\system32\drivers\bxctosuw.sys [X]S1 cpcylwlz; \??\C:\Windows\system32\drivers\cpcylwlz.sys [X]S1 crbhjfgq; \??\C:\Windows\system32\drivers\crbhjfgq.sys [X]S1 croywasd; \??\C:\Windows\system32\drivers\croywasd.sys [X]S1 cxsivxrn; \??\C:\Windows\system32\drivers\cxsivxrn.sys [X]S1 czssvrda; \??\C:\Windows\system32\drivers\czssvrda.sys [X]S1 dbiosjml; \??\C:\Windows\system32\drivers\dbiosjml.sys [X]S1 dcdhftff; \??\C:\Windows\system32\drivers\dcdhftff.sys [X]S1 dcppauld; \??\C:\Windows\system32\drivers\dcppauld.sys [X]S1 debhhsis; \??\C:\Windows\system32\drivers\debhhsis.sys [X]S1 dwehchwk; \??\C:\Windows\system32\drivers\dwehchwk.sys [X]S1 ernalqer; \??\C:\Windows\system32\drivers\ernalqer.sys [X]S1 etfsxlqs; \??\C:\Windows\system32\drivers\etfsxlqs.sys [X]S1 evpzlcjb; \??\C:\Windows\system32\drivers\evpzlcjb.sys [X]S1 exofvamp; \??\C:\Windows\system32\drivers\exofvamp.sys [X]S1 ffhaxryw; \??\C:\Windows\system32\drivers\ffhaxryw.sys [X]S1 fpevcenf; \??\C:\Windows\system32\drivers\fpevcenf.sys [X]S1 fxmmdscd; \??\C:\Windows\system32\drivers\fxmmdscd.sys [X]S1 ginoolks; \??\C:\Windows\system32\drivers\ginoolks.sys [X]S1 gurmkgpw; \??\C:\Windows\system32\drivers\gurmkgpw.sys [X]S1 hajyrizl; \??\C:\Windows\system32\drivers\hajyrizl.sys [X]S1 hdltvqra; \??\C:\Windows\system32\drivers\hdltvqra.sys [X]S1 hhdbvban; \??\C:\Windows\system32\drivers\hhdbvban.sys [X]S1 hhsosbuo; \??\C:\Windows\system32\drivers\hhsosbuo.sys [X]S1 huqkvasj; \??\C:\Windows\system32\drivers\huqkvasj.sys [X]S1 hutecajo; \??\C:\Windows\system32\drivers\hutecajo.sys [X]S1 ictgtqhw; \??\C:\Windows\system32\drivers\ictgtqhw.sys [X]S1 ilgaicck; \??\C:\Windows\system32\drivers\ilgaicck.sys [X]S1 jktkwcqn; \??\C:\Windows\system32\drivers\jktkwcqn.sys [X]S1 keofigpd; \??\C:\Windows\system32\drivers\keofigpd.sys [X]S1 kppvnued; \??\C:\Windows\system32\drivers\kppvnued.sys [X]S1 ksnbuxoi; \??\C:\Windows\system32\drivers\ksnbuxoi.sys [X]S1 lqszxbma; \??\C:\Windows\system32\drivers\lqszxbma.sys [X]S1 lsqfosqs; \??\C:\Windows\system32\drivers\lsqfosqs.sys [X]S1 lstxxdkl; \??\C:\Windows\system32\drivers\lstxxdkl.sys [X]S1 nfcjmtof; \??\C:\Windows\system32\drivers\nfcjmtof.sys [X]S1 njcgodkf; \??\C:\Windows\system32\drivers\njcgodkf.sys [X]S1 nkzictbd; \??\C:\Windows\system32\drivers\nkzictbd.sys [X]S1 ocnysfrr; \??\C:\Windows\system32\drivers\ocnysfrr.sys [X]S1 ohytwscp; \??\C:\Windows\system32\drivers\ohytwscp.sys [X]S1 opewhbby; \??\C:\Windows\system32\drivers\opewhbby.sys [X]S1 ovhzodpa; \??\C:\Windows\system32\drivers\ovhzodpa.sys [X]S1 palglxzf; \??\C:\Windows\system32\drivers\palglxzf.sys [X]S1 pfpnafdt; \??\C:\Windows\system32\drivers\pfpnafdt.sys [X]S1 qianwcgg; \??\C:\Windows\system32\drivers\qianwcgg.sys [X]S1 qihgjyjc; \??\C:\Windows\system32\drivers\qihgjyjc.sys [X]S1 rbhnfzrt; \??\C:\Windows\system32\drivers\rbhnfzrt.sys [X]S1 rglnfcxs; \??\C:\Windows\system32\drivers\rglnfcxs.sys [X]S1 spdcebkr; \??\C:\Windows\system32\drivers\spdcebkr.sys [X]S1 ssospfvs; \??\C:\Windows\system32\drivers\ssospfvs.sys [X]S1 tellxrgy; \??\C:\Windows\system32\drivers\tellxrgy.sys [X]S1 tghesfoz; \??\C:\Windows\system32\drivers\tghesfoz.sys [X]S1 uzlyyicb; \??\C:\Windows\system32\drivers\uzlyyicb.sys [X]S1 vinwlzxy; \??\C:\Windows\system32\drivers\vinwlzxy.sys [X]2014-04-22 13:31 - 2011-10-03 10:22 - 00003858 _____ () C:\Users\trico\smssqlw.ini2014-04-22 13:31 - 2011-07-15 15:59 - 00001563 _____ () C:\Users\trico\smssql.ini2014-04-21 16:45 - 2011-07-18 07:42 - 00000474 _____ () C:\Users\trico\qnbsqlw.iniC:\Users\Administrator\g2ax_customer_downloadhelper_win32_x86.exeC:\Users\afloyd\cisrep.datC:\Users\sbookout\g2ax_customer_downloadhelper_win32_x86.exeC:\Users\trico\cc_20140410_082202.regC:\Users\trico\cc_20140410_091320.regC:\Users\trico\cc_20140410_091344.regC:\Users\trico\cc_20140417_073608.regC:\Users\trico\cisrep.datC:\Users\trico\g2ax_customer_downloadhelper_win32_x86.exeC:\Users\trico\oldreg.regC:\Users\afloyd\AppData\Local\Temp\Bolt.exeEnd***************** advrvahn => Service deleted successfully.armiuqou => Service deleted successfully.arxowlnf => Service deleted successfully.asjcdjmz => Service deleted successfully.avemnlps => Service deleted successfully.bbozwcyl => Service deleted successfully.bczhknue => Service deleted successfully.boccnqre => Service deleted successfully.bpviphta => Service deleted successfully.bxctosuw => Service deleted successfully.cpcylwlz => Service deleted successfully.crbhjfgq => Service deleted successfully.croywasd => Service deleted successfully.cxsivxrn => Service deleted successfully.czssvrda => Service deleted successfully.dbiosjml => Service deleted successfully.dcdhftff => Service deleted successfully.dcppauld => Service deleted successfully.debhhsis => Service deleted successfully.dwehchwk => Service deleted successfully.ernalqer => Service deleted successfully.etfsxlqs => Service deleted successfully.evpzlcjb => Service deleted successfully.exofvamp => Service deleted successfully.ffhaxryw => Service deleted successfully.fpevcenf => Service deleted successfully.fxmmdscd => Service deleted successfully.ginoolks => Service deleted successfully.gurmkgpw => Service deleted successfully.hajyrizl => Service deleted successfully.hdltvqra => Service deleted successfully.hhdbvban => Service deleted successfully.hhsosbuo => Service deleted successfully.huqkvasj => Service deleted successfully.hutecajo => Service deleted successfully.ictgtqhw => Service deleted successfully.ilgaicck => Service deleted successfully.jktkwcqn => Service deleted successfully.keofigpd => Service deleted successfully.kppvnued => Service deleted successfully.ksnbuxoi => Service deleted successfully.lqszxbma => Service deleted successfully.lsqfosqs => Service deleted successfully.lstxxdkl => Service deleted successfully.nfcjmtof => Service deleted successfully.njcgodkf => Service deleted successfully.nkzictbd => Service deleted successfully.ocnysfrr => Service deleted successfully.ohytwscp => Service deleted successfully.opewhbby => Service deleted successfully.ovhzodpa => Service deleted successfully.palglxzf => Service deleted successfully.pfpnafdt => Service deleted successfully.qianwcgg => Service deleted successfully.qihgjyjc => Service deleted successfully.rbhnfzrt => Service deleted successfully.rglnfcxs => Service deleted successfully.spdcebkr => Service deleted successfully.ssospfvs => Service deleted successfully.tellxrgy => Service deleted successfully.tghesfoz => Service deleted successfully.uzlyyicb => Service deleted successfully.vinwlzxy => Service deleted successfully.C:\Users\trico\smssqlw.ini => Moved successfully.C:\Users\trico\smssql.ini => Moved successfully.C:\Users\trico\qnbsqlw.ini => Moved successfully.C:\Users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.C:\Users\afloyd\cisrep.dat => Moved successfully.C:\Users\sbookout\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.C:\Users\trico\cc_20140410_082202.reg => Moved successfully.C:\Users\trico\cc_20140410_091320.reg => Moved successfully.C:\Users\trico\cc_20140410_091344.reg => Moved successfully.C:\Users\trico\cc_20140417_073608.reg => Moved successfully.C:\Users\trico\cisrep.dat => Moved successfully.C:\Users\trico\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.C:\Users\trico\oldreg.reg => Moved successfully.C:\Users\afloyd\AppData\Local\Temp\Bolt.exe => Moved successfully. ==== End of Fixlog ====
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.