Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #16  
Old November 11th, 2014, 04:47 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
page 2

ndex of C:\$RECYCLE.BIN\S-1-5-21-2059181236-31080851-1000316753-1000\
Name Size Date Modified
[parent directory]
$R1F9V3Z/ 10/30/14, 7:10:46 PM
$R681GT0/ 11/6/14, 5:41:39 PM
$RC6LYS2/ 10/30/14, 7:10:46 PM
$RHOA48O/ 11/8/14, 10:26:39 PM
$RKSH57C/ 11/10/14, 7:11:34 PM
$RLB3518/ 11/6/14, 5:41:46 PM
$RLSYVMV/ 10/30/14, 7:10:46 PM
$RXVMLUL/ 11/6/14, 5:41:39 PM
$RYCJQVM/ 11/7/14, 12:09:12 AM
$I13ZU5D.dll 544 B 11/10/14, 7:11:32 PM
$I1F9V3Z 544 B 11/10/14, 7:11:32 PM
$I1YZWNM.dll 544 B 11/10/14, 7:11:32 PM
$I25X9D4.ini 544 B 11/10/14, 7:11:32 PM
$I3HNBXU.dll 544 B 11/10/14, 7:11:32 PM
$I3NO91E.dll 544 B 11/10/14, 7:11:32 PM
$I48K9CR.exe 544 B 11/10/14, 7:11:34 PM
$I49ZZZC.exe 544 B 11/10/14, 7:11:32 PM
$I4K9UME.dll 544 B 11/10/14, 7:11:32 PM
$I53K2XN.dll 544 B 11/10/14, 7:11:32 PM
$I5WUEZ0.exe 544 B 11/10/14, 7:11:32 PM
$I642CQ6.exe 544 B 11/10/14, 7:11:32 PM
$I65H52H.lnk 544 B 11/10/14, 7:11:39 PM
$I67LHKI.dll 544 B 11/10/14, 7:11:32 PM
$I681GT0 544 B 11/10/14, 7:11:32 PM
$I78XMW0.ini 544 B 11/10/14, 7:11:31 PM
$I7OL4LB.exe 544 B 11/10/14, 7:11:31 PM
$I8MZA2U.json 544 B 11/10/14, 7:11:31 PM
$I9D4RU0.md5 544 B 11/10/14, 7:11:32 PM
$I9OCUYW.dll 544 B 11/10/14, 7:11:32 PM
$IAEESUI.dll 544 B 11/10/14, 7:11:32 PM
$IANB3Z0.dll 544 B 11/10/14, 7:11:32 PM
$IC6LYS2 544 B 11/10/14, 7:11:32 PM
$IC9DAIU.dll 544 B 11/10/14, 7:11:32 PM
$ICKWDRT.dll 544 B 11/10/14, 7:11:31 PM
$ICMKXO1.dll 544 B 11/10/14, 7:11:32 PM
$IDAFZGZ.dll 544 B 11/10/14, 7:11:32 PM
$IDB4216.dll 544 B 11/10/14, 7:11:32 PM
$IEPF5MR.dll 544 B 11/10/14, 7:11:32 PM
$IETOYQC.pem 544 B 11/10/14, 7:11:32 PM
$IF93KUK.exe 544 B 11/10/14, 7:11:34 PM
$IF9A8WA.exe 544 B 11/10/14, 7:11:31 PM
$IGXA44N.dll 544 B 11/10/14, 7:11:34 PM
$IH0CICV 544 B 11/10/14, 7:11:32 PM
$IHBEYT1.dll 544 B 11/10/14, 7:11:32 PM
$IHOA48O 544 B 11/10/14, 7:11:34 PM
$IHQRE2S.pak 544 B 11/10/14, 7:11:33 PM
$II84KDC.json 544 B 11/10/14, 7:11:34 PM
$IKLJYVE.dll 544 B 11/10/14, 7:11:34 PM
$IKSH57C 544 B 11/10/14, 7:11:39 PM
$ILB3518 544 B 11/10/14, 7:11:34 PM
$ILSYVMV 544 B 11/10/14, 7:11:32 PM
$IMY12KX.dll 544 B 11/10/14, 7:11:32 PM
$INWUE2K.dll 544 B 11/10/14, 7:11:32 PM
$IPWPDHO.lnk 544 B 11/10/14, 7:11:34 PM
$IPXI42K.exe 544 B 11/10/14, 7:11:32 PM
$IQ8NNES.ini 544 B 11/10/14, 7:11:32 PM
$IQKCQQF.dll 544 B 11/10/14, 7:11:32 PM
$IQLDS8X.dll 544 B 11/10/14, 7:11:32 PM
$IQRIJS9.json 544 B 11/10/14, 7:11:34 PM
$IR1J2AM.exe 544 B 11/10/14, 7:11:31 PM
$IR6MM4X.exe 544 B 11/10/14, 7:11:32 PM
$IRV1NAZ.dll 544 B 11/10/14, 7:11:32 PM
$IS2DWA5.dll 544 B 11/10/14, 7:11:34 PM
$ISHM769.dll 544 B 11/10/14, 7:11:32 PM
$ITQABFR.dll 544 B 11/10/14, 7:11:32 PM
$IUIPTN3.dll 544 B 11/10/14, 7:11:32 PM
$IURHV4D.json 544 B 11/10/14, 7:11:34 PM
$IUZ2ZL9.dll 544 B 11/10/14, 7:11:32 PM
$IVFUH2M.ini 544 B 11/10/14, 7:11:32 PM
$IVPHBE2.dll 544 B 11/10/14, 7:11:32 PM
$IVTGEKF.dll 544 B 11/10/14, 7:11:32 PM
$IVYIOX9.exe 544 B 11/10/14, 7:11:32 PM
$IX1PB4T.dll 544 B 11/10/14, 7:11:32 PM
$IXB3IHR.xml 544 B 11/10/14, 7:11:31 PM
$IXUA4QZ.dll 544 B 11/10/14, 7:11:32 PM
$IXVMLUL 544 B 11/10/14, 7:11:34 PM
$IXVS4XY.dll 544 B 11/10/14, 7:11:32 PM
$IYCJQVM 544 B 11/10/14, 7:11:36 PM
$IYGJDRH.exe 544 B 11/10/14, 7:11:32 PM
$IYR2SRV.ini 544 B 11/10/14, 7:11:32 PM
$IYU1PCW.pak 544 B 11/10/14, 7:11:32 PM
$IZU5CHV.json 544 B 11/10/14, 7:11:34 PM
$R13ZU5D.dll 756 kB 10/14/14, 8:07:59 PM
$R1YZWNM.dll 268 kB 10/30/14, 7:10:44 PM
$R25X9D4.ini 704 B 10/14/14, 8:06:32 PM
$R3HNBXU.dll 836 kB 10/30/14, 7:10:41 PM
$R3NO91E.dll 593 kB 10/30/14, 7:10:40 PM
$R48K9CR.exe 3.7 MB 10/30/14, 7:10:46 PM
$R49ZZZC.exe 518 kB 10/30/14, 7:10:37 PM
$R4K9UME.dll 39.5 MB 10/30/14, 7:10:42 PM
$R53K2XN.dll 418 kB 10/30/14, 7:10:41 PM
$R5WUEZ0.exe 1.1 MB 10/30/14, 7:10:39 PM
$R642CQ6.exe 836 kB 10/30/14, 7:10:39 PM
$R65H52H.lnk 2.1 kB 11/6/14, 5:41:52 PM
$R67LHKI.dll 369 kB 10/30/14, 7:10:40 PM
$R78XMW0.ini 178 B 10/14/14, 8:06:34 PM
$R7OL4LB.exe 468 kB 10/30/14, 7:10:39 PM
$R8MZA2U.json 2.0 kB 10/14/14, 8:07:37 PM
$R9D4RU0.md5 2.7 kB 10/30/14, 7:10:45 PM
$R9OCUYW.dll 589 kB 10/30/14, 7:10:41 PM
$RAEESUI.dll 1.2 MB 10/30/14, 7:10:41 PM
$RANB3Z0.dll 300 kB 10/30/14, 7:10:42 PM
$RC9DAIU.dll 3.2 MB 10/30/14, 7:10:41 PM
$RCKWDRT.dll 2.6 MB 10/30/14, 7:10:43 PM
$RCMKXO1.dll 2.1 MB 10/30/14, 7:10:41 PM
$RDAFZGZ.dll 557 kB 10/30/14, 7:10:42 PM
$RDB4216.dll 437 kB 10/30/14, 7:10:41 PM
$REPF5MR.dll 48.2 kB 10/30/14, 7:10:43 PM
$RETOYQC.pem 272 B 10/14/14, 8:07:57 PM
$RF93KUK.exe 78.7 kB 10/30/14, 7:10:40 PM
$RF9A8WA.exe 200 kB 10/30/14, 7:10:39 PM
$RGXA44N.dll 504 kB 10/30/14, 7:10:44 PM
$RH0CICV 306 B 11/6/14, 5:41:38 PM
$RHBEYT1.dll 982 kB 10/30/14, 7:10:42 PM
$RHQRE2S.pak 10.6 MB 10/14/14, 8:07:32 PM
$RI84KDC.json 334 kB 10/14/14, 8:06:40 PM
$RKLJYVE.dll 563 kB 10/30/14, 7:10:44 PM
$RMY12KX.dll 398 kB 10/30/14, 7:10:42 PM
$RNWUE2K.dll 486 kB 10/30/14, 7:10:44 PM
$RPWPDHO.lnk 2.0 kB 11/6/14, 5:41:39 PM
$RPXI42K.exe 563 kB 10/30/14, 7:10:39 PM
$RQ8NNES.ini 1.8 kB 10/14/14, 8:07:39 PM
$RQKCQQF.dll 2.0 MB 10/14/14, 8:07:32 PM
$RQLDS8X.dll 3.1 MB 10/14/14, 8:07:33 PM
$RQRIJS9.json 271 kB 10/14/14, 8:07:05 PM
$RR1J2AM.exe 640 kB 10/30/14, 7:10:39 PM
$RR6MM4X.exe 1.3 MB 10/30/14, 7:10:40 PM
$RRV1NAZ.dll 9.5 MB 10/30/14, 7:10:43 PM
$RS2DWA5.dll 79.9 kB 10/14/14, 8:07:33 PM
$RSHM769.dll 142 kB 10/30/14, 7:10:40 PM
$RTQABFR.dll 135 kB 10/14/14, 8:07:59 PM
$RUIPTN3.dll 697 kB 10/30/14, 7:10:43 PM
$RURHV4D.json 246 kB 10/14/14, 8:06:40 PM
$RUZ2ZL9.dll 1.2 MB 10/30/14, 7:10:43 PM
$RVFUH2M.ini 281 B 10/14/14, 8:08:01 PM
$RVPHBE2.dll 411 kB 10/14/14, 8:07:59 PM
$RVTGEKF.dll 95.2 kB 10/30/14, 7:10:43 PM
$RVYIOX9.exe 955 kB 10/30/14, 7:10:40 PM
$RX1PB4T.dll 3.9 MB 10/14/14, 8:07:31 PM
$RXB3IHR.xml 2.3 kB 10/14/14, 8:07:22 PM
$RXUA4QZ.dll 36.2 kB 10/30/14, 7:10:42 PM
$RXVS4XY.dll 1.9 MB 10/30/14, 7:10:43 PM
$RYGJDRH.exe 167 kB 10/30/14, 7:10:38 PM
$RYR2SRV.ini 46 B 10/14/14, 8:07:39 PM
$RYU1PCW.pak 1.1 MB 10/14/14, 8:07:32 PM
$RZU5CHV.json 182 kB 10/30/14, 7:10:16 PM
desktop.ini 129 B 11/8/14, 9:48:26 PM
[parent directory]
$R1F9V3Z/ 10/30/14, 7:10:46 PM
$R681GT0/ 11/6/14, 5:41:39 PM
$RC6LYS2/ 10/30/14, 7:10:46 PM
$RHOA48O/ 11/8/14, 10:26:39 PM
$RKSH57C/ 11/10/14, 7:11:34 PM
$RLB3518/ 11/6/14, 5:41:46 PM
$RLSYVMV/ 10/30/14, 7:10:46 PM
$RXVMLUL/ 11/6/14, 5:41:39 PM
$RYCJQVM/ 11/7/14, 12:09:12 AM
$I13ZU5D.dll 544 B 11/10/14, 7:11:32 PM
$I1F9V3Z 544 B 11/10/14, 7:11:32 PM
$I1YZWNM.dll 544 B 11/10/14, 7:11:32 PM
$I25X9D4.ini 544 B 11/10/14, 7:11:32 PM
$I3HNBXU.dll 544 B 11/10/14, 7:11:32 PM
$I3NO91E.dll 544 B 11/10/14, 7:11:32 PM
$I48K9CR.exe 544 B 11/10/14, 7:11:34 PM
$I49ZZZC.exe 544 B 11/10/14, 7:11:32 PM
$I4K9UME.dll 544 B 11/10/14, 7:11:32 PM
$I53K2XN.dll 544 B 11/10/14, 7:11:32 PM
$I5WUEZ0.exe 544 B 11/10/14, 7:11:32 PM
$I642CQ6.exe 544 B 11/10/14, 7:11:32 PM
$I65H52H.lnk 544 B 11/10/14, 7:11:39 PM
$I67LHKI.dll 544 B 11/10/14, 7:11:32 PM
$I681GT0 544 B 11/10/14, 7:11:32 PM
$I78XMW0.ini 544 B 11/10/14, 7:11:31 PM
$I7OL4LB.exe 544 B 11/10/14, 7:11:31 PM
$I8MZA2U.json 544 B 11/10/14, 7:11:31 PM
$I9D4RU0.md5 544 B 11/10/14, 7:11:32 PM
$I9OCUYW.dll 544 B 11/10/14, 7:11:32 PM
$IAEESUI.dll 544 B 11/10/14, 7:11:32 PM
$IANB3Z0.dll 544 B 11/10/14, 7:11:32 PM
$IC6LYS2 544 B 11/10/14, 7:11:32 PM
$IC9DAIU.dll 544 B 11/10/14, 7:11:32 PM
$ICKWDRT.dll 544 B 11/10/14, 7:11:31 PM
$ICMKXO1.dll 544 B 11/10/14, 7:11:32 PM
$IDAFZGZ.dll 544 B 11/10/14, 7:11:32 PM
$IDB4216.dll 544 B 11/10/14, 7:11:32 PM
$IEPF5MR.dll 544 B 11/10/14, 7:11:32 PM
$IETOYQC.pem 544 B 11/10/14, 7:11:32 PM
$IF93KUK.exe 544 B 11/10/14, 7:11:34 PM
$IF9A8WA.exe 544 B 11/10/14, 7:11:31 PM
$IGXA44N.dll 544 B 11/10/14, 7:11:34 PM
$IH0CICV 544 B 11/10/14, 7:11:32 PM
$IHBEYT1.dll 544 B 11/10/14, 7:11:32 PM
$IHOA48O 544 B 11/10/14, 7:11:34 PM
$IHQRE2S.pak 544 B 11/10/14, 7:11:33 PM
$II84KDC.json 544 B 11/10/14, 7:11:34 PM
$IKLJYVE.dll 544 B 11/10/14, 7:11:34 PM
$IKSH57C 544 B 11/10/14, 7:11:39 PM
$ILB3518 544 B 11/10/14, 7:11:34 PM
$ILSYVMV 544 B 11/10/14, 7:11:32 PM
$IMY12KX.dll 544 B 11/10/14, 7:11:32 PM
$INWUE2K.dll 544 B 11/10/14, 7:11:32 PM
$IPWPDHO.lnk 544 B 11/10/14, 7:11:34 PM
$IPXI42K.exe 544 B 11/10/14, 7:11:32 PM
$IQ8NNES.ini 544 B 11/10/14, 7:11:32 PM
$IQKCQQF.dll 544 B 11/10/14, 7:11:32 PM
$IQLDS8X.dll 544 B 11/10/14, 7:11:32 PM
$IQRIJS9.json 544 B 11/10/14, 7:11:34 PM
$IR1J2AM.exe 544 B 11/10/14, 7:11:31 PM
$IR6MM4X.exe 544 B 11/10/14, 7:11:32 PM
$IRV1NAZ.dll 544 B 11/10/14, 7:11:32 PM
$IS2DWA5.dll 544 B 11/10/14, 7:11:34 PM
$ISHM769.dll 544 B 11/10/14, 7:11:32 PM
$ITQABFR.dll 544 B 11/10/14, 7:11:32 PM
$IUIPTN3.dll 544 B 11/10/14, 7:11:32 PM
$IURHV4D.json 544 B 11/10/14, 7:11:34 PM
$IUZ2ZL9.dll 544 B 11/10/14, 7:11:32 PM
$IVFUH2M.ini 544 B 11/10/14, 7:11:32 PM
$IVPHBE2.dll 544 B 11/10/14, 7:11:32 PM
$IVTGEKF.dll 544 B 11/10/14, 7:11:32 PM
$IVYIOX9.exe 544 B 11/10/14, 7:11:32 PM
$IX1PB4T.dll 544 B 11/10/14, 7:11:32 PM
$IXB3IHR.xml 544 B 11/10/14, 7:11:31 PM
$IXUA4QZ.dll 544 B 11/10/14, 7:11:32 PM
$IXVMLUL 544 B 11/10/14, 7:11:34 PM
$IXVS4XY.dll 544 B 11/10/14, 7:11:32 PM
$IYCJQVM 544 B 11/10/14, 7:11:36 PM
$IYGJDRH.exe 544 B 11/10/14, 7:11:32 PM
$IYR2SRV.ini 544 B 11/10/14, 7:11:32 PM
$IYU1PCW.pak 544 B 11/10/14, 7:11:32 PM
$IZU5CHV.json 544 B 11/10/14, 7:11:34 PM
$R13ZU5D.dll 756 kB 10/14/14, 8:07:59 PM
$R1YZWNM.dll 268 kB 10/30/14, 7:10:44 PM
$R25X9D4.ini 704 B 10/14/14, 8:06:32 PM
$R3HNBXU.dll 836 kB 10/30/14, 7:10:41 PM
$R3NO91E.dll 593 kB 10/30/14, 7:10:40 PM
$R48K9CR.exe 3.7 MB 10/30/14, 7:10:46 PM
$R49ZZZC.exe 518 kB 10/30/14, 7:10:37 PM
$R4K9UME.dll 39.5 MB 10/30/14, 7:10:42 PM
$R53K2XN.dll 418 kB 10/30/14, 7:10:41 PM
$R5WUEZ0.exe 1.1 MB 10/30/14, 7:10:39 PM
$R642CQ6.exe 836 kB 10/30/14, 7:10:39 PM
$R65H52H.lnk 2.1 kB 11/6/14, 5:41:52 PM
$R67LHKI.dll 369 kB 10/30/14, 7:10:40 PM
$R78XMW0.ini 178 B 10/14/14, 8:06:34 PM
$R7OL4LB.exe 468 kB 10/30/14, 7:10:39 PM
$R8MZA2U.json 2.0 kB 10/14/14, 8:07:37 PM
$R9D4RU0.md5 2.7 kB 10/30/14, 7:10:45 PM
$R9OCUYW.dll 589 kB 10/30/14, 7:10:41 PM
$RAEESUI.dll 1.2 MB 10/30/14, 7:10:41 PM
$RANB3Z0.dll 300 kB 10/30/14, 7:10:42 PM
$RC9DAIU.dll 3.2 MB 10/30/14, 7:10:41 PM
$RCKWDRT.dll 2.6 MB 10/30/14, 7:10:43 PM
$RCMKXO1.dll 2.1 MB 10/30/14, 7:10:41 PM
$RDAFZGZ.dll 557 kB 10/30/14, 7:10:42 PM
$RDB4216.dll 437 kB 10/30/14, 7:10:41 PM
$REPF5MR.dll 48.2 kB 10/30/14, 7:10:43 PM
$RETOYQC.pem 272 B 10/14/14, 8:07:57 PM
$RF93KUK.exe 78.7 kB 10/30/14, 7:10:40 PM
$RF9A8WA.exe 200 kB 10/30/14, 7:10:39 PM
$RGXA44N.dll 504 kB 10/30/14, 7:10:44 PM
$RH0CICV 306 B 11/6/14, 5:41:38 PM
$RHBEYT1.dll 982 kB 10/30/14, 7:10:42 PM
$RHQRE2S.pak 10.6 MB 10/14/14, 8:07:32 PM
$RI84KDC.json 334 kB 10/14/14, 8:06:40 PM
$RKLJYVE.dll 563 kB 10/30/14, 7:10:44 PM
$RMY12KX.dll 398 kB 10/30/14, 7:10:42 PM
$RNWUE2K.dll 486 kB 10/30/14, 7:10:44 PM
$RPWPDHO.lnk 2.0 kB 11/6/14, 5:41:39 PM
$RPXI42K.exe 563 kB 10/30/14, 7:10:39 PM
$RQ8NNES.ini 1.8 kB 10/14/14, 8:07:39 PM
$RQKCQQF.dll 2.0 MB 10/14/14, 8:07:32 PM
$RQLDS8X.dll 3.1 MB 10/14/14, 8:07:33 PM
$RQRIJS9.json 271 kB 10/14/14, 8:07:05 PM
$RR1J2AM.exe 640 kB 10/30/14, 7:10:39 PM
$RR6MM4X.exe 1.3 MB 10/30/14, 7:10:40 PM
$RRV1NAZ.dll 9.5 MB 10/30/14, 7:10:43 PM
$RS2DWA5.dll 79.9 kB 10/14/14, 8:07:33 PM
$RSHM769.dll 142 kB 10/30/14, 7:10:40 PM
$RTQABFR.dll 135 kB 10/14/14, 8:07:59 PM
$RUIPTN3.dll 697 kB 10/30/14, 7:10:43 PM
$RURHV4D.json 246 kB 10/14/14, 8:06:40 PM
$RUZ2ZL9.dll 1.2 MB 10/30/14, 7:10:43 PM
$RVFUH2M.ini 281 B 10/14/14, 8:08:01 PM
$RVPHBE2.dll 411 kB 10/14/14, 8:07:59 PM
$RVTGEKF.dll 95.2 kB 10/30/14, 7:10:43 PM
$RVYIOX9.exe 955 kB 10/30/14, 7:10:40 PM
$RX1PB4T.dll 3.9 MB 10/14/14, 8:07:31 PM
$RXB3IHR.xml 2.3 kB 10/14/14, 8:07:22 PM
$RXUA4QZ.dll 36.2 kB 10/30/14, 7:10:42 PM
$RXVS4XY.dll 1.9 MB 10/30/14, 7:10:43 PM
$RYGJDRH.exe 167 kB 10/30/14, 7:10:38 PM
$RYR2SRV.ini 46 B 10/14/14, 8:07:39 PM
$RYU1PCW.pak 1.1 MB 10/14/14, 8:07:32 PM
$RZU5CHV.json 182 kB 10/30/14, 7:10:16 PM
desktop.ini 129 B 11/8/14, 9:48:26 PM
Reply With Quote


  #17  
Old November 12th, 2014, 12:09 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
No, no need to post all that.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #18  
Old November 12th, 2014, 02:59 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
I tyed to open security essentials.. Got an error box saying trouble with the installation.. So went to control pane programs.. Was not listed. Here is the log...Again Thankyou..

ComboFix 14-11-11.01 - xxx 11/11/2014 17:46:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.5775 [GMT -8:00]
Running from: c:\users\xxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-10-12 to 2014-11-12 )))))))))))))))))))))))))))))))
.
.
2014-11-12 01:51 . 2014-11-12 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-11 20:58 . 2014-11-11 20:59 -------- d-----w- c:\program files (x86)\Winamp
2014-11-11 16:49 . 2014-11-11 16:50 -------- d-----w- c:\users\DefaultAppPool
2014-11-11 16:15 . 2014-11-11 16:15 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-11-11 16:15 . 2014-11-11 16:15 -------- d-----w- c:\windows\system32\BestPractices
2014-11-11 16:15 . 2014-11-11 16:15 -------- d-----w- C:\inetpub
2014-11-11 16:11 . 2014-10-20 10:37 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2D5EEF-1946-4BE9-923D-B8E30716C5F9}\mpengine.dll
2014-11-11 15:20 . 2014-11-11 22:14 -------- d-----w- c:\program files\Everything
2014-11-11 15:05 . 2014-11-11 15:07 -------- d-----w- C:\AdwCleaner
2014-11-11 15:02 . 2014-11-11 15:02 -------- d-----w- c:\windows\ERUNT
2014-11-11 04:23 . 2014-11-11 04:23 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-11-11 03:14 . 2014-11-11 03:27 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-11 03:13 . 2014-11-11 03:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-11 03:13 . 2014-11-11 03:13 -------- d-----w- c:\programdata\Malwarebytes
2014-11-11 03:13 . 2014-10-01 19:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-11 03:13 . 2014-10-01 19:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-11 03:13 . 2014-10-01 19:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-10 06:18 . 2014-11-10 06:19 -------- d-----w- c:\program files (x86)\AVS4YOU
2014-11-09 06:04 . 2014-11-09 06:04 -------- d-----w- c:\program files (x86)\Dokan
2014-11-09 05:48 . 2014-11-09 05:48 -------- d-----w- c:\windows\system32\wbem\Logs
2014-11-07 18:40 . 2014-11-10 09:39 -------- d-----w- c:\windows\Logs
2014-11-07 16:45 . 2014-11-07 16:45 -------- d-----w- c:\program files (x86)\Black List Software
2014-11-07 15:54 . 2014-11-11 08:57 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-07 15:54 . 2014-11-07 15:54 -------- d-----w- c:\programdata\RogueKiller
2014-11-07 06:33 . 2014-11-07 06:33 -------- d-----w- C:\found.000
2014-11-07 01:45 . 2014-11-07 08:16 -------- d-----w- C:\mo music
2014-11-06 08:25 . 2014-11-11 16:09 -------- d-----w- c:\program files (x86)\ClamWin
2014-11-06 05:07 . 2014-11-06 05:07 -------- d-----w- c:\users\Guest
2014-11-06 05:07 . 2014-11-06 05:07 -------- d-----w- c:\users\Administrator
2014-11-06 05:06 . 2014-11-06 05:06 2065 ----a-w- c:\windows\patsearch.bin
2014-11-06 03:16 . 2014-11-06 03:18 -------- d-----w- C:\convert
2014-11-06 01:05 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2014-11-06 01:05 . 2006-09-29 00:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2014-11-06 01:05 . 2014-11-06 01:05 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2014-11-06 00:41 . 2014-11-06 00:41 -------- dc----w- c:\windows\system32\DRVSTORE
2014-11-06 00:41 . 2012-10-04 00:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-11-06 00:40 . 2014-11-06 00:40 -------- d-----w- c:\program files\iPod
2014-11-06 00:40 . 2014-11-06 00:41 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-06 00:35 . 2014-11-06 00:35 -------- d-----w- c:\program files (x86)\QuickTime
2014-11-06 00:35 . 2014-11-06 00:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-11-06 00:35 . 2014-11-06 00:40 -------- d-----w- c:\programdata\Apple
2014-11-06 00:35 . 2014-11-06 00:35 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-11-06 00:34 . 2014-11-07 07:37 -------- d-----w- C:\benny tunes
2014-11-05 21:01 . 2012-11-02 00:14 11776 ------w- c:\windows\system32\imdsksvc.exe
2014-11-05 17:21 . 2014-11-11 04:12 -------- d-----w- c:\program files (x86)\Aurora
2014-11-05 16:55 . 2014-11-11 15:33 -------- d-----w- C:\my temp work
2014-11-05 16:38 . 2014-11-05 16:38 -------- d-----w- C:\[BOOT]
2014-11-05 16:35 . 2014-11-05 16:35 -------- d-----w- c:\users\Public\CyberLink
2014-11-05 16:31 . 2014-11-05 16:32 -------- d-----w- C:\Hiren's.BootCD.15.2
2014-11-05 16:13 . 2014-11-05 16:27 -------- d-----w- C:\Hirens.BootCD.15.2
2014-11-05 16:10 . 2014-11-05 16:10 -------- d-----w- c:\program files\7-Zip
2014-11-04 14:22 . 2014-11-04 14:22 -------- d-----w- c:\programdata\ATI
2014-11-04 14:15 . 2014-11-04 14:15 -------- d-----w- c:\program files (x86)\AMD AVT
2014-11-04 14:14 . 2014-11-04 14:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-11-04 14:14 . 2014-11-06 05:07 -------- d-----w- c:\programdata\AMD
2014-11-04 14:13 . 2014-11-04 14:13 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-11-04 14:13 . 2014-11-04 14:13 -------- d-----w- c:\programdata\Package Cache
2014-11-04 09:30 . 2014-11-04 14:17 -------- d-----w- C:\AMD
2014-11-03 17:28 . 2014-11-03 17:30 -------- d-----w- C:\dupes
2014-11-03 17:17 . 2014-11-03 17:17 -------- d-----w- c:\program files (x86)\Duplicate Music Files Finder
2014-11-03 16:25 . 2010-10-13 14:42 2369456 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.o cx
2014-11-03 16:25 . 2010-08-21 05:53 86016 ----a-w- c:\windows\SysWow64\mtSplitter.ocx
2014-11-03 16:25 . 2010-06-01 22:45 1005088 ----a-w- c:\windows\SysWow64\TList8.ocx
2014-11-03 16:25 . 2010-03-25 18:33 171752 ----a-w- c:\windows\SysWow64\mtRTF2.ocx
2014-11-03 16:25 . 2009-10-13 08:02 44736 ----a-w- c:\windows\SysWow64\mtSubclass.dll
2014-11-03 16:25 . 2014-11-03 16:25 -------- d-----w- c:\program files (x86)\GetFoldersize
2014-11-03 09:09 . 2014-11-03 09:09 -------- d-----w- c:\program files (x86)\ExtenDev
2014-11-03 08:57 . 2014-11-03 08:58 -------- d-----w- c:\programdata\AVS4YOU
2014-11-03 08:56 . 2011-06-22 19:32 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2014-11-03 08:56 . 2011-06-22 19:32 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2014-11-03 08:56 . 2011-06-22 19:32 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2014-11-03 08:56 . 2011-06-22 19:32 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2014-11-03 08:56 . 2011-06-22 19:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2014-11-03 08:56 . 2014-11-06 02:25 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2014-11-03 08:39 . 2009-07-14 12:15 1386496 ----a-w- c:\windows\SysWow64\temp.008
2014-11-03 08:39 . 2009-07-14 10:43 16896 ----a-w- c:\windows\SysWow64\temp.007
2014-11-03 08:39 . 2013-10-12 13:03 163840 ----a-w- c:\windows\SysWow64\temp.006
2014-11-03 08:39 . 2009-07-14 12:15 1386496 ----a-w- c:\windows\SysWow64\temp.005
2014-11-03 08:39 . 2009-07-14 10:43 16896 ----a-w- c:\windows\SysWow64\temp.004
2014-11-03 08:39 . 2013-10-12 13:03 163840 ----a-w- c:\windows\SysWow64\temp.003
2014-11-03 03:37 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-11-03 03:37 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-11-03 03:23 . 2014-11-03 03:23 2887680 ----a-w- C:\Suspicious Driver
2014-11-02 01:30 . 2014-11-02 01:30 -------- d-----w- c:\program files (x86)\Fast Monster ltd
2014-11-01 15:20 . 2009-07-14 11:15 1386496 ----a-w- c:\windows\SysWow64\temp.002
2014-11-01 15:20 . 2009-07-14 09:43 16896 ----a-w- c:\windows\SysWow64\temp.001
2014-11-01 15:20 . 2013-10-12 12:03 163840 ----a-w- c:\windows\SysWow64\temp.000
2014-11-01 15:20 . 2004-03-09 08:00 124688 ----a-w- c:\windows\SysWow64\Mswinsck.ocx
2014-11-01 15:20 . 2014-01-27 17:42 34304 ----a-w- c:\windows\SysWow64\NTSVC.ocx
2014-11-01 15:20 . 2014-11-03 09:13 -------- d-----w- c:\program files (x86)\Dr Prot Antivirus
2014-11-01 03:47 . 2014-11-11 04:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-01 03:10 . 2014-11-06 07:57 -------- d-----w- c:\program files (x86)\Google
2014-11-01 03:01 . 2014-11-01 03:02 -------- d-----w- c:\programdata\Recovery
2014-11-01 02:40 . 2014-11-04 16:28 -------- d-----w- C:\tunes
2014-11-01 02:28 . 2014-11-01 02:28 -------- d-----w- c:\programdata\VS Revo Group
2014-11-01 02:28 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-11-01 02:28 . 2014-11-01 02:28 -------- d-----w- c:\program files\VS Revo Group
2014-11-01 02:25 . 2014-11-01 02:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-11-01 02:25 . 2014-11-01 02:25 -------- d-----w- c:\program files\Microsoft Security Client
2014-11-01 02:11 . 2014-11-09 02:46 -------- d-----w- c:\users\xxx
2014-11-01 02:11 . 2014-11-01 02:11 -------- d-----w- c:\program files (x86)\Microsoft Mathematics
2014-10-30 08:49 . 2014-10-30 08:49 -------- d-----w- c:\users\Public\Symantec
2014-10-30 08:49 . 2014-10-30 08:49 -------- d-----w- c:\program files (x86)\SymSilent
2014-10-30 08:48 . 2014-11-01 13:45 -------- d-----w- c:\programdata\Norton
2014-10-30 08:47 . 2014-11-01 02:12 -------- d-----r- c:\program files\Online Services
2014-10-30 08:46 . 2014-11-01 02:30 -------- d-----w- c:\program files (x86)\Microsoft
2014-10-30 08:45 . 2014-10-30 08:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-10-30 08:44 . 2014-11-09 05:45 -------- d-----w- c:\program files (x86)\Windows Live
2014-10-30 08:44 . 2014-11-04 16:46 -------- d-----w- c:\windows\PCHEALTH
2014-10-30 08:44 . 2014-11-05 04:30 -------- d-----w- c:\program files\Windows Live
2014-10-30 08:44 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2014-10-30 08:44 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2014-10-30 08:44 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2014-10-30 08:44 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-10-30 08:44 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-10-30 08:44 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2014-10-30 08:43 . 2014-10-30 08:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-10-30 08:43 . 2014-10-30 08:43 -------- d-----w- c:\program files (x86)\PDF Complete
2014-10-30 08:43 . 2011-08-12 16:54 20968 ----a-w- c:\windows\system32\pdfc_port.dll
2014-10-30 08:43 . 2014-11-01 14:46 -------- d-----w- c:\programdata\PDFC
2014-10-30 08:42 . 2009-03-09 22:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2014-10-30 08:42 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2014-10-30 08:41 . 2011-03-26 02:21 22056 ----a-w- c:\windows\system32\btwcoins.dll
2014-10-30 08:40 . 2014-10-30 08:42 -------- d-----w- c:\programdata\TouchSmartData
2014-10-30 08:40 . 2014-10-30 08:40 -------- d-----w- c:\program files (x86)\PlayReady
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-11-01 13:46 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-30 08:02 . 2014-10-30 08:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-10-30 07:59 . 2014-10-30 07:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2014-10-30 07:59 . 2014-10-30 07:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2014-08-16 07:35 . 2014-08-16 07:35 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-08-16 07:35 . 2014-08-16 07:35 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2008-06-20 15:00 . 2008-06-20 15:00 1411584 ----a-w- c:\program files (x86)\Setup1.msi
2008-06-20 14:59 . 2008-06-20 14:59 344064 ----a-w- c:\program files (x86)\setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R2 SparkSvc;Baidu Spark Service;c:\program files (x86)\baidu\Spark\sparkservice.exe;c:\program files (x86)\baidu\Spark\sparkservice.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c :\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c :\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revofl t.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SparkUpdater;Baidu Spark Updater;c:\program files (x86)\Baidu\SparkUpdate\Sparkupdate.exe;c:\program files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 CalendarSynchService;CalendarSynchService;c:\progr am files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys; c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c :\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-06 07:57 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Inst aller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06 07:57]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06 07:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2014-08-06 1441792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: cinemanow.com
Trusted Zone: hp.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profi les\msiix1yg.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110611331111} - c:\program files (x86)\TheTorntv V10\TheTorntv V10-bho64.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p dfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-11 17:52:58
ComboFix-quarantined-files.txt 2014-11-12 01:52
.
Pre-Run: 881,429,557,248 bytes free
Post-Run: 881,497,051,136 bytes free
.
- - End Of File - - 5EA2BEFE1566869F6AE0DF73052784CB
A36C5E4F47E84449FF07ED3517B43A31
Reply With Quote
  #19  
Old November 13th, 2014, 12:39 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete SparkSvc

sc delete SparkUpdater


You should get a confirmation that the servies have been delete. Then type exit and press Enter to close that display.

----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #20  
Old November 13th, 2014, 02:31 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
Got conformation on both deletes..Also can I uninstall combofix..Here is the log..
Thankyou
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-12 17:25:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA630 rev.JP4OA41A 931.51GB
Running: 1qex0h7x.exe; Driver: C:\Users\xxx\AppData\Local\Temp\kxldipow.sys

---- Processes - GMER 2.1 ----

Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED2D5EEF-1946-4BE9-923D-B8E30716C5F9}\mpengine.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [784] (Microsoft Malware Protection Engine/Microsoft Corporation(2014-11-11 16:11:25) 000007fef9500000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\d0df9ade8992
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\d0df9ade8992 (not active ControlSet)

---- EOF - GMER 2.1 ----
Reply With Quote
  #21  
Old November 14th, 2014, 12:12 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
We will do cleaning up when we are done here.

Never have seen Gmer pick up on Security Essentials before. Please uninstall Security Essentials, reboot, then run and post a new Gmer scan log please. Just hold off on installing any antivirus please.
Reply With Quote
  #22  
Old November 14th, 2014, 02:24 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
I do not know if that is good or bad.. I had mentioned when we did combofix that it told me it was running.. It was not in taskbar If I go open and all programs and try to open I get an error box saying there was trouble with initiating the program.. Tryed to find again threw control panel not there.. I opened revo it does not show it..Everything seach shows a "LINK" to it in the start up menu but still cannot open says problem with program... This is what happens as time goes by.. Diffrent programs maybe but same senairieo ..Thankyou.. Like I said about anti malware bytes I have paid program never seen so many issues before....I will wait to hear before doing anything..
Reply With Quote
  #23  
Old November 14th, 2014, 04:09 PM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
Morning.. Went to start computer.. Got blue screen..Tryed to boot from a rescue disk.. It acted like it was going to boot got past windows screen monitor just black .. Did windows start up repair. Ran for quite awhile rebooted back to blue screen .Started last known good configuration.. That is where I am it booted..I will stop there.. This is how it goes...I will try to keep from restarting..
Reply With Quote
  #24  
Old November 15th, 2014, 12:10 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
At Startup of the computer, tap the F8 key about once every 1/2 second. Then select:

Last Known Good Configuration

If Windows does not boot successfully after that, again tap the F8 key, and select Safe Mode. Post back an update after please.
Reply With Quote
  #25  
Old November 15th, 2014, 12:15 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
Thanks thats what I did...That is what I am using....
Reply With Quote
  #26  
Old November 15th, 2014, 12:25 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
Quote:
Thanks thats what I did...That is what I am using....
Does that mean none of those steps worked?
Reply With Quote
  #27  
Old November 15th, 2014, 12:28 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
Sorry I thought I posted it..That is what finally worked was going to last known good configuration..
Reply With Quote
  #28  
Old November 15th, 2014, 12:32 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
Okay, good. Need to look more.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including a reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

-----------

Download Malwarebytes Anti-Rootkit (MBAR) from HERE.

Unzip downloaded file, and wait for MBar to open. If it doesn't, open the folder where the contents were unzipped to your desktop and run mbar.exe.

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt.
Reply With Quote
  #29  
Old November 15th, 2014, 12:47 AM
shovelhead shovelhead is offline
Member
 
Join Date: Nov 2014
Posts: 36
Again I can not access security essentials..It shows in the start menu if I try to open I get a error box that says..An error has occurred in the program during initialzation.If this problem continues, please contact your system administrator..

Error code: 0x80073b01

It does not show up in programs threw control panel.. Or in Revo uninstall. If I use search everything it shows a "link" to the start menu. There is no error message in the action center.. I will go ahead and run scans if you want..I have not persue trying to install new or how to remove this one.. while working with you..
Reply With Quote
  #30  
Old November 15th, 2014, 02:24 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,005
Download and run this removal tool.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:01 AM.