Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

December 20th, 2013, 09:33 PM
chillgv
New Member
Join Date: Dec 2013
O/S: Windows 7 64-bit
Posts: 8
Question Can't do updates. Change passwords. or update drivers.

This computer has to have some sort of virus. I can not change the name. Or delete an old account it just reverts back to gonzales. I can not do any mircosoft updates. I can not download any drivers. Blah blah blah....
And I bought this as is. Under the cash log in cpu worked great at first. But under the other it pauses., repeates actionss. Can not load programs. etc.
Please help me.
Thank you Trying to chill. Been working on this for 2 days.
Thank you in advance.
Lead on. kcco
December 20th, 2013, 10:07 PM
chillgv
New Member
Join Date: Dec 2013
O/S: Windows 7 64-bit
Posts: 8
here is my frst.txt log,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Guest (administrator) on CHILLBAR on 20-12-2013 14:44:16
Running from C:\Users\Guest\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-17] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-02-18] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2290337541 484756&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2290337541 484756&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {0AC277E0-493D-44B6-9AF6-B72BAFB9E97D} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={search Terms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYY Y^YY^US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer]

FF ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default
FF Homepage: hxxp://www.ask.com/?l=dis&o=2159&gct=hp
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=OVO2&o=2159&locale=en _US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_ptnrs=%5EA2E&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: Instrument Test - C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default\Extensions\testpilot@labs.m ozilla.com.xpi

CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{googl e:sourceId}{google:instantExtendedEnabledParameter }{google:omniboxStartMarginParameter}ie={inputEnco ding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledP arameter}{google:ntpIsThemedParameter}ie={inputEnc oding}
CHR Extension: (Google Docs) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\
CHR Extension: (Google Wallet) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\
CHR Extension: (Gmail) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1

==================== Services (Whitelisted) =================

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-08-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8227216 2012-08-20] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-20 14:44 - 2013-12-20 14:45 - 00009421 _____ C:\Users\Guest\Downloads\FRST.txt
2013-12-20 14:43 - 2013-12-20 14:43 - 00000000 ____D C:\FRST
2013-12-20 14:41 - 2013-12-20 14:42 - 02193141 _____ (Farbar) C:\Users\Guest\Downloads\FRST64.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.3.Run.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global (1).DiagCab
2013-12-19 15:19 - 2013-12-19 15:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.2.Run.exe
2013-12-19 15:18 - 2013-12-19 15:18 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global. DiagCab
2013-12-19 15:16 - 2013-12-19 15:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.malware.FI SC.50310914526261282.1.1.Run.exe
2013-12-19 14:41 - 2013-12-19 14:43 - 03192224 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp47397.exe
2013-12-19 14:40 - 2013-12-19 14:44 - 10160848 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp48922.exe
2013-12-19 14:36 - 2013-12-19 14:39 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-12-19 14:34 - 2013-12-19 14:36 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-19 14:33 - 2013-12-19 14:44 - 00000000 ____D C:\swsetup
2013-12-19 14:33 - 2013-12-19 14:33 - 01201944 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52509.exe
2013-12-19 14:32 - 2013-12-19 14:37 - 31042496 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp51613.exe
2013-12-19 14:32 - 2013-12-19 14:33 - 02320384 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp57448.exe
2013-12-19 14:32 - 2013-12-19 14:32 - 01592176 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52407.exe
2013-12-19 14:27 - 2013-12-19 14:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-19 14:27 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-19 14:25 - 2013-12-19 14:26 - 04427776 _____ C:\Users\Guest\Downloads\HPSupportSolutionsFramewo rk.msi
2013-12-02 10:42 - 2013-12-02 10:42 - 00023346 _____ C:\Users\Guest\Desktop\combofix.txt
2013-12-02 10:28 - 2013-12-02 10:28 - 00023346 _____ C:\ComboFix.txt
2013-12-02 08:31 - 2013-12-02 10:28 - 00000000 ____D C:\Qoobox
2013-12-02 08:31 - 2013-12-02 10:28 - 00000000 ____D C:\ComboFix
2013-12-02 08:31 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 08:31 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 08:31 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 08:31 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 08:30 - 2013-12-02 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-02 08:10 - 2013-12-02 08:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 07:56 - 2013-12-02 07:57 - 00819184 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2013-12-01 20:45 - 2013-12-01 20:45 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 20:38 - 2013-12-01 20:38 - 00000000 ____D C:\Program Files\iPod
2013-12-01 20:37 - 2013-12-01 20:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 20:37 - 2013-12-01 20:45 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 20:37 - 2013-12-01 20:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 20:04 - 2013-12-01 20:04 - 00000079 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.html
2013-12-01 20:03 - 2013-12-01 20:03 - 00916254 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.bmp
2013-12-01 20:01 - 2013-12-01 20:03 - 00000000 ____D C:\ProgramData\WRData
2013-12-01 19:42 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-01 19:42 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-01 19:42 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-01 19:41 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-01 18:28 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2013-12-01 18:28 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2013-12-01 18:28 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-12-01 18:27 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-12-01 18:27 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-12-01 18:27 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-12-01 18:27 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-12-01 18:27 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-12-01 18:27 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-12-01 18:27 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-01 18:27 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-12-01 18:27 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-12-01 18:27 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-01 18:27 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-12-01 18:27 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-01 18:27 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-12-01 18:27 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-12-01 18:27 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-01 18:27 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-12-01 18:27 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-12-01 18:27 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-12-01 18:27 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-12-01 18:27 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-01 18:27 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-01 17:46 - 2013-12-01 17:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2013-12-01 16:56 - 2013-01-04 00:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-01 16:55 - 2013-01-13 13:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-01 16:55 - 2013-01-13 13:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-01 16:55 - 2013-01-04 00:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-01 16:54 - 2013-01-13 15:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 15:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 16:54 - 2013-01-13 14:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 16:54 - 2013-01-13 13:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-01 16:54 - 2013-01-13 13:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-01 16:54 - 2013-01-13 13:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-01 16:54 - 2013-01-13 12:32 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-01 16:53 - 2013-01-13 14:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-01 16:53 - 2013-01-13 14:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-01 16:53 - 2013-01-13 14:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-01 16:53 - 2013-01-13 14:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-01 16:53 - 2013-01-13 13:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-01 16:53 - 2013-01-13 13:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-01 16:53 - 2013-01-13 13:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-01 16:53 - 2013-01-13 13:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-01 16:53 - 2013-01-13 13:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-01 16:53 - 2013-01-13 13:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-01 16:53 - 2013-01-13 13:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-01 16:53 - 2013-01-13 13:43 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-01 16:53 - 2013-01-13 13:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-01 16:53 - 2013-01-13 13:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-01 16:53 - 2013-01-13 13:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-01 16:53 - 2013-01-13 13:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-01 16:53 - 2013-01-13 13:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-01 16:53 - 2013-01-13 13:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-01 16:53 - 2013-01-13 13:15 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-01 16:53 - 2013-01-13 13:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-01 16:53 - 2013-01-13 12:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-01 16:53 - 2013-01-13 12:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-01 16:53 - 2013-01-13 11:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-01 16:53 - 2013-01-13 11:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-01 16:44 - 2012-12-07 07:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-01 16:44 - 2012-12-07 07:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-01 16:44 - 2012-12-07 06:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-01 16:44 - 2012-12-07 06:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-01 16:44 - 2012-12-07 05:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-01 16:44 - 2012-12-07 05:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-01 16:44 - 2012-12-07 05:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-01 16:44 - 2012-12-07 04:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-01 16:43 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-01 16:43 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-01 16:43 - 2013-08-28 20:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-01 16:43 - 2013-08-28 20:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-01 16:43 - 2013-08-28 19:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-01 16:43 - 2013-08-28 19:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-01 16:43 - 2013-04-25 17:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-01 16:43 - 2013-03-31 16:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-01 16:43 - 2013-03-18 23:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-01 16:43 - 2013-03-18 23:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-01 16:43 - 2012-11-29 23:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-01 16:43 - 2012-11-29 23:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-01 16:43 - 2012-11-29 23:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-01 16:43 - 2012-11-29 23:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-01 16:43 - 2012-11-29 23:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 23:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-01 16:43 - 2012-11-29 22:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 22:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 21:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-01 16:43 - 2012-11-29 20:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 20:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-01 16:43 - 2012-11-29 17:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-01 16:43 - 2012-11-29 17:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-01 16:43 - 2012-08-24 12:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-01 16:43 - 2012-08-24 12:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-01 16:43 - 2012-08-24 12:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-01 16:43 - 2012-08-24 12:04 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-01 16:43 - 2012-08-24 12:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-01 16:43 - 2012-08-24 10:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-01 16:43 - 2012-08-24 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-01 16:42 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dl l
2013-12-01 16:42 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-01 16:42 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-01 16:42 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dl l
2013-12-01 16:42 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-01 16:42 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-01 16:42 - 2013-09-13 19:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-01 16:42 - 2013-09-07 20:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-01 16:42 - 2013-09-07 20:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-01 16:42 - 2013-09-07 20:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-01 16:42 - 2013-08-28 20:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-01 16:42 - 2013-08-28 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-01 16:42 - 2013-08-28 19:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-01 16:42 - 2013-08-28 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-01 16:42 - 2013-08-28 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-01 16:42 - 2013-08-28 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-01 16:42 - 2013-08-28 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-01 16:42 - 2013-08-04 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-01 16:42 - 2013-07-04 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-01 16:42 - 2013-07-04 06:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-01 16:42 - 2013-07-04 05:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-01 16:42 - 2013-07-04 05:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-01 16:42 - 2013-07-04 04:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-01 16:42 - 2013-03-18 23:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-01 16:42 - 2013-03-18 22:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-01 16:42 - 2013-03-18 21:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-01 16:42 - 2013-01-03 23:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-01 16:42 - 2013-01-03 00:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-01 16:42 - 2012-11-21 23:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-01 16:42 - 2012-11-21 22:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-01 16:37 - 2013-05-09 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-01 16:37 - 2013-05-09 22:49 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-01 16:37 - 2013-05-09 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-01 16:36 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-01 16:36 - 2013-01-24 00:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-12-20 14:45 - 2013-12-20 14:44 - 00009421 _____ C:\Users\Guest\Downloads\FRST.txt
2013-12-20 14:45 - 2010-10-01 12:23 - 01248046 _____ C:\Windows\WindowsUpdate.log
2013-12-20 14:44 - 2012-10-02 10:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 14:43 - 2013-12-20 14:43 - 00000000 ____D C:\FRST
2013-12-20 14:42 - 2013-12-20 14:41 - 02193141 _____ (Farbar) C:\Users\Guest\Downloads\FRST64.exe
2013-12-20 14:42 - 2012-11-13 09:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 14:42 - 2009-07-13 22:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 14:42 - 2009-07-13 22:45 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 14:16 - 2012-11-13 09:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 14:16 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 14:16 - 2009-07-13 22:51 - 00050517 _____ C:\Windows\setupact.log
2013-12-19 15:21 - 2013-12-19 15:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.3.Run.exe
2013-12-19 15:21 - 2013-12-19 15:21 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global (1).DiagCab
2013-12-19 15:19 - 2013-12-19 15:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.wu.FISC.50 310914526261282.1.2.Run.exe
2013-12-19 15:18 - 2013-12-19 15:18 - 00162010 _____ C:\Users\Guest\Downloads\DIAG_MATS_NETWORK_global. DiagCab
2013-12-19 15:16 - 2013-12-19 15:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\MicrosoftFixit.malware.FI SC.50310914526261282.1.1.Run.exe
2013-12-19 14:55 - 2012-10-02 16:41 - 00117188 _____ C:\Windows\PFRO.log
2013-12-19 14:44 - 2013-12-19 14:40 - 10160848 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp48922.exe
2013-12-19 14:44 - 2013-12-19 14:33 - 00000000 ____D C:\swsetup
2013-12-19 14:43 - 2013-12-19 14:41 - 03192224 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp47397.exe
2013-12-19 14:41 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-19 14:39 - 2013-12-19 14:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2013-12-19 14:37 - 2013-12-19 14:32 - 31042496 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp51613.exe
2013-12-19 14:36 - 2013-12-19 14:34 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-19 14:33 - 2013-12-19 14:33 - 01201944 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52509.exe
2013-12-19 14:33 - 2013-12-19 14:32 - 02320384 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp57448.exe
2013-12-19 14:32 - 2013-12-19 14:32 - 01592176 _____ (Hewlett-Packard ) C:\Users\Guest\Downloads\sp52407.exe
2013-12-19 14:27 - 2013-12-19 14:27 - 00000000 ____D C:\Program Files (x86)\Hp
2013-12-19 14:26 - 2013-12-19 14:25 - 04427776 _____ C:\Users\Guest\Downloads\HPSupportSolutionsFramewo rk.msi
2013-12-19 14:26 - 2009-07-13 23:13 - 00783234 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 14:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-19 13:27 - 2012-12-26 22:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-12-02 10:42 - 2013-12-02 10:42 - 00023346 _____ C:\Users\Guest\Desktop\combofix.txt
2013-12-02 10:28 - 2013-12-02 10:28 - 00023346 _____ C:\ComboFix.txt
2013-12-02 10:28 - 2013-12-02 08:31 - 00000000 ____D C:\Qoobox
2013-12-02 10:28 - 2013-12-02 08:31 - 00000000 ____D C:\ComboFix
2013-12-02 10:28 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2013-12-02 10:12 - 2013-12-02 08:30 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:07 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-02 08:14 - 2012-10-03 08:22 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2013-12-02 08:10 - 2013-12-02 08:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 08:10 - 2012-11-13 09:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-02 07:57 - 2013-12-02 07:56 - 00819184 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2013-12-01 20:50 - 2012-12-26 21:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-01 20:45 - 2013-12-01 20:45 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 20:45 - 2013-12-01 20:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 20:45 - 2013-12-01 20:37 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 20:44 - 2013-12-01 20:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 20:38 - 2013-12-01 20:38 - 00000000 ____D C:\Program Files\iPod
2013-12-01 20:12 - 2012-12-10 17:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-01 20:04 - 2013-12-01 20:04 - 00000079 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.html
2013-12-01 20:03 - 2013-12-01 20:03 - 00916254 _____ C:\Users\Guest\Desktop\WSA_SA_Report-Sun_2013-12-01_20-03-58.bmp
2013-12-01 20:03 - 2013-12-01 20:01 - 00000000 ____D C:\ProgramData\WRData
2013-12-01 19:59 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-01 19:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-01 19:12 - 2012-10-03 10:11 - 00772372 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-01 18:40 - 2012-10-03 07:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-01 17:49 - 2012-10-02 10:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-01 17:49 - 2012-10-02 10:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 17:49 - 2012-10-02 10:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-01 17:48 - 2013-01-02 15:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2013-12-01 17:46 - 2013-12-01 17:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-19 13:54

==================== End Of Log ============================
December 21st, 2013, 11:00 AM
schrauber
schrauber schrauber is offline
CTH Subscriber
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, chillgv
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.

Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
December 21st, 2013, 11:13 AM
chillgv
New Member
Join Date: Dec 2013
O/S: Windows 7 64-bit
Posts: 8
Hi Tom thank you for helping. I had run that as well. Do I need to run it again. I have not changed anything.

ComboFix 13-12-18.01 - Guest 12/02/2013 8:33.1.4 - x64
Running from: f:\wayne\ComboFix.exe
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
2013-12-02 16:04 . 2013-12-02 16:04 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-12-02 16:04 . 2013-12-02 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 02:38 . 2013-12-02 02:38 -------- d-----w- c:\program files\iPod
2013-12-02 02:37 . 2013-12-02 02:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 02:37 . 2013-12-02 02:45 -------- d-----w- c:\program files\iTunes
2013-12-02 02:37 . 2013-12-02 02:44 -------- d-----w- c:\program files (x86)\iTunes
2013-12-02 02:01 . 2013-12-02 02:03 -------- d-----w- c:\programdata\WRData
2013-12-02 01:42 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-02 01:42 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-02 01:42 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-02 01:42 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-02 01:41 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\windows\Migration
2013-12-02 00:28 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-12-02 00:28 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2013-12-02 00:28 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2013-12-02 00:28 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-12-01 23:46 . 2013-12-01 23:46 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2013-12-01 22:56 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-12-01 22:55 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-12-01 22:55 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-01 22:55 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-01 22:54 . 2013-01-13 19:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-01 22:54 . 2013-01-13 18:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-01 22:54 . 2013-01-13 21:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:32 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:17 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:17 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:16 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 19:20 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-01 22:54 . 2013-01-13 19:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-12-01 22:44 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs
2013-12-01 22:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-12-01 22:42 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-01 22:37 . 2013-05-10 05:49 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-12-01 22:37 . 2013-05-10 05:49 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-12-01 22:37 . 2013-05-10 05:49 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-12-01 22:37 . 2013-05-10 04:49 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-12-01 22:37 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-12-01 22:37 . 2013-05-10 04:49 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-12-01 22:37 . 2013-05-10 04:49 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-12-01 22:37 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-12-01 22:36 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-12-01 22:36 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2013-12-02 01:59 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2013-12-01 23:49 . 2012-10-02 16:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 23:49 . 2012-10-02 16:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2012-10-02 16:52 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-09-12 03:21 . 2013-09-12 03:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 03:21 . 2013-09-12 03:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 03:21 . 2013-09-12 03:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2013-09-12 03:21 . 2013-09-12 03:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-12 01:39 . 2013-09-12 01:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-08-24 56128]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-02-18 162912]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c :\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3 dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c :\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys; c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStor A.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStor F.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c: \windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windo ws\SYSNATIVE\Hpservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c :\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c :\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\wi ndows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\wi ndows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys; c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys; c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdp md64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\w indows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_dr iver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_dr iver_Intel.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-02 14:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-10-02 23:49]
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 15:23]
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 15:23]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-20 392472]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-10-20 416024]
------- Supplementary Scan -------
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer =
FF - ProfilePath - c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=2159&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=OVO2&o=2159&locale=en _US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_ptnrs=%5EA2E&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-ooVoo.exe - c:\program files (x86)\ooVoo\oovoo.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,1 1,
"{F34C9277-6577-4DFF-B2D7-7D58092F272F}"=hex:51,66,7a,6c,4c,1d,38,12,19,91,5 f,
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0 b,
"{11111111-1111-1111-1111-110211181106}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,0 2,
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,c c,
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,9 6,
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,2 3,
"{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}"=hex:51,66,7a,6c,4c,1d,38,12,ce,9e,f e,
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,4 7,
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,1 6,
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f 9,
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,c9,85 ,b2,ed,0e,cd,4f,ad,12,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,c9,85 ,b2,ed,0e,cd,4f,ad,12,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_9_900_170_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_9_900_170_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
Completion time: 2013-12-02 10:28:19
ComboFix-quarantined-files.txt 2013-12-02 16:28
Pre-Run: 272,035,463,168 bytes free
Post-Run: 272,020,070,400 bytes free
- - End Of File - - C1960B273B7612B43F3647E035761C68
December 21st, 2013, 11:39 AM
chillgv
New Member
Join Date: Dec 2013
O/S: Windows 7 64-bit
Posts: 8
I dont think I had the check mark off for all hidden folders. So I ran it again for you.
Sorry. Here it is as requested.
Thank you again.

ComboFix 13-12-20.01 - Guest 12/21/2013 4:29.2.4 - x64
Running from: c:\users\Guest\Downloads\ComboFix.exe
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
2013-12-21 10:36 . 2013-12-21 10:36 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-12-21 10:36 . 2013-12-21 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-20 20:48 . 2013-12-04 01:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44D1137F-F2D9-40D1-AD2C-5862E0AD6AAA}\mpengine.dll
2013-12-20 20:43 . 2013-12-20 20:43 -------- d-----w- C:\FRST
2013-12-19 20:36 . 2013-12-19 20:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Hewlett-Packard
2013-12-19 20:34 . 2013-12-19 20:36 -------- d-----w- c:\windows\Hewlett-Packard
2013-12-19 20:33 . 2013-12-19 20:44 -------- d-----w- C:\swsetup
2013-12-19 20:27 . 2013-12-19 20:41 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2013-12-19 20:27 . 2013-12-19 20:27 -------- d-----w- c:\program files (x86)\Hp
2013-12-19 19:23 . 2013-12-04 01:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-02 02:38 . 2013-12-02 02:38 -------- d-----w- c:\program files\iPod
2013-12-02 02:37 . 2013-12-02 02:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 02:37 . 2013-12-02 02:45 -------- d-----w- c:\program files\iTunes
2013-12-02 02:37 . 2013-12-02 02:44 -------- d-----w- c:\program files (x86)\iTunes
2013-12-02 02:01 . 2013-12-02 02:03 -------- d-----w- c:\programdata\WRData
2013-12-02 01:42 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-02 01:42 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-02 01:42 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-02 01:42 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-02 01:41 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\windows\Migration
2013-12-02 00:28 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-12-02 00:28 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2013-12-02 00:28 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2013-12-02 00:28 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-12-01 23:46 . 2013-12-01 23:46 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2013-12-01 22:56 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-12-01 22:55 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-12-01 22:55 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-12-01 22:55 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-12-01 22:54 . 2013-01-13 19:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-01 22:54 . 2013-01-13 18:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-01 22:54 . 2013-01-13 21:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:32 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:17 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:17 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 21:16 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 20:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-01 22:54 . 2013-01-13 19:20 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-12-01 22:54 . 2013-01-13 19:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-12-01 22:44 . 2012-12-07 11:20 43520 ----a-w- c:\windows\system32\csrr.rs
2013-12-01 22:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-12-01 22:42 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-01 22:37 . 2013-05-10 05:49 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-12-01 22:37 . 2013-05-10 05:49 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-12-01 22:37 . 2013-05-10 05:49 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-12-01 22:37 . 2013-05-10 04:49 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-12-01 22:37 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-12-01 22:37 . 2013-05-10 04:49 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-12-01 22:37 . 2013-05-10 04:49 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-12-01 22:37 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-12-01 22:36 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-12-01 22:36 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2013-12-02 01:59 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2013-12-01 23:49 . 2012-10-02 16:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 23:49 . 2012-10-02 16:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2012-10-02 16:52 267936 ------w- c:\windows\system32\MpSigStub.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
2012-12-29 06:52 220632 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\SkyDriveShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c :\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3 dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c :\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys; c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windo ws\SYSNATIVE\Hpservice.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStor A.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStor F.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c: \windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c :\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\wi ndows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\wi ndows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys; c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys; c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdp md64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\w indows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_dr iver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_dr iver_Intel.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-02 14:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-10-02 23:49]
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 15:23]
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-13 15:23]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
2012-12-29 06:52 244696 ----a-w- c:\users\Guest\AppData\Local\Microsoft\SkyDrive\16 .4.6013.0910\amd64\SkyDriveShell64.dll
------- Supplementary Scan -------
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer =
FF - ProfilePath - c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\qzkx0dvq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=2159&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=OVO2&o=2159&locale=en _US&apn_uid=c11c51ff-718a-46db-9294-8d0037060eba&apn_ptnrs=%5EA2E&apn_sauid=5BFCC1FA-97D4-4EE9-9EB8-6A23317BD356&apn_dtid=%5EYYYYYY%5EYY%5EUS&&q=
- - - - ORPHANS REMOVED - - - -
Toolbar-10 - (no file)
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,1 1,
"{F34C9277-6577-4DFF-B2D7-7D58092F272F}"=hex:51,66,7a,6c,4c,1d,38,12,19,91,5 f,
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0 b,
"{11111111-1111-1111-1111-110211181106}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,0 2,
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,c c,
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,9 6,
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,2 3,
"{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}"=hex:51,66,7a,6c,4c,1d,38,12,ce,9e,f e,
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,4 7,
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,1 6,
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f 9,
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,c9,85 ,b2,ed,0e,cd,4f,ad,12,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,c9,85 ,b2,ed,0e,cd,4f,ad,12,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_9_900_170_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_9_900_170_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_170.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
Completion time: 2013-12-21 04:38:04
ComboFix-quarantined-files.txt 2013-12-21 10:38
ComboFix2.txt 2013-12-02 16:28
Pre-Run: 269,019,545,600 bytes free
Post-Run: 268,714,033,152 bytes free
- - End Of File - - A392AD8BABCB8DCCF9F0D75E978D5F58
December 22nd, 2013, 07:50 AM
schrauber
schrauber schrauber is offline
CTH Subscriber
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Also please post back with a fresh FRST logfile and tell me how the system is running.
December 23rd, 2013, 11:07 PM
# AdwCleaner v3.016 - Report created 23/12/2013 at 16:02:21
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Guest - CHILLBAR
# Running from : C:\Users\Guest\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\Owner\AppData\LocalLow\searchresultstb
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\8tghhvgz.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\8tghhvgz.default\searchplugins\Search_Result s.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandi ngtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandi ngtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RAS API32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RAS MANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI 32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMAN CS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASA PI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASM ANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI3 2
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANC S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{392DE650-A1E6-4FB3-A5A4-21285DE225BD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\8tghhvgz.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&apn_uid=2290337541484756&o=AP N10645&q=");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup


AdwCleaner[R0].txt - [4317 octets] - [23/12/2013 16:00:59]
AdwCleaner[S0].txt - [4287 octets] - [23/12/2013 16:02:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4347 octets] ##########
MiniToolBox by Farbar Version: 18-12-2013
Ran by Guest (administrator) on 21-12-2013 at 13:53:00
Running from "C:\Users\Guest\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
************************************************** *************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

set global icmpredirects=enabled

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : ChillBar
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-90-FB-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-90-FB-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::941a:f079:cd8c:c54%12(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Lease Obtained. . . . . . . . . . : Saturday, December 21, 2013 4:06:59 AM
Lease Expires . . . . . . . . . . : Sunday, December 22, 2013 1:30:05 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 318776085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-37-DF-3D-78-AC-C0-4D-E9-C2
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-AC-C0-4D-E9-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {D1C4CA2F-1F93-44B3-A4EF-ACC9086BC55B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cdf:302:9304:e1c6(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cdf:302:9304:e1c6%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A598D621-EA5B-4522-97EC-0BB4D0A29169}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{96A6E7DB-EF22-4F33-A50B-E8797E4BD580}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal

Name: google.com
Addresses: 2607:f8b0:4000:801::1005

Pinging google.com [] with 32 bytes of data:
Reply from bytes=32 time=29ms TTL=54
Reply from bytes=32 time=28ms TTL=54

Ping statistics for
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server: homeportal

Name: yahoo.com

Pinging yahoo.com [] with 32 bytes of data:
Reply from bytes=32 time=139ms TTL=46
Reply from bytes=32 time=126ms TTL=46

Ping statistics for
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 126ms, Maximum = 139ms, Average = 132ms

Pinging with 32 bytes of data:
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

Ping statistics for
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
================================================== =========================
Interface List
17...00 23 15 90 fb fd ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 15 90 fb fc ......Intel(R) Centrino(R) Advanced-N 6250 AGN
10...78 ac c0 4d e9 c2 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
================================================== =========================

IPv4 Route Table
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric 26 On-link 306 On-link 306 On-link 306 On-link 281 On-link 281 On-link 281 On-link 306 On-link 281 On-link 306 On-link 281
================================================== =========================
Persistent Routes:

IPv6 Route Table
================================================== =========================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:5ef5:79fd:3cdf:302:9304:e1c6/128
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::3cdf:302:9304:e1c6/128
12 281 fe80::941a:f079:cd8c:c54/128
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
================================================== =========================
Persistent Routes:
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

System errors:

Microsoft Office Sessions:

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version:
Apple Software Update (Version:
Bonjour (Version:
BrowseSmart (Version: 2013.12.06.205904)
CyberLink YouCam (Version: 4.1.1417)
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version:
HP Support Solutions Framework (Version: 11.50.0000)
iCloud (Version:
Intel(R) Rapid Storage Technology (Version:
Intel(R) Turbo Boost Technology Driver (Version:
iTunes (Version:
Malwarebytes Anti-Malware version (Version:
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 16.0 (x86 en-US) (Version: 16.0)
Mozilla Maintenance Service (Version: 16.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Open It! (Version: 1.1.1)
Realtek HDMI Audio Driver for ATI (Version:
Realtek PC Camera (Version: 6.2.8400.10181)
Synaptics Pointing Device Driver (Version:
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Zip Opener
VLC media player 2.0.3 (Version: 2.0.3)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Zip Opener Packages

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3893.86 MB
Available physical RAM: 2116.03 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5992.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.83 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:295.98 GB) (Free:251.8 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

========================= Users: ========================================

User accounts for \\CHILLBAR

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

Could not list Restore Points.

**** End of log ****
why are you posting the log from minitoolbox 3 times? I did not ask for minitoolbox

Plesae run the 2 scans that are missing from my previous instructions
