13 replies to this topic

[beanpharmer]

Thank you for taking the time to review my malware problem. 

 

Recently have started to have pop-ups appear for something called "nginx!"

Additionally, my anti-virus software (have been using Microsoft Security Center) will not load, stating that it is "blocked by group policy".

 

Downloaded and ran Malwarebytes' Anti-Malware (mwam).

1st result listed >30 threats.  Upon quarenteening (sorry for my spelling), and then re-running scan. results show zbot Trojans and I am still unable to open my anti-virus software due to the "blocked by group".

 

Will include in the following posts the following logs:

 

mwam.txt

dds.txt

checkup.txt

[beanpharmer]

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 8/12/2014

Scan Time: 7:51:36 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.12.12

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: David Hurley

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 287209

Time Elapsed: 2 min, 38 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 1

Trojan.Ransom.Gen, HKU\S-1-5-21-2212714806-3058594603-2526137448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OnihQusya, regsvr32.exe "C:\ProgramData\OnihQusya\OnihQusya.dat", Quarantined, [813bfbca542775c1891ff04d36ceb64a]

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 4

Trojan.Zbot.CXgen, C:\ProgramData\Windows Genuine Advantage\{4F26A8C6-A005-4363-9A40-5591CF04D575}\msiexec.exe, Quarantined, [dfdd71547605e452de76a570c938b848],

Trojan.Zbot.gen, C:\Users\David Hurley\AppData\Local\Temp\UpdateFlashPlayer_db001e21.exe, Quarantined, [9a22f9ccb1cac3737dc0712b7e83dd23],

Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1305550418.job, Quarantined, [3e7e1aabc8b34cead4743cce956f6997],

Trojan.Ransom.Gen, C:\ProgramData\OnihQusya\OnihQusya.dat, Quarantined, [813bfbca542775c1891ff04d36ceb64a],

Physical Sectors: 0

(No malicious items detected)

[beanpharmer]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by David Hurley at 20:21:22 on 2014-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.14283.11553 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
"svchost.exe"
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
"C:\Windows\SysWOW64\svchost.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\SysWOW64\svchost.exe"
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
uRun: [Rysaawumzaq] "C:\Users\David Hurley\AppData\Roaming\Yfehixyr\avfatii.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] "C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe"
mRun: [Rysaawumzaq] "C:\Users\David Hurley\AppData\Roaming\Yfehixyr\avfatii.exe"
dRun: [20090604] C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.rpd"
mExplorerRun: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] "C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1D2FE840-8B7F-4B23-A40E-213929CA25E6} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-11-27 577496]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-27 26072]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-11-27 225280]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-11-27 7168]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-21 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-21 16941856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-26 413128]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-21 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-8-15 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-11-27 38536]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-20 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-19 406632]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-20 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-15 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="D:/Games/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="D:/Games/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-08-12 23:27:12 -------- d-----w- C:\Users\David Hurley\AppData\Roaming\Yfehixyr
2014-08-12 23:23:54 -------- d-----w- C:\ProgramData\OnihQusya
2014-08-12 22:49:37 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-12 22:49:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-12 22:49:15 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-12 22:49:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-12 19:27:49 -------- d-sh--w- C:\Users\David Hurley\AppData\Local\EmieUserList
2014-08-12 19:27:49 -------- d-sh--w- C:\Users\David Hurley\AppData\Local\EmieSiteList
2014-08-12 15:24:34 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{009AD185-1929-43F9-AAA6-F1AC7279088C}\mpengine.dll
2014-08-12 15:16:51 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-08-12 15:14:18 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-08-12 15:14:18 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-08-12 15:14:18 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-08-12 15:14:18 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-08-12 15:14:18 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-08-12 15:14:18 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-08-12 15:14:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-08-12 15:14:16 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-08-12 15:14:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-08-12 15:14:13 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-08-12 15:14:13 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-08-12 11:57:40 -------- d-----w- C:\Users\David Hurley\AppData\Roaming\Isihvi
2014-08-12 02:33:39 255524 ----a-w- C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe
2014-08-11 22:17:25 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-06 22:13:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-06 22:00:49 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-03 22:43:09 -------- d-----w- C:\ProgramData\52a53f
2014-08-03 21:41:57 -------- d-----w- C:\Users\David Hurley\AppData\Roaming\52a53f
2014-08-03 21:41:56 -------- d-----w- C:\Users\David Hurley\AppData\Local\52a53f
2014-08-03 21:41:55 -------- d-----w- C:\Users\David Hurley\AppData\Local\browser_dir
.
==================== Find3M ====================
.
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-19 23:10:44 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 20:21:29.16 ===============

[beanpharmer]

Results of screen317's Security Check version 0.99.86
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[nasdaq]

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--

• Download & SAVE to your Desktop For 32bit system or For 64bit system
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

=======

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the Report button and the report will open in Notepad.

IMPORTANT

• If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Check off the element(s) you wish to keep.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

[beanpharmer]

-RogueKiller-

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David Hurley [Admin rights]
Mode : Remove -- Date : 08/13/2014 22:38:20

¤¤¤ Bad processes : 8 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]

¤¤¤ Registry Entries : 10 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {0d46ffa6-6f79-f5af-81ac-2441fc43a414} : "C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe" [x] -> DELETED
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Rysaawumzaq : "C:\Users\David Hurley\AppData\Roaming\Yfehixyr\avfatii.exe" [x] -> DELETED
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2212714806-3058594603-2526137448-1000\Software\Microsoft\Windows\CurrentVersion\Run | Rysaawumzaq : "C:\Users\David Hurley\AppData\Roaming\Yfehixyr\avfatii.exe" [x] -> DELETED
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2212714806-3058594603-2526137448-1000\Software\Microsoft\Windows\CurrentVersion\Run | Rysaawumzaq : "C:\Users\David Hurley\AppData\Roaming\Yfehixyr\avfatii.exe" -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2212714806-3058594603-2526137448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2212714806-3058594603-2526137448-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA M4-CT256M4SSD2 SCSI Disk Device +++++
--- User ---
[MBR] f87ee5c9adaad568041f3997f85adf12
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244196 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA WDC WD1002FAEX-0 SCSI Disk Device +++++
--- User ---
[MBR] 43d05087c4fcc2f03ca28b93703eab07
[BSP] d20e643e4d567da39e90f15f3a2b267b : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_08132014_223658.log


-AdwCleaner-

# AdwCleaner v3.305 - Report created 13/08/2014 at 22:45:33
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : David Hurley - DHURL109907
# Running from : C:\Users\David Hurley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\David Hurley\AppData\LocalLow\iac

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1034 octets] - [13/08/2014 22:43:09]
AdwCleaner[S0].txt - [965 octets] - [13/08/2014 22:45:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1024 octets] ##########

-Farbar Recovery Scan Tool (64 bit)-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by David Hurley (administrator) on DHURL109907 on 13-08-2014 22:48:41
Running from C:\Users\David Hurley\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543912 2012-10-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2012-10-22] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-09-14] (Intel Corporation)
HKLM-x32\...\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ()
HKLM Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ( ())
HKU\.DEFAULT\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.rpd"
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8E16F0879864CA01
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2012-10-22] (DTS, Inc)
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.)
R2 HPSLPSVC; D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-30] (Hewlett-Packard Co.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-09-14] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-09-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2008-12-18] ()
S3 cpusat64; \??\C:\Program Files (x86)\Intel Corporation\Power Thermal Utility for SandyBridgeE Processor Rev 2.0\cpusat64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:48 - 2014-08-13 22:48 - 00009473 _____ () C:\Users\David Hurley\Desktop\FRST.txt
2014-08-13 22:48 - 2014-08-13 22:48 - 00000000 ____D () C:\FRST
2014-08-13 22:47 - 2014-08-13 22:48 - 00001104 _____ () C:\Users\David Hurley\Desktop\AdwCleaner[S0].txt
2014-08-13 22:47 - 2014-08-13 22:47 - 00000000 ___RD () C:\Users\David Hurley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-13 22:43 - 2014-08-13 22:45 - 00000000 ____D () C:\AdwCleaner
2014-08-13 22:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 22:40 - 2014-08-13 22:40 - 00004040 _____ () C:\Users\David Hurley\Desktop\RKreport[1].txt
2014-08-13 22:32 - 2014-08-13 22:32 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-13 22:32 - 2014-08-13 22:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-13 22:30 - 2014-08-13 22:30 - 02100224 _____ (Farbar) C:\Users\David Hurley\Desktop\FRST64.exe
2014-08-13 22:27 - 2014-08-13 22:27 - 01356107 _____ () C:\Users\David Hurley\Desktop\AdwCleaner.exe
2014-08-13 22:24 - 2014-08-13 22:24 - 05392984 _____ () C:\Users\David Hurley\Desktop\RogueKillerX64.exe
2014-08-12 20:26 - 2014-08-12 20:26 - 00001808 _____ () C:\Users\David Hurley\Desktop\mwam.txt
2014-08-12 20:24 - 2014-08-12 20:24 - 00000823 _____ () C:\Users\David Hurley\Desktop\checkup.txt
2014-08-12 20:21 - 2014-08-12 20:22 - 00016068 _____ () C:\Users\David Hurley\Desktop\dds.txt
2014-08-12 20:21 - 2014-08-12 20:21 - 00004453 _____ () C:\Users\David Hurley\Desktop\attach.txt
2014-08-12 20:17 - 2014-08-12 20:17 - 00854410 _____ () C:\Users\David Hurley\Desktop\SecurityCheck.exe
2014-08-12 20:16 - 2014-08-12 20:16 - 00688992 ____R (Swearware) C:\Users\David Hurley\Desktop\dds.com
2014-08-12 19:27 - 2014-08-12 19:50 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\Yfehixyr
2014-08-12 19:23 - 2014-08-12 19:55 - 00000000 ____D () C:\ProgramData\OnihQusya
2014-08-12 18:49 - 2014-08-12 20:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 18:49 - 2014-08-12 18:49 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 18:49 - 2014-08-12 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 18:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 18:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-12 18:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 __SHD () C:\Users\David Hurley\AppData\Local\EmieUserList
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 __SHD () C:\Users\David Hurley\AppData\Local\EmieSiteList
2014-08-12 11:27 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-12 11:27 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-12 11:27 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-12 11:27 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-12 11:27 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-12 11:27 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-12 11:27 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-12 11:27 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-12 11:27 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-12 11:27 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-12 11:27 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-12 11:27 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-12 11:27 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-12 11:27 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-12 11:27 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-12 11:27 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-12 11:27 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-12 11:27 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-12 11:17 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-12 11:17 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-12 11:17 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-12 11:17 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-12 11:17 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-12 11:17 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-12 11:17 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-12 11:17 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-08-12 11:17 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-08-12 11:17 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-08-12 11:17 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-08-12 11:17 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-08-12 11:17 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-08-12 11:17 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-08-12 11:17 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-08-12 11:17 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-08-12 11:17 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-08-12 11:17 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-08-12 11:17 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-08-12 11:17 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-08-12 11:17 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-08-12 11:17 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-08-12 11:17 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-08-12 11:17 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-08-12 11:17 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-08-12 11:16 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 11:16 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 11:16 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 11:16 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 11:16 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 11:16 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 11:16 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 11:16 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 11:16 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 11:16 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 11:16 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 11:16 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 11:16 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 11:16 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 11:16 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 11:16 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 11:16 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 11:16 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 11:16 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 11:16 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 11:16 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 11:16 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 11:16 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 11:16 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 11:16 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 11:16 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 11:16 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 11:16 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 11:16 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 11:16 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 11:16 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 11:16 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 11:16 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 11:16 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 11:16 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 11:16 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 11:16 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 11:16 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 11:16 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 11:16 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 11:16 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 11:16 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 11:16 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 11:16 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 11:16 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 11:16 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 11:16 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 11:16 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 11:16 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 11:16 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 11:16 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 11:16 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 11:16 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 11:16 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 11:16 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 11:16 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 11:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-12 11:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-12 11:16 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 11:16 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-12 11:16 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-12 11:16 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-12 11:16 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-12 11:16 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-12 11:16 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-12 11:16 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-12 11:16 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-12 11:16 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-12 11:16 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-12 11:16 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-12 11:16 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-12 11:16 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-12 11:16 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-12 11:16 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-12 11:16 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-12 11:16 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-12 11:16 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 11:16 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 11:16 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-12 11:16 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-12 11:16 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-12 11:16 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-12 11:16 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-12 11:16 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-12 11:16 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-12 11:16 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-12 11:16 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-12 11:16 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-12 11:16 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-12 11:16 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-12 11:16 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-12 11:16 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-12 11:16 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-12 11:16 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-12 11:16 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-12 11:16 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-12 11:16 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-12 11:16 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-12 11:16 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-12 11:16 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-08-12 11:16 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-12 11:16 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 11:16 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-08-12 11:16 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-12 11:16 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-12 11:16 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-08-12 11:16 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-12 11:16 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-12 11:16 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-12 11:16 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-12 11:16 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-12 11:16 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-12 11:14 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-12 11:14 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-12 11:14 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-12 11:14 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-12 11:14 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-12 11:14 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-12 11:14 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-12 11:14 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-12 11:14 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-12 11:14 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-12 11:14 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-12 07:59 - 2014-08-12 07:59 - 00000085 _____ () C:\Windows\wininit.ini
2014-08-12 07:57 - 2014-08-12 19:50 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\Isihvi
2014-08-12 07:54 - 2014-08-12 19:23 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-06 18:13 - 2014-08-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-06 18:00 - 2014-08-06 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 18:43 - 2014-08-03 18:43 - 00086264 _____ () C:\Users\David Hurley\Downloads\EasyDriverPro.exe
2014-08-03 18:43 - 2014-08-03 18:43 - 00000000 ____D () C:\ProgramData\52a53f
2014-08-03 17:42 - 2014-08-12 19:15 - 00000030 _____ () C:\Users\David Hurley\AppData\Roaming\497334299
2014-08-03 17:42 - 2014-08-12 19:13 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\757870676
2014-08-03 17:41 - 2014-08-12 19:50 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\3622480988
2014-08-03 17:41 - 2014-08-12 19:50 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\52a53f
2014-08-03 17:41 - 2014-08-05 13:06 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\browser_dir
2014-08-03 17:41 - 2014-08-03 17:41 - 49308698 _____ () C:\Users\David Hurley\AppData\Roaming\84542006
2014-08-03 17:41 - 2014-08-03 17:41 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\52a53f
2014-08-03 17:40 - 2014-08-12 17:20 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\391793725

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:48 - 2014-08-13 22:48 - 00009473 _____ () C:\Users\David Hurley\Desktop\FRST.txt
2014-08-13 22:48 - 2014-08-13 22:48 - 00000000 ____D () C:\FRST
2014-08-13 22:48 - 2014-08-13 22:47 - 00001104 _____ () C:\Users\David Hurley\Desktop\AdwCleaner[S0].txt
2014-08-13 22:47 - 2014-08-13 22:47 - 00000000 ___RD () C:\Users\David Hurley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-13 22:47 - 2013-04-28 01:00 - 00014641 _____ () C:\Windows\setupact.log
2014-08-13 22:47 - 2012-11-27 18:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-13 22:47 - 2011-08-15 21:25 - 00280142 _____ () C:\Windows\PFRO.log
2014-08-13 22:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 22:46 - 2012-11-27 15:42 - 01990734 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 22:45 - 2014-08-13 22:43 - 00000000 ____D () C:\AdwCleaner
2014-08-13 22:40 - 2014-08-13 22:40 - 00004040 _____ () C:\Users\David Hurley\Desktop\RKreport[1].txt
2014-08-13 22:32 - 2014-08-13 22:32 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-13 22:32 - 2014-08-13 22:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-13 22:30 - 2014-08-13 22:30 - 02100224 _____ (Farbar) C:\Users\David Hurley\Desktop\FRST64.exe
2014-08-13 22:27 - 2014-08-13 22:27 - 01356107 _____ () C:\Users\David Hurley\Desktop\AdwCleaner.exe
2014-08-13 22:26 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:26 - 2009-07-14 00:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:25 - 2009-07-14 01:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 22:24 - 2014-08-13 22:24 - 05392984 _____ () C:\Users\David Hurley\Desktop\RogueKillerX64.exe
2014-08-12 20:26 - 2014-08-12 20:26 - 00001808 _____ () C:\Users\David Hurley\Desktop\mwam.txt
2014-08-12 20:25 - 2014-08-12 18:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 20:24 - 2014-08-12 20:24 - 00000823 _____ () C:\Users\David Hurley\Desktop\checkup.txt
2014-08-12 20:22 - 2014-08-12 20:21 - 00016068 _____ () C:\Users\David Hurley\Desktop\dds.txt
2014-08-12 20:21 - 2014-08-12 20:21 - 00004453 _____ () C:\Users\David Hurley\Desktop\attach.txt
2014-08-12 20:17 - 2014-08-12 20:17 - 00854410 _____ () C:\Users\David Hurley\Desktop\SecurityCheck.exe
2014-08-12 20:16 - 2014-08-12 20:16 - 00688992 ____R (Swearware) C:\Users\David Hurley\Desktop\dds.com
2014-08-12 19:55 - 2014-08-12 19:23 - 00000000 ____D () C:\ProgramData\OnihQusya
2014-08-12 19:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PLA
2014-08-12 19:50 - 2014-08-12 19:27 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\Yfehixyr
2014-08-12 19:50 - 2014-08-12 07:57 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\Isihvi
2014-08-12 19:50 - 2014-08-03 17:41 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\3622480988
2014-08-12 19:50 - 2014-08-03 17:41 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\52a53f
2014-08-12 19:23 - 2014-08-12 07:54 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-12 19:15 - 2014-08-03 17:42 - 00000030 _____ () C:\Users\David Hurley\AppData\Roaming\497334299
2014-08-12 19:13 - 2014-08-03 17:42 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\757870676
2014-08-12 18:49 - 2014-08-12 18:49 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 18:49 - 2014-08-12 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 17:23 - 2013-12-18 23:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 17:20 - 2014-08-03 17:40 - 00000004 _____ () C:\Users\David Hurley\AppData\Roaming\391793725
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 __SHD () C:\Users\David Hurley\AppData\Local\EmieUserList
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 __SHD () C:\Users\David Hurley\AppData\Local\EmieSiteList
2014-08-12 15:26 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-12 14:38 - 2009-07-14 00:45 - 00317392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-12 14:37 - 2009-07-14 03:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-12 14:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-12 14:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-12 14:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 11:20 - 2011-08-15 22:03 - 00776408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-12 11:19 - 2012-11-27 18:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-12 11:19 - 2011-08-15 22:03 - 00002126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-12 11:19 - 2011-08-15 22:03 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-12 11:19 - 2011-08-15 22:03 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-12 07:59 - 2014-08-12 07:59 - 00000085 _____ () C:\Windows\wininit.ini
2014-08-12 07:47 - 2014-04-09 21:37 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\Battle.net
2014-08-12 07:32 - 2014-04-09 21:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-12 07:31 - 2014-04-09 21:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-12 07:27 - 2012-12-16 00:43 - 00007606 _____ () C:\Users\David Hurley\AppData\Local\resmon.resmoncfg
2014-08-11 22:34 - 2009-07-14 01:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 17:25 - 2012-12-14 14:14 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\CrashDumps
2014-08-06 18:13 - 2014-08-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-06 18:11 - 2013-04-21 00:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-06 18:00 - 2014-08-06 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 15:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 13:06 - 2014-08-03 17:41 - 00000000 ____D () C:\Users\David Hurley\AppData\Local\browser_dir
2014-08-03 18:43 - 2014-08-03 18:43 - 00086264 _____ () C:\Users\David Hurley\Downloads\EasyDriverPro.exe
2014-08-03 18:43 - 2014-08-03 18:43 - 00000000 ____D () C:\ProgramData\52a53f
2014-08-03 17:41 - 2014-08-03 17:41 - 49308698 _____ () C:\Users\David Hurley\AppData\Roaming\84542006
2014-08-03 17:41 - 2014-08-03 17:41 - 00000000 ____D () C:\Users\David Hurley\AppData\Roaming\52a53f
2014-07-29 17:56 - 2012-12-12 01:28 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

Some content of TEMP:
====================
C:\Users\David Hurley\AppData\Local\Temp\Quarantine.exe
C:\Users\David Hurley\AppData\Local\Temp\sbllerf.dll
C:\Users\David Hurley\AppData\Local\Temp\_isED4F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:50

==================== End Of Log ============================

Attached Files

•  Addition.txt   24.72KB   102 downloads

[nasdaq]

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

start

HKLM-x32\...\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ()
HKLM Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ( ())
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 cpusat64; \??\C:\Program Files (x86)\Intel Corporation\Power Thermal Utility for SandyBridgeE Processor Rev 2.0\cpusat64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
C:\Users\David Hurley\AppData\Local\Temp\sbllerf.dll
C:\Users\David Hurley\AppData\Local\Temp\_isED4F.exe
 C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe

End

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingc.../securitycheck/
===

How is the computer running now?

[beanpharmer]

Completed above steps. Requested logs will be pasted at the bottom of this post.
 
After completing previous steps, I ran Malwarebytes' Anti-Malware.  It showed, then removed 3 threats it listed as trojans.
I then ran Microsoft Security Essentials.  It opened and ran successfully.  THANK YOU! Updated MSE and ran a complete scan.  It came up with a few (less than 5) threats, which were then removed.  Restarted Windows and re-ran Malwarebytes. Results were clean.  Downloaded and Ran: Spybot-seek and destroy.  results were clean.
 
I will re-run Security Check after posting this, and paste the updated checkup.txt.

:::Fixlog:::

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-08-2014
Ran by David Hurley at 2014-08-15 07:39:43 Run:1
Running from C:\Users\David Hurley\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ()
HKLM Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{0d46ffa6-6f79-f5af-81ac-2441fc43a414}] => C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe [255524 2014-08-11] ( ())
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...r={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 cpusat64; \??\C:\Program Files (x86)\Intel Corporation\Power Thermal Utility for SandyBridgeE Processor Rev 2.0\cpusat64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
C:\Users\David Hurley\AppData\Local\Temp\sbllerf.dll
C:\Users\David Hurley\AppData\Local\Temp\_isED4F.exe
C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{0d46ffa6-6f79-f5af-81ac-2441fc43a414} => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{0d46ffa6-6f79-f5af-81ac-2441fc43a414} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
"HKCR\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"FF Plugin: @microsoft.com/GENUINE -> disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File not found.
cpusat64 => Service deleted successfully.
cpuz135 => Service deleted successfully.
C:\Users\David Hurley\AppData\Local\Temp\sbllerf.dll => Moved successfully.
C:\Users\David Hurley\AppData\Local\Temp\_isED4F.exe => Moved successfully.
Could not move "C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-15 07:41:26)<=

C:\ProgramData\Microsoft\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}\{0d46ffa6-6f79-f5af-81ac-2441fc43a414}.exe => Is moved successfully.

==== End of Fixlog ====



:::Checkup.txt:::

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[beanpharmer]

Updated checkup.txt from Security Check:

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[nasdaq]

Looking good.
If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingc...best-practices/
===

[beanpharmer]

Thank you again for your assistance.  Everything appears to be feeling much better now. I am in the process of updating all passwords, etc.

 I will be following the link in your signature to so that I may make a donation.
 
I did have one question regarding the Farbar Recovery Scan Tool  FRST.txt file that I previously posted.  Is the following line suspicious or harmful?  It was located near the mywebsearch items, which were included in the fixlist.

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en

[nasdaq]

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en

Looking OK.

Read about it.
http://www.systemloo...4A-0008C7450C4A

Is it something you used before?

Thank you for your support.

[beanpharmer]

While it is not something I have ever used to my knowledge,  knowing that it is legitimate give me peace of mind.

 

I reckon this problem is solved.

 

Thank you for the help, the info, and the resources to understand things better.

[nasdaq]

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.