MJnDenver

Honorary Members

View Profile See their activity

Posts
37
Joined
June 16, 2012
Last visited
December 29, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by MJnDenver

PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

I will uninstall it. That makes more sense to me also. I believe we're OK to close out. Thank you for all of your help!
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

I did all of that (from Java's site) - it is disabled by firefox - they say it's too vulnerable. I haven't used it or needed it in months so I'm not worried about it. ont' seem to have trouble with applets not running. I don't really like having programs on here that I don't use though - should I just uninstall it totally? Seems if it's vulnerable - and not being used - that getting rid of it completely would be smarter...what do you think?
- December 26, 2014
- 19 replies
infected? help please!

MJnDenver replied to MDnDenver's topic in Resolved Malware Removal Logs

It looks like it's going to stay at the restored settings - so I'm thinking we're good now! Thank you for all your help.
- December 26, 2014
- 18 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Already did - that's the only option available. I ran the delfix....all looks good - other than java anyway!
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

looking at my firefox settings - java is disabled because it's known to be vulnerable. I cannot enable it - which won't allow me to check whether it's working either.....
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

I went through Java's trouble shooting tips and made sure it was enabled, etc....but the tool on their site that is supposed to tell me if I have Java keeps sending me back to that trouble page. I'm not sure where else it may be disabled - I do know that I had a lot of trouble with it a while back and gave up on it....
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Kevin, I uninstalled my older version of Java, but when I installed the newest version and went to test it I get redirected back to the download page - rather than the test applet that it says I will get. I don't know if it's working or not.
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

it seems to be working better....and the fact that malwarebytes came up clean made me feel much better! It's had those same PUPs for a long time and i couldn't figure out why! Thank you so much!
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

sorry - I must've missed that one when I was copy and pasting! here is the MRSTART log. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0) Started On Thu Dec 25 18:47:15 2014 Engine: 1.1.11202.0 Signatures: 1.189.872.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 18:54:12 2014 Return code: 0 (0x0)
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

I ran Malwarebytes again - because I've had the program fix it many times and it always came back. This time it found nothing! By looking at the logs as I posted them - I see which program was removed - so I know not to download that one again! Thank you so much!
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hi! Thanks for helping me with this. I wasn't sure if you wanted me to run all of these one by one and post the logs as I went or to get them all done and then post. Because it was all in one message, I did them all and I'll post the logs - in order. If I run out of space, I'll just do a second reply. Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-12-2014 Ran by Marcia at 2014-12-25 17:21:20 Run:1 Running from C:\Users\Marcia\Desktop\MBAM 12-25 Loaded Profile: Marcia (Available profiles: Marcia) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\MountPoints2: {e230b7e5-4eb9-11e2-8d0a-30f9edb6488e} - E:\iLinker.exe S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_HCRP; \SystemRoot\system32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\system32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] Task: {4F110BDD-1AA0-4EE0-8661-D1366A75360D} - System32\Tasks\4770 => Wscript.exe C:\Users\Marcia\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION C:\Users\Marcia\AppData\Local\Temp\launchie.vbs Task: {EEA2A381-51BA-40A7-B8FE-A59C01015AE4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-3067420838-569738040-221027814-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-3067420838-569738040-221027814-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION! EmptyTemp: end ***************** "HKU\S-1-5-21-3067420838-569738040-221027814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e230b7e5-4eb9-11e2-8d0a-30f9edb6488e}" => Key deleted successfully. HKCR\CLSID\{e230b7e5-4eb9-11e2-8d0a-30f9edb6488e} => Key not found. AthBTPort => Service deleted successfully. BTATH_A2DP => Service deleted successfully. btath_avdt => Service deleted successfully. BTATH_HCRP => Service deleted successfully. BTATH_LWFLT => Service deleted successfully. BTATH_RCP => Service deleted successfully. BTATH_VDP => Service deleted successfully. BtFilter => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F110BDD-1AA0-4EE0-8661-D1366A75360D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F110BDD-1AA0-4EE0-8661-D1366A75360D}" => Key deleted successfully. C:\Windows\System32\Tasks\4770 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4770" => Key deleted successfully. "C:\Users\Marcia\AppData\Local\Temp\launchie.vbs" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEA2A381-51BA-40A7-B8FE-A59C01015AE4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA2A381-51BA-40A7-B8FE-A59C01015AE4}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully. "HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully. HKU\.DEFAULT\Software\Classes\exefile => Key not found. "HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-19\Software\Classes\exefile => Key not found. "HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-20\Software\Classes\exefile => Key not found. "HKU\S-1-5-21-3067420838-569738040-221027814-1000\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-3067420838-569738040-221027814-1000\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-21-3067420838-569738040-221027814-1000\Software\Classes\exefile => Key not found. EmptyTemp: => Removed 393.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:24:34 ==== MBAM Application Log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/25/2014 Scan Time: 5:32:03 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.25.17 Rootkit Database: v2014.12.23.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcia Scan Type: Threat Scan Result: Completed Objects Scanned: 360518 Time Elapsed: 42 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], Files: 25 PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\059d0773476e585aaab0cb05f2d35011, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0b12654c5711f7cde49ae8c25f3da38c.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0c82e5b864501f211be07075dc4be877, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2307328ea5b85f50ab61208ede74b646, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2eff0691e1573f5c0d873e9db3696c18, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\313c238dc888c75cb26d7ff7a7f4b20d.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\38e57055c77d685cb6a4002b23e54fc3, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3f10c0f0b60ea2b5efa2d3278e712442, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4d112a27a725b7d2d9e7487c4c114214.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\5d5ae10d9dbf6c32b9e724ee97183bb1.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\612dc44b76ebf053257ba62b314ae79c, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\78529f8901b92f0cd38ca25e572561b4.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7f26d2753138a5ebec0c48f6ece74ecb.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8605190db1a4b0b68eaec697f0ccabca, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\863244884c13f5f32b09296c582fbdd7.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8ac482009c24f4e3c08ceab6ad53837b, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b0d04a379326cc971538f3ecc6e4945d.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b4fc19616a211ba1ce6fdeb987d83986, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ca778d8032bff8589c9ea58165547209, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cc1cadc55dcfeab42c71ddc651b9fe75.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cfbf9dd3ed978b23c1976cf9c7fe11bc, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d46deb45f2b0c6145a71d5ed76b9c1b3, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e451021fc5c21df4aac3dabe09e5aa56.0, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ec933e0432b5461997a2523f42e1a674, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], PUP.Optional.FreeCauseTB.A, C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\tb.xml, Quarantined, [aa9a4422bfbdfe383b4f9b90f1129769], Physical Sectors: 0 (No malicious items detected) (end) ADW log # AdwCleaner v4.106 - Report created 25/12/2014 at 18:29:02 # Updated 21/12/2014 by Xplode # Database : 2014-12-21.4 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Marcia - MARCIA-VAIO # Running from : C:\Users\Marcia\Desktop\MBAM 12-25\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : YahooAUService Service Deleted : Skype C2C Service ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Marcia\Favorites\Software Folder Deleted : C:\ProgramData\Yahoo! Companion Folder Deleted : C:\ProgramData\Alawar Stargaze Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\Marcia\AppData\Local\visi_coupon Folder Deleted : C:\Users\Marcia\AppData\LocalLow\Yahoo! Companion Folder Deleted : C:\Users\Marcia\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\user.js ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\SOFTWARE\ImInstaller Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\SearchProtect Key Deleted : HKLM\SOFTWARE\Web Assistant Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2 Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v34.0.5 (x86 en-US) [upzitnok.default\prefs.js] - Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374200714400,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 25); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 25); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1419456015665"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "8DC18812127385C065F572FBC3C852E9D212ED49B660B822B7A721C9966A46B86DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "82114700"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "8115baff507912d9a0f7f497eae2f348f9fc7b3a"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63"); [upzitnok.default\prefs.js] - Line Deleted : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false); [upzitnok.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "VITIQ0QJRJGPBXSIZJ7SSB4W/5/2MT7OFM+JG3G+WFHM/K6XY53FML494T2++R2TMNXFPZZDXTV9IGJ2Y8+IUW"); -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [10500 octets] - [25/12/2014 18:20:49] AdwCleaner[s0].txt - [10466 octets] - [25/12/2014 18:29:02] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10527 octets] ########## Junkware Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by Marcia on Thu 12/25/2014 at 18:32:48.81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3067420838-569738040-221027814-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] C:\Users\Marcia\AppData\LocalLow\FCTB000062781 Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" Successfully deleted: [Empty Folder] C:\Users\Marcia\appdata\local\{513A059B-40A0-4F6A-81EA-17D00CDE7562} Successfully deleted: [Empty Folder] C:\Users\Marcia\appdata\local\{B5A9AD2A-69FD-4198-8317-D94F3BEB57ED} Successfully deleted: [Empty Folder] C:\Users\Marcia\appdata\local\{F3BEEBEB-060D-4B01-BF1B-1F15E6BC58FC} ~~~ FireFox Successfully deleted: [File] C:\Users\Marcia\AppData\Roaming\mozilla\firefox\profiles\upzitnok.default\searchplugins\search-the-web.xml Successfully deleted: [Folder] C:\Users\Marcia\AppData\Roaming\mozilla\firefox\profiles\upzitnok.default\extensions\staged Emptied folder: C:\Users\Marcia\AppData\Roaming\mozilla\firefox\profiles\upzitnok.default\minidumps [294 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 12/25/2014 at 18:41:08.17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- December 26, 2014
- 19 replies
PUP.Optional.FreeCause.TB.A

MJnDenver posted a topic in Resolved Malware Removal Logs

Hello, Every time I run MWB I get a ton of these PUP.Optional.Freecause.TB.A files. Every time I tell it to quarantine it, and it finds more every time. I'm not sure what I have downloaded that is causing this. At this point it is more annoying than anything - but since I just spent 2 days with you guys cleaning my boyfriend's computer, I thought I'd check it out before it turns to something worse. I have run FRST - the first log is pasted here: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014 Ran by Marcia (administrator) on MARCIA-VAIO on 25-12-2014 11:36:27 Running from C:\Users\Marcia\Desktop\MBAM 12-25 Loaded Profile: Marcia (Available profiles: Marcia) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Samsung) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2012-09-20] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [boxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5672184 2014-12-09] (Box, Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation) HKLM-x32\...\Run: [iSBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770728 2014-12-11] (Webroot) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [incrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-05-10] (IncrediMail, Ltd.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\RunOnce: [Adobe Speed Launcher] => 1419451593 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-3067420838-569738040-221027814-1000\...\MountPoints2: {e230b7e5-4eb9-11e2-8d0a-30f9edb6488e} - E:\iLinker.exe HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {9a216f5d-3530-3b1a-8006-9a1233402fba} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {4c3d7a5e-7476-3c21-9717-0614ce209c44} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {aa0bacc8-a5df-34b0-acd8-e6739d92010e} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {0f20db5b-365d-3cc6-82eb-41207f77bb71} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) BHO-x32: Gamers Unite! Snag Bar BHO -> {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} -> C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll () BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) Toolbar: HKLM-x32 - Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll () Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) Toolbar: HKU\S-1-5-21-3067420838-569738040-221027814-1000 -> No Name - {25515A79-C1C7-4B97-97F8-31A711694487} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default FF DefaultSearchEngine: Google FF Homepage: https://www.facebook.com/?ref=tn_tnmn|https://ecampus.phoenix.edu/portal/portal/public/login.aspx FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3067420838-569738040-221027814-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Yahoo! Toolbar - C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-23] FF Extension: Webroot Password Manager - C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-12-11] FF Extension: Gamers Unite! Snag Bar - C:\Users\Marcia\AppData\Roaming\Mozilla\Firefox\Profiles\upzitnok.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2012-12-01] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-11] FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-03] FF Extension: No Name - webrootsecure@webroot.com [Not Found] Chrome: ======= CHR Profile: C:\Users\Marcia\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-30] (Box, Inc.) S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed] R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed] R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-25] (RaMMicHaeL) R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation) R2 WiselinkPro; C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe [7262263 2012-01-18] (Samsung) [File not signed] R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770728 2014-12-11] (Webroot) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] () S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-25] () S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-12-11] (Webroot) S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_HCRP; \SystemRoot\system32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\system32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; system32\drivers\btath_vdp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-25 11:36 - 2014-12-25 11:36 - 00000000 ____D () C:\FRST 2014-12-25 11:35 - 2014-12-25 11:36 - 00000000 ____D () C:\Users\Marcia\Desktop\MBAM 12-25 2014-12-25 10:58 - 2014-12-25 10:58 - 00887336 _____ (RaMMicHaeL) C:\Users\Marcia\Downloads\unchecky_setup.exe 2014-12-25 10:58 - 2014-12-25 10:58 - 00001019 _____ () C:\Users\Public\Desktop\Unchecky.lnk 2014-12-25 10:58 - 2014-12-25 10:58 - 00000000 ____D () C:\ProgramData\Unchecky 2014-12-25 10:58 - 2014-12-25 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2014-12-25 10:58 - 2014-12-25 10:58 - 00000000 ____D () C:\Program Files (x86)\Unchecky 2014-12-25 10:57 - 2014-12-25 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-12-25 10:57 - 2014-12-25 10:58 - 00000000 ____D () C:\ProgramData\MCShield 2014-12-25 10:57 - 2014-12-25 10:57 - 02856736 _____ (MyCity) C:\Users\Marcia\Downloads\MCShield-Setup.exe 2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\Program Files (x86)\MCShield 2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-12-25 10:56 - 2014-12-25 10:56 - 02967032 _____ (Malwarebytes ) C:\Users\Marcia\Downloads\mbae-setup-1.05.1.1016.exe 2014-12-25 10:25 - 2014-12-25 10:25 - 00003138 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC 2014-12-25 10:25 - 2014-12-25 10:25 - 00002027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk 2014-12-25 10:25 - 2014-12-25 10:25 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care 2014-12-20 15:56 - 2014-12-23 20:52 - 00000000 ____D () C:\Users\Marcia\Desktop\tags 2014-12-20 13:34 - 2014-12-24 13:05 - 00000280 _____ () C:\Windows\setupact.log 2014-12-20 13:34 - 2014-12-20 13:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-19 11:31 - 2014-12-19 11:31 - 05317104 _____ (Piriform Ltd) C:\Users\Marcia\Downloads\ccsetup501.exe 2014-12-18 10:50 - 2014-12-18 10:50 - 00470206 _____ () C:\Users\Marcia\Desktop\medicaid approval.xps 2014-12-18 09:13 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 09:13 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 12:49 - 2014-12-17 12:49 - 00001264 _____ () C:\Users\Marcia\Desktop\Revo Uninstaller.lnk 2014-12-16 10:14 - 2014-12-16 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-12-15 11:12 - 2014-12-15 11:12 - 00000000 ____D () C:\Users\Marcia\Desktop\2014_12_15 2014-12-15 11:05 - 2014-12-15 11:05 - 22400160 _____ () C:\Users\Marcia\Downloads\mast-win-mx430-1_1-ucd.exe 2014-12-15 11:05 - 2014-12-15 11:05 - 00000000 ___HD () C:\ProgramData\CanonIJETV 2014-12-15 07:58 - 2014-12-15 07:58 - 00001135 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk 2014-12-15 07:58 - 2014-12-15 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2014-12-15 07:56 - 2014-12-15 07:56 - 00691576 _____ (Yahoo! Inc.) C:\Users\Marcia\Downloads\msgr11us.exe 2014-12-14 18:29 - 2014-12-14 18:29 - 00000000 __SHD () C:\Users\Marcia\AppData\Local\EmieUserList 2014-12-14 18:29 - 2014-12-14 18:29 - 00000000 __SHD () C:\Users\Marcia\AppData\Local\EmieSiteList 2014-12-14 18:29 - 2014-12-14 18:29 - 00000000 __SHD () C:\Users\Marcia\AppData\Local\EmieBrowserModeList 2014-12-11 19:26 - 2014-12-11 19:26 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 19:02 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 19:02 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 13:16 - 2014-12-11 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-11 10:31 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 10:31 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 10:31 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 10:31 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 10:31 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 10:31 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 10:31 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 10:31 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-11 10:30 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 10:30 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 10:30 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 10:29 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 10:29 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 10:29 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 10:29 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 10:29 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 10:29 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 10:29 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 10:29 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 10:29 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 10:29 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 10:29 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 10:29 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 10:29 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 10:29 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 10:29 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 10:29 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 10:29 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 10:29 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 10:29 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 10:29 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 10:29 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 10:29 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 10:29 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 10:29 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 10:29 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 10:29 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 10:29 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 10:29 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 10:29 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 10:29 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 10:29 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 10:29 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 10:29 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 10:29 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 10:29 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 10:29 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 10:29 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 10:29 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 10:29 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 10:29 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 10:29 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 10:29 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 10:29 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 10:29 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 10:29 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 10:29 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 10:29 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 10:29 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 10:29 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 10:29 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 10:29 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 10:29 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 10:29 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 10:29 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 10:29 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 10:29 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 10:29 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 10:29 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 10:29 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 10:29 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 10:29 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 10:29 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 10:28 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 10:28 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 10:28 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 10:28 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 10:28 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 10:28 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-25 11:36 - 2012-08-04 19:19 - 00000000 ____D () C:\ProgramData\WRData 2014-12-25 11:07 - 2014-05-15 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-25 10:55 - 2012-04-27 23:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-25 10:24 - 2012-04-27 22:43 - 00000000 ____D () C:\Program Files\Sony 2014-12-25 10:24 - 2012-04-27 22:24 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2014-12-25 10:23 - 2012-11-15 15:49 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys 2014-12-25 10:18 - 2012-08-04 22:23 - 00000000 ____D () C:\Update 2014-12-25 10:08 - 2012-06-21 07:22 - 01258486 _____ () C:\Windows\WindowsUpdate.log 2014-12-25 10:07 - 2012-08-05 11:28 - 00000000 ____D () C:\Users\Marcia\AppData\Local\CrashDumps 2014-12-25 09:37 - 2012-08-26 19:16 - 00055296 _____ () C:\Users\Marcia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-24 13:13 - 2009-07-13 21:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-24 13:13 - 2009-07-13 21:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-24 13:07 - 2012-12-16 13:32 - 00000000 ____D () C:\Users\Marcia\AppData\Local\Box Sync 2014-12-24 13:06 - 2014-09-17 17:29 - 00000000 ___RD () C:\Users\Marcia\iCloudDrive 2014-12-24 13:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-22 21:57 - 2012-08-10 20:29 - 00000000 ____D () C:\Users\Marcia\AppData\Local\WeatherBug 2014-12-19 11:32 - 2012-09-20 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-19 11:32 - 2012-09-20 17:37 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-17 13:22 - 2014-06-03 19:06 - 00000000 ____D () C:\Windows\SSDriver 2014-12-17 13:20 - 2012-08-04 18:04 - 00000000 ____D () C:\Windows\pss 2014-12-17 09:13 - 2014-03-14 08:57 - 00000000 ____D () C:\Users\Marcia\AppData\Local\Deployment 2014-12-15 11:05 - 2012-12-25 19:53 - 00000000 ____D () C:\Program Files (x86)\Canon 2014-12-15 08:25 - 2012-08-04 18:14 - 00000000 ____D () C:\Users\Marcia\AppData\Roaming\Adobe 2014-12-15 08:05 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-15 07:58 - 2013-04-29 19:48 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-12-14 11:32 - 2012-12-01 09:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-13 22:23 - 2014-10-15 09:25 - 00000000 ____D () C:\Users\Marcia\AppData\Local\Adobe 2014-12-13 22:23 - 2012-04-27 23:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-13 22:23 - 2012-04-27 23:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-13 22:23 - 2012-04-27 23:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-11 20:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 19:26 - 2014-04-29 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 19:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 19:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 19:10 - 2012-08-04 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 19:07 - 2013-07-18 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 19:04 - 2012-08-05 18:17 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-11 17:18 - 2013-07-10 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2014-12-11 11:50 - 2014-05-15 19:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-11 11:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA 2014-12-11 10:13 - 2014-06-03 19:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-11 10:13 - 2014-05-15 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-11 10:12 - 2012-08-04 19:20 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2014-12-11 10:12 - 2012-08-04 19:20 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2014-12-11 10:12 - 2012-08-04 19:20 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll 2014-12-11 10:09 - 2014-10-21 17:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 00:55 ==================== End Of Log ============================ I have attached the addition text - your system wouldn't let me paste it all - says my message is too long.
- December 25, 2014
- 19 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Thank you again for all of your help Marius! I will pass the information along to my step-daughter with what she (I think) did wrong to open the door for this Trojan. I tell people about malwarebytes all the time - and your forum and help is a big part of why I bought the program myself - I'm not sure if you guys get any type of thanks from malwarebytes for doing such a good job - but I for one am very thankful. If you ever come to the states you should look me up!! I'd love to take you out to dinner or something to say thanks! Marcia
- September 15, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Here is the log from the security check. Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` my question with this is that she has McAfee on the machine - won't windows firewall and McAfee fight each other? Thanks for all of your help!
- September 14, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

OK - Ignore my previous post please- I realized that there wasn't a delete button - but rather a "clean" button...here is the log after letting adwcleaner actually do it's job! # AdwCleaner v3.003 - Report created 13/09/2013 at 18:05:57 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Kayla - KAYLA # Running from : C:\Users\Kayla\Desktop\mbar\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EI Folder Deleted : C:\Program Files (x86)\WiseConvert Folder Deleted : C:\Users\Kayla\AppData\Local\Conduit Folder Deleted : C:\Users\Kayla\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Kayla\AppData\Local\PackageAware Folder Deleted : C:\Users\Kayla\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Kayla\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\Kayla\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Kayla\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Kayla\AppData\LocalLow\searchresultstb Folder Deleted : C:\Users\Kayla\AppData\LocalLow\Smartbar Folder Deleted : C:\Users\Kayla\AppData\LocalLow\WiseConvert File Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Deleted : HKLM\SOFTWARE\Classes\ilivid Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0592BF5-C3EE-4A82-8A3B-EA0598F192BA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54BE6CD7-0BCA-42FD-9A3E-B1E06318A3DB} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\SmartbarBackup Key Deleted : HKCU\Software\SmartbarLog Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Fast Free Converter Key Deleted : HKLM\Software\ilivid Key Deleted : HKLM\Software\SearchquMediabarTb Key Deleted : HKLM\Software\TotalRecipeSearch_14EI Key Deleted : HKLM\Software\WiseConvert Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar Key Deleted : [x64] HKLM\SOFTWARE\DataMngr ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 ************************* AdwCleaner[R0].txt - [9398 octets] - [13/09/2013 18:03:25] AdwCleaner[s0].txt - [9198 octets] - [13/09/2013 18:05:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9258 octets] ##########
- September 14, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, Here is the log from adwcleaner (I deleted the files you said were security risks first).... # AdwCleaner v3.003 - Report created 13/09/2013 at 18:03:25 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Kayla - KAYLA # Running from : C:\Users\Kayla\Desktop\mbar\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END Folder Found C:\Program Files (x86)\Conduit Folder Found C:\Program Files (x86)\File Type Helper Folder Found C:\Program Files (x86)\Ilivid Folder Found C:\Program Files (x86)\TotalRecipeSearch_14EI Folder Found C:\Program Files (x86)\WiseConvert Folder Found C:\ProgramData\Premium Folder Found C:\Users\Kayla\AppData\Local\Conduit Folder Found C:\Users\Kayla\AppData\Local\Ilivid Player Folder Found C:\Users\Kayla\AppData\Local\PackageAware Folder Found C:\Users\Kayla\AppData\LocalLow\Conduit Folder Found C:\Users\Kayla\AppData\LocalLow\Fast Free Converter Folder Found C:\Users\Kayla\AppData\LocalLow\PriceGong Folder Found C:\Users\Kayla\AppData\LocalLow\Searchqutoolbar Folder Found C:\Users\Kayla\AppData\LocalLow\searchresultstb Folder Found C:\Users\Kayla\AppData\LocalLow\Smartbar Folder Found C:\Users\Kayla\AppData\LocalLow\WiseConvert ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\WiseConvert Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKCU\Software\SmartBar Key Found : HKCU\Software\SmartbarBackup Key Found : HKCU\Software\SmartbarLog Key Found : [x64] HKCU\Software\APN DTX Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\SmartBar Key Found : [x64] HKCU\Software\SmartbarBackup Key Found : [x64] HKCU\Software\SmartbarLog Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Found : HKLM\SOFTWARE\Classes\ilivid Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Found : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Fast Free Converter Key Found : HKLM\Software\ilivid Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54BE6CD7-0BCA-42FD-9A3E-B1E06318A3DB} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0592BF5-C3EE-4A82-8A3B-EA0598F192BA} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin Key Found : HKLM\Software\SearchquMediabarTb Key Found : HKLM\Software\TotalRecipeSearch_14EI Key Found : HKLM\Software\WiseConvert Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Found : [x64] HKLM\SOFTWARE\DataMngr Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 ************************* AdwCleaner[R0].txt - [9186 octets] - [13/09/2013 18:03:25] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9246 octets] ##########
- September 14, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, This scan was not as promising. Threats were found. Here is the log: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll Win32/Toolbar.MyWebSearch application C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll Win32/Toolbar.MyWebSearch.Q application C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll Win32/Toolbar.MyWebSearch application C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (1).exe Win32/OpenCandy application C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (2).exe Win32/OpenCandy application C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (3).exe Win32/OpenCandy application C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter (4).exe Win32/OpenCandy application C:\Users\Kayla\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application C:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3 (1).exe Win32/InstallMate application C:\Users\Kayla\Downloads\www.mizzhitzthaproducerbeats.com_-_Lost_My_Way_FREE.mp3.exe Win32/InstallMate application C:\Windows\Installer\cac4cc.msi a variant of Win32/Toolbar.Linkury.A application
- September 13, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, The repackaged programs worked well - thank you. I ran them both - in the order you specified, then ran FSS again. Here is the log: Farbar Service Scanner Version: 05-09-2013 Ran by Kayla (administrator) on 11-09-2013 at 19:23:44 Running from "C:\Users\Kayla\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
- September 12, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, I am not able to run either of these programs from the zip provided. I tried to extract the files on my flash drive and got the error "Windows could not complete the extraction: The destination file could not be created" I should mention that this happened on the UNinfected machine first (that's where I download the files that you send), and then on the infected machine also. Is there another place I can get these programs?
- September 11, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, The first piece of good news is that the windows firewall is working again - when I first turned on the machine it blocked something - I'm sorry I can't remember what it said and my screen shot didn't work. I did NOT allow access though because it was a weird name. After I ran the fix damage thing, and rebooted, I ran FSS again, with all options checked. Here is the log from that: Farbar Service Scanner Version: 05-09-2013 Ran by Kayla (administrator) on 09-09-2013 at 18:18:56 Running from "E:\" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
- September 10, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, It looks like we have progress! I ran the MBAR with cleanup - after reboot, here is the log from the first run: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.06.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Kayla :: KAYLA [administrator] 9/6/2013 8:37:54 PM mbar-log-2013-09-06 (20-37-54).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 236390 Time elapsed: 7 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug (Trojan.Zaccess) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 7 c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ (Trojan.0Access) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \... (Trojan.0Access) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\l (Trojan.0Access) -> Delete on reboot. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\u (Trojan.0Access) -> Delete on reboot. C:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> Delete on reboot. Files Detected: 1 c:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\@ (Trojan.0Access) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) then as instructed I ran it again. Here is the log from that: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.07.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Kayla :: KAYLA [administrator] 9/6/2013 9:02:49 PM mbar-log-2013-09-06 (21-02-49).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 236147 Time elapsed: 13 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Nothing in the second scan. Then I ran the FSS tool, here is the log from that: Farbar Service Scanner Version: 05-09-2013 Ran by Kayla (administrator) on 06-09-2013 at 21:20:26 Running from "E:\" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** for good measure, after all of this, I ran MBAM and it said no malicious objects. I have a question though - I allowed MBAR to create a system restore point. Should I go in and delete all the previous restore points to fully remove the infection? Please let me know next steps before I tell my daughter that her machine is all better! Thanks so much!
- September 7, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Hello Marius, Thank you for helping me with this. I have downloaded the MBAR and run it as requested. It found 9 malicious objects, but as instructed I did NOT perform the clean up action. Here is the log from the MBAR scan. Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Kayla :: KAYLA [administrator] 9/5/2013 6:42:25 PM mbar-log-2013-09-05 (18-42-25).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 236590 Time elapsed: 9 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug (Trojan.Zaccess) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 7 c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ (Trojan.0Access) -> No action taken. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \... (Trojan.0Access) -> No action taken. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛ (Trojan.0Access) -> No action taken. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> No action taken. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\l (Trojan.0Access) -> No action taken. c:\program files (x86)\google\desktop\install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\u (Trojan.0Access) -> No action taken. C:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa} (Trojan.0Access) -> No action taken. Files Detected: 1 c:\Program Files (x86)\Google\Desktop\Install\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\ \...\‮ﯹ๛\{adc688b6-66f1-24f6-0cba-083dcca0f3fa}\@ (Trojan.0Access) -> No action taken. Physical Sectors Detected: 0 (No malicious items detected) (end) Thank you again for your help. Marcia
- September 6, 2013
- 20 replies
trojan.zaccess - help!?

MJnDenver posted a topic in Resolved Malware Removal Logs

Malwarebytes has found the Trojan.zaccess in my registry and can't get rid of it. I've run it a few times with the same result. After reading your "Hello and welcome" instructions I was unable to download the dds.scr as advised on my machine, so I used a flash drive to download and then installed it that way. This trouble started a few weeks ago when my computer was renamed to helperin or something like that. I disabled remote access (which I had disabled before but it was back on) renamed my computer, ran virus scans with McAfee and Malwarebytes and all seemed OK. Then the computer started running very slowly and my firewall won't stay on. Windows update did nothing, and I am not able to turn windows security on, and my McAffee won't work either. Here is the copy of the dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Kayla at 21:46:48 on 2013-09-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6044.4220 [GMT -6:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Conexant\SA3\CxUtilSvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Sendori\sndappv2.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Sendori\Sendori.Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Sendori\SendoriUp.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Conexant\SA3\SmartAudio3.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe C:\Users\Kayla\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Elantech\ETDGesture.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Sendori\SendoriTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll mWinlogon: Userinit = userinit.exe, BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll TB: Search-Results Toolbar: {6e47d688-85ec-465a-9946-ec58220f14fc} - C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [skyDrive] "C:\Users\Kayla\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll LSP: C:\Windows\System32\Sendori.dll TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\14E64786F6E697370596A7A716 : DHCPNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\2456374724579734F6E6E6563647D26427565675966696 : DHCPNameServer = 168.94.0.14 168.94.0.15 TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\B41697C616 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{39545232-73C5-4A1F-A9A0-44C8D56199C9}\D444026202D6A6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{7ABB81E0-B782-4F7F-82EB-886C4FDBAB9C} : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll SSODL: WebCheck - <orphaned> LSA: Notification Packages = scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: {9D717F81-9148-4f12-8568-69135F087DB0} - <orphaned> x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-6 16152] R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2012-11-21 73096] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216] R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072] R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-5-6 109184] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-6 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-11-21 241456] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-21 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-21 182752] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-7-28 1900728] R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-5-6 1695040] R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-5-6 21568] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-6 176096] R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2012-5-6 202024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-6 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-6 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-6 787736] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-21 309840] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-21 515968] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-5-6 313448] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-6 646248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-5-6 134696] S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-5-6 615976] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-6 39976] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-21 70112] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-21 196440] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-21 106552] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-29 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-09-04 19:00:33 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-09-04 19:00:32 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-09-04 19:00:32 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-09-04 19:00:32 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-09-04 19:00:32 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-09-04 19:00:32 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-09-04 19:00:31 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-09-04 19:00:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-09-04 19:00:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-09-04 19:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-09-04 19:00:28 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-29 03:01:40 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B47D70B-5056-44F5-B1B1-1E7E925F6D58}\mpengine.dll 2013-08-18 21:59:21 -------- d-----w- C:\Program Files (x86)\File Type Helper 2013-08-17 20:10:37 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-17 20:10:37 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-17 20:10:37 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-17 20:10:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-17 20:10:37 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-17 20:10:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-17 20:10:36 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-17 20:10:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-17 19:09:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-17 19:09:31 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-08-17 18:45:17 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-17 18:43:56 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-08-17 18:43:56 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-08-17 18:43:50 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-17 18:37:45 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-08-17 18:37:45 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL . ==================== Find3M ==================== . 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-18 03:20:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-18 03:20:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-09 22:53:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-09 22:53:09 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-07-09 22:53:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll . ============= FINISH: 21:47:22.55 =============== and here is the attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/24/2012 12:07:20 PM System Uptime: 9/4/2013 9:20:14 PM (0 hours ago) . Motherboard: Dell Inc. | | 04G65K Processor: Intel® Core i3-2370M CPU @ 2.40GHz | U3E1 | 2184/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 685 GiB total, 633.626 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Dell Wireless 1704 Bluetooth v4.0+HS Device ID: USB\VID_0A5C&PID_21D7\C01885BA8AA8 Manufacturer: Broadcom Name: Dell Wireless 1704 Bluetooth v4.0+HS PNP Device ID: USB\VID_0A5C&PID_21D7\C01885BA8AA8 Service: BTHUSB . ==== System Restore Points =================== . RP118: 8/24/2013 9:45:16 PM - Windows Update RP119: 8/28/2013 9:00:59 PM - Windows Update RP120: 9/4/2013 10:13:52 AM - Windows Update RP121: 9/4/2013 1:00:41 PM - Windows Update RP122: 9/4/2013 7:16:27 PM - Windows Update . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Accidental Damage Services Agreement Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) MUI Advanced Audio FX Engine Banctec Service Agreement Be a King: Golden Empire Bejeweled 2 Deluxe Blackhawk Striker 2 Blio Bounce Symphony Build-a-lot 2 Cake Mania Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 5.1 Canon MX430 series MP Drivers Canon MX430 series On-screen Manual Canon MX430 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CCleaner Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CleanUp! Complete Care Business Service Agreement Conexant SmartAudio HD Consumer In-Home Service Agreement Cozi D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell MusicStage Dell PhotoStage Dell Stage Dell Stage Remote Dell Touchpad Dell VideoStage Dell Webcam Central Diner Dash 2 Restaurant Rescue Dora's World Adventure DW WLAN Card Utility eBay Escape Whisper Valley Farm Frenzy FATE Final Drive Fury Final Drive Nitro Free YouTube to MP3 Converter version 3.12.8.717 Ghost Whisperer Google Toolbar for Internet Explorer Google Update Helper Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client Java 7 Update 25 Java Auto Updater JavaFX 2.1.1 Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Luxor Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus McAfee Total Protection Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Home and Student 2013 - en-us Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Dell Namco All-Stars PAC-MAN Nero 10 Movie ThemePack Basic Nero Blu-ray Player Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Premium Service Agreement QualxServ Service Agreement Quickset64 QuickShare Realtek USB 2.0 Card Reader Riverpoint Writer Samantha Swift Search-Results Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sendori Shared C Run-time for x64 Skype™ 5.10 Strongvault Online Backup SyncUP Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Wedding Dash - Ready, Aim, Love! WIDCOMM Bluetooth Software WildTangent Games WildTangent Games App (Dell Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WiseConvert Toolbar Word Slinger Zenerchi Zinio Reader 4 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 9/4/2013 9:23:44 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 9/4/2013 9:21:15 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/4/2013 9:21:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 9/4/2013 9:20:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 9/4/2013 9:20:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 9/4/2013 7:31:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981). 9/4/2013 7:31:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687). 9/4/2013 5:02:57 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/4/2013 3:02:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service. 9/4/2013 10:00:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user KAYLA\Kayla SID (S-1-5-21-429525433-3070943714-375184730-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 9/4/2013 10:00:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user KAYLA\Kayla SID (S-1-5-21-429525433-3070943714-375184730-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 9/2/2013 1:54:48 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting. 8/29/2013 1:46:57 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File =========================== I am not home to work on this before 6pm MDT, but I appreciate anything you guys can do for me!! Thanks a bunch, and let me know next steps, OK? Please? I really need this machine to work for school!! Thank you!
- September 5, 2013
- 20 replies
trogan agent in svchost exe - and making outgoing connections

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Yay! My windows update worked!! I think we got it!! Anything else I need to do to be sure? Thank you so much - you have no idea how much you've helped! I thought I would have to get a new machine....
- June 23, 2012
- 21 replies
trogan agent in svchost exe - and making outgoing connections

MJnDenver replied to MJnDenver's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marcia :: MARCIA-GATEWAY [administrator] Protection: Enabled 6/22/2012 7:04:28 PM mbam-log-2012-06-22 (19-04-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 215041 Time elapsed: 10 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Yay - it's clean again! I have not seen any of the popups that say it's blocking a connection and I'm taking that as a good sign. I have not used the computer for anything but what you tell me to do since you told me not to browse. I have had a windows update that wouldn't work, a security issue of course (that's how I was sure I had something wrong)...I'm going to go try that now. If it will update then I'm guessing we got rid of it! By the way - I didn't find anything from iobit, or that other one.
- June 23, 2012
- 21 replies

Events

Profiles

Forums

Everything posted by MJnDenver

Important Information