Jump to content

TechG

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I installed Kaspersky yesterday and it removed 2 trojens and a back door. It now seems to be running better and I will continue to play with it to make sure it is all gone. I appreciate the assistance. Trojan.Win32.pasta.vyq HEUR:Backdoor.Win64.Generic
  2. Not sure what that is in reference to, but nothing in device manager. Issue remains though.
  3. Ok, i am running a full malwarebytes scan and will be back later also . Not sure if this is an issue, but i see an ip address listed in the ignore list. I checked my true ip and it is not mine. 74.81.183.78
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013 Ran by user (administrator) on 10-08-2013 09:07:18 Running from C:\Users\user\Desktop\form\fatbar Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\iPod Access for Windows\iPAHelper.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Microsoft Corporation) C:\Windows\System32\osk.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com SearchScopes: HKLM - DefaultScope value is missing. BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} - No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://extraweb-americas.ey.com/home/extraweb/iNotes6.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://extraweb-americas.ey.com/MAIL402/dwa8W.cab Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.15 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default FF SelectedSearchEngine: Google FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Виявлення пристроїв Logitech - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\Extensions\DeviceDetection@logitech.com FF Extension: Просмотр HTTP заголовков - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Angry Birds) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0 CHR StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 iPAHelper.exe; C:\Program Files\iPod Access for Windows\iPAHelper.exe [1562381 2008-08-30] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD) R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [x] ==================== Drivers (Whitelisted) ==================== R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [136832 2008-04-04] (Saitek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-07-11] (Duplex Secure Ltd.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x] S1 MpKsl94b29a86; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{466107AF-7D62-4253-9CFF-BF86BA7DBF1A}\MpKsl94b29a86.sys [x] S1 MpKsldb55052f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{466107AF-7D62-4253-9CFF-BF86BA7DBF1A}\MpKsldb55052f.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-10 08:36 - 2013-08-10 08:36 - 00017385 _____ C:\Users\user\Desktop\JRT.txt 2013-08-10 08:02 - 2013-08-10 08:02 - 00000000 ____D C:\Windows\ERUNT 2013-08-10 08:01 - 2013-08-10 08:01 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\user\Desktop\JRT.exe 2013-08-10 07:58 - 2013-08-10 07:58 - 00006491 _____ C:\AdwCleaner[s1].txt 2013-08-10 07:58 - 2013-08-10 07:58 - 00000290 _____ C:\Windows\DeleteOnReboot.bat 2013-08-10 07:51 - 2013-08-10 07:52 - 00006783 _____ C:\AdwCleaner[R1].txt 2013-08-10 07:46 - 2013-08-10 07:46 - 00666633 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-08-09 21:00 - 2013-08-09 21:00 - 00016363 _____ C:\ComboFix.txt 2013-08-09 21:00 - 2013-08-09 21:00 - 00000000 ____D C:\Program Files\ESET 2013-08-09 18:41 - 2013-08-09 18:41 - 05102523 _____ (Swearware) C:\Users\user\Desktop\ComboFix(1).exe.part 2013-08-09 16:00 - 2013-08-10 09:06 - 00000000 ____D C:\Users\user\Desktop\form 2013-08-09 15:59 - 2013-08-09 16:00 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005(1).exe 2013-08-09 15:55 - 2013-08-09 15:55 - 00000000 ____D C:\Users\user\Form Help Files 2013-08-09 15:54 - 2013-08-09 15:55 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005.exe 2013-08-09 15:54 - 2013-08-09 15:54 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005.exe.part 2013-08-09 15:47 - 2013-08-09 15:47 - 00003552 _____ C:\Users\user\Desktop\RKreport[0]_S_08092013_154710.txt 2013-08-09 15:39 - 2013-08-09 15:47 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine 2013-08-09 15:39 - 2013-08-09 15:39 - 00920576 _____ C:\Users\user\Desktop\RogueKiller.exe 2013-08-09 14:31 - 2013-08-09 14:44 - 00017403 _____ C:\Users\user\Desktop\attach.txt 2013-08-09 14:31 - 2013-08-09 14:43 - 00014591 _____ C:\Users\user\Desktop\dds.txt 2013-08-09 14:28 - 2013-08-09 14:29 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com 2013-08-09 10:23 - 2013-08-09 10:23 - 00000000 _____ C:\Windows\system32\Drivers\TMRKB.SYS 2013-08-09 09:52 - 2013-08-09 09:52 - 02049128 _____ (Trend Micro Inc.) C:\Users\user\Desktop\HousecallLauncher.exe 2013-08-09 09:50 - 2013-08-09 09:50 - 00256904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2013-08-09 09:50 - 2013-08-09 09:50 - 00000000 ____D C:\Users\user\Desktop\New folder (2) 2013-08-09 09:44 - 2013-08-09 09:44 - 05228804 _____ C:\Users\user\Desktop\sysclean.zip 2013-08-09 09:44 - 2013-08-09 09:44 - 00000000 ____D C:\Users\user\Desktop\log 2013-08-09 09:43 - 2013-08-09 09:51 - 00000000 ____D C:\Users\user\Desktop\TMRBLog 2013-08-09 09:42 - 2013-08-09 09:42 - 09950232 _____ (Trend Micro Inc.) C:\Users\user\Desktop\RootkitBusterV5.0-1129.exe 2013-08-09 09:37 - 2013-08-09 09:37 - 00007308 _____ C:\Users\user\Desktop\hijackthis.log 2013-08-09 09:36 - 2013-08-09 09:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Desktop\HijackThis.exe 2013-08-09 09:28 - 2013-08-09 09:29 - 00185256 _____ (Лаборатория Касперского) C:\Users\user\Desktop\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_4300.exe 2013-08-09 09:04 - 2013-08-09 09:04 - 00001024 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk 2013-08-09 09:04 - 2013-08-09 09:04 - 00000000 ____D C:\Program Files\FileASSASSIN 2013-08-09 09:03 - 2013-08-02 13:55 - 00167034 _____ C:\Users\user\Desktop\fileassassin-setup-1.06.exe 2013-08-09 07:59 - 2013-08-09 07:59 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-09 07:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-09 07:58 - 2013-08-09 07:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-09 07:58 - 2013-08-09 07:51 - 07431624 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-rules.exe 2013-08-09 07:58 - 2013-08-02 13:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-09 07:56 - 2013-08-09 07:58 - 00003310 _____ C:\Users\user\Desktop\Rkill.txt 2013-08-09 07:56 - 2013-08-09 07:49 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.exe 2013-08-09 07:33 - 2013-08-09 07:33 - 00000000 ____D C:\kleaner.tmp 2013-08-08 22:42 - 2013-08-08 22:42 - 00000108 ___RH C:\Users\user\Desktop\Stinger.opt 2013-08-08 17:59 - 2013-08-08 20:53 - 00000634 _____ C:\Users\user\Desktop\Stinger_08082013_175947.html 2013-08-08 17:58 - 2013-06-01 09:31 - 00000000 ____D C:\Users\user\Desktop\Rootkit mbar 2013-08-08 17:48 - 2013-08-06 10:11 - 25399296 _____ C:\Users\user\Downloads\FW_RT_N66U_3004374168.trx 2013-08-08 17:46 - 2013-08-08 17:46 - 25399480 _____ C:\Users\user\Downloads\FW_RT_N66U_3004374168.zip 2013-08-08 16:56 - 2013-08-08 16:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-08 09:14 - 2013-08-02 16:11 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130808-091442.backup 2013-08-08 09:12 - 2013-08-08 09:12 - 00000732 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2013-08-08 09:06 - 2013-08-08 09:07 - 02466392 _____ (Check Point Software Technologies LTD) C:\Users\user\Desktop\zafwSetupWeb_110_768_000.exe 2013-08-07 06:05 - 2013-08-07 06:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-08-06 20:18 - 2013-08-06 21:01 - 192558520 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\kis2013_13.0.1.4190abcdefgEN_4525.exe 2013-08-06 13:07 - 2013-08-06 13:07 - 00000000 ____D C:\Quarantine 2013-08-06 09:54 - 2013-08-09 07:36 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-06 09:51 - 2013-08-06 09:52 - 11233112 _____ (Microsoft Corporation) C:\Users\user\Desktop\mseinstall.exe 2013-08-06 09:46 - 2013-08-09 16:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-06 09:43 - 2013-08-06 09:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Philipp Winterberg 2013-08-06 09:32 - 2013-08-06 15:26 - 00000811 _____ C:\Users\user\Desktop\Stinger_06082013_093212.html 2013-08-06 09:31 - 2013-08-08 22:42 - 00000000 ____D C:\Program Files\stinger 2013-08-06 09:30 - 2013-08-06 09:31 - 11660320 _____ (McAfee Inc) C:\Users\user\Desktop\stinger32.exe 2013-08-04 02:49 - 2013-08-02 13:55 - 00065232 _____ (Malwarebytes) C:\Users\user\Desktop\regassassin-setup-1.03.exe 2013-08-04 02:48 - 2013-08-02 13:58 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe 2013-08-04 02:46 - 2013-08-02 13:59 - 179347280 _____ C:\Users\user\Desktop\setup_11.0.0.1245.x01_2013_08_02_19_13.exe 2013-08-02 15:59 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-02 15:59 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-02 15:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-02 15:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-02 15:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-02 15:59 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-02 15:59 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-02 15:59 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-02 15:57 - 2013-08-09 21:00 - 00000000 ____D C:\Qoobox 2013-08-02 15:57 - 2013-08-09 18:41 - 05102523 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-08-02 15:57 - 2013-08-02 16:16 - 00000000 ____D C:\Windows\erdnt 2013-08-02 15:52 - 2013-08-02 15:52 - 02828552 _____ (AVAST Software) C:\Users\user\Desktop\avast-browser-cleanup.exe 2013-08-02 11:08 - 2013-08-02 11:08 - 00933148 _____ C:\Users\user\AppData\Local\census.cache 2013-08-02 11:07 - 2013-08-02 11:07 - 00166085 _____ C:\Users\user\AppData\Local\ars.cache 2013-08-02 10:02 - 2013-08-02 10:02 - 00000036 _____ C:\Users\user\AppData\Local\housecall.guid.cache 2013-08-02 10:00 - 2013-08-02 10:00 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan 2013-07-26 23:32 - 2013-07-26 23:32 - 00002177 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-07-22 17:14 - 2013-07-22 17:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2013-07-12 17:09 - 2013-07-12 17:09 - 00003974 _____ C:\Users\user\Downloads\Huntington_Delimited.csv 2013-07-11 03:12 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 03:12 - 2013-06-11 19:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 03:12 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 03:12 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 03:12 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-11 03:12 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb ==================== One Month Modified Files and Folders ======= 2013-08-10 09:06 - 2013-08-09 16:00 - 00000000 ____D C:\Users\user\Desktop\form 2013-08-10 09:04 - 2009-07-14 00:02 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-10 09:04 - 2009-07-14 00:02 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-10 09:01 - 2010-10-02 17:08 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-10 08:57 - 2012-01-07 18:19 - 00000000 ___RD C:\Users\user\Dropbox 2013-08-10 08:57 - 2012-01-07 18:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox 2013-08-10 08:57 - 2011-12-13 14:42 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-10 08:57 - 2009-07-14 00:17 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-10 08:57 - 2009-07-14 00:07 - 00016867 _____ C:\Windows\setupact.log 2013-08-10 08:56 - 2010-10-02 19:54 - 01259636 _____ C:\Windows\WindowsUpdate.log 2013-08-10 08:36 - 2013-08-10 08:36 - 00017385 _____ C:\Users\user\Desktop\JRT.txt 2013-08-10 08:30 - 2011-12-13 14:42 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-10 08:28 - 2012-07-29 04:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-10 08:17 - 2010-10-03 17:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA.job 2013-08-10 08:02 - 2013-08-10 08:02 - 00000000 ____D C:\Windows\ERUNT 2013-08-10 08:01 - 2013-08-10 08:01 - 00958418 _____ (Oleg N. Scherbakov) C:\Users\user\Desktop\JRT.exe 2013-08-10 07:58 - 2013-08-10 07:58 - 00006491 _____ C:\AdwCleaner[s1].txt 2013-08-10 07:58 - 2013-08-10 07:58 - 00000290 _____ C:\Windows\DeleteOnReboot.bat 2013-08-10 07:52 - 2013-08-10 07:51 - 00006783 _____ C:\AdwCleaner[R1].txt 2013-08-10 07:48 - 2010-10-05 13:23 - 00052568 _____ C:\Windows\PFRO.log 2013-08-10 07:48 - 2009-07-14 00:51 - 00000000 ____D C:\Windows\Performance 2013-08-10 07:46 - 2013-08-10 07:46 - 00666633 _____ C:\Users\user\Desktop\adwcleaner.exe 2013-08-09 21:46 - 2010-10-02 17:02 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore 2013-08-09 21:00 - 2013-08-09 21:00 - 00016363 _____ C:\ComboFix.txt 2013-08-09 21:00 - 2013-08-09 21:00 - 00000000 ____D C:\Program Files\ESET 2013-08-09 21:00 - 2013-08-02 15:57 - 00000000 ____D C:\Qoobox 2013-08-09 20:45 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini 2013-08-09 19:17 - 2010-10-03 17:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core.job 2013-08-09 18:41 - 2013-08-09 18:41 - 05102523 _____ (Swearware) C:\Users\user\Desktop\ComboFix(1).exe.part 2013-08-09 18:41 - 2013-08-02 15:57 - 05102523 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2013-08-09 16:14 - 2013-08-06 09:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-09 16:00 - 2013-08-09 15:59 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005(1).exe 2013-08-09 15:55 - 2013-08-09 15:55 - 00000000 ____D C:\Users\user\Form Help Files 2013-08-09 15:55 - 2013-08-09 15:54 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005.exe 2013-08-09 15:54 - 2013-08-09 15:54 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.06.1.1005.exe.part 2013-08-09 15:47 - 2013-08-09 15:47 - 00003552 _____ C:\Users\user\Desktop\RKreport[0]_S_08092013_154710.txt 2013-08-09 15:47 - 2013-08-09 15:39 - 00000000 ____D C:\Users\user\Desktop\RK_Quarantine 2013-08-09 15:39 - 2013-08-09 15:39 - 00920576 _____ C:\Users\user\Desktop\RogueKiller.exe 2013-08-09 14:44 - 2013-08-09 14:31 - 00017403 _____ C:\Users\user\Desktop\attach.txt 2013-08-09 14:43 - 2013-08-09 14:31 - 00014591 _____ C:\Users\user\Desktop\dds.txt 2013-08-09 14:42 - 2011-10-26 16:36 - 00000000 ____D C:\Program Files\PeerBlock 2013-08-09 14:38 - 2011-10-26 21:39 - 00000000 ____D C:\Program Files\Vuze 2013-08-09 14:29 - 2013-08-09 14:28 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com 2013-08-09 10:23 - 2013-08-09 10:23 - 00000000 _____ C:\Windows\system32\Drivers\TMRKB.SYS 2013-08-09 09:52 - 2013-08-09 09:52 - 02049128 _____ (Trend Micro Inc.) C:\Users\user\Desktop\HousecallLauncher.exe 2013-08-09 09:51 - 2013-08-09 09:43 - 00000000 ____D C:\Users\user\Desktop\TMRBLog 2013-08-09 09:50 - 2013-08-09 09:50 - 00256904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2013-08-09 09:50 - 2013-08-09 09:50 - 00000000 ____D C:\Users\user\Desktop\New folder (2) 2013-08-09 09:44 - 2013-08-09 09:44 - 05228804 _____ C:\Users\user\Desktop\sysclean.zip 2013-08-09 09:44 - 2013-08-09 09:44 - 00000000 ____D C:\Users\user\Desktop\log 2013-08-09 09:42 - 2013-08-09 09:42 - 09950232 _____ (Trend Micro Inc.) C:\Users\user\Desktop\RootkitBusterV5.0-1129.exe 2013-08-09 09:37 - 2013-08-09 09:37 - 00007308 _____ C:\Users\user\Desktop\hijackthis.log 2013-08-09 09:36 - 2013-08-09 09:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Desktop\HijackThis.exe 2013-08-09 09:29 - 2013-08-09 09:28 - 00185256 _____ (Лаборатория Касперского) C:\Users\user\Desktop\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_4300.exe 2013-08-09 09:17 - 2012-06-23 19:11 - 00000000 ____D C:\Windows\pss 2013-08-09 09:04 - 2013-08-09 09:04 - 00001024 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk 2013-08-09 09:04 - 2013-08-09 09:04 - 00000000 ____D C:\Program Files\FileASSASSIN 2013-08-09 07:59 - 2013-08-09 07:59 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-09 07:59 - 2013-08-09 07:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-09 07:58 - 2013-08-09 07:56 - 00003310 _____ C:\Users\user\Desktop\Rkill.txt 2013-08-09 07:51 - 2013-08-09 07:58 - 07431624 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-rules.exe 2013-08-09 07:49 - 2013-08-09 07:56 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.exe 2013-08-09 07:38 - 2012-01-26 03:28 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-09 07:36 - 2013-08-06 09:54 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-09 07:33 - 2013-08-09 07:33 - 00000000 ____D C:\kleaner.tmp 2013-08-09 07:31 - 2009-07-13 22:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-08-08 22:43 - 2011-09-01 04:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify 2013-08-08 22:42 - 2013-08-08 22:42 - 00000108 ___RH C:\Users\user\Desktop\Stinger.opt 2013-08-08 22:42 - 2013-08-06 09:31 - 00000000 ____D C:\Program Files\stinger 2013-08-08 20:53 - 2013-08-08 17:59 - 00000634 _____ C:\Users\user\Desktop\Stinger_08082013_175947.html 2013-08-08 17:46 - 2013-08-08 17:46 - 25399480 _____ C:\Users\user\Downloads\FW_RT_N66U_3004374168.zip 2013-08-08 16:56 - 2013-08-08 16:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-08 16:56 - 2013-08-08 16:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-08 16:56 - 2012-10-31 09:35 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2013-08-08 16:56 - 2010-10-13 09:47 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-08 09:18 - 2011-11-12 09:42 - 00417569 _____ C:\Windows\system32\Drivers\vsconfig.xml 2013-08-08 09:12 - 2013-08-08 09:12 - 00000732 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2013-08-08 09:07 - 2013-08-08 09:06 - 02466392 _____ (Check Point Software Technologies LTD) C:\Users\user\Desktop\zafwSetupWeb_110_768_000.exe 2013-08-07 06:07 - 2013-08-07 06:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-08-06 21:01 - 2013-08-06 20:18 - 192558520 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\kis2013_13.0.1.4190abcdefgEN_4525.exe 2013-08-06 15:26 - 2013-08-06 09:32 - 00000811 _____ C:\Users\user\Desktop\Stinger_06082013_093212.html 2013-08-06 13:07 - 2013-08-06 13:07 - 00000000 ____D C:\Quarantine 2013-08-06 10:11 - 2013-08-08 17:48 - 25399296 _____ C:\Users\user\Downloads\FW_RT_N66U_3004374168.trx 2013-08-06 09:52 - 2013-08-06 09:51 - 11233112 _____ (Microsoft Corporation) C:\Users\user\Desktop\mseinstall.exe 2013-08-06 09:43 - 2013-08-06 09:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Philipp Winterberg 2013-08-06 09:31 - 2013-08-06 09:30 - 11660320 _____ (McAfee Inc) C:\Users\user\Desktop\stinger32.exe 2013-08-06 01:59 - 2011-09-01 04:45 - 00000000 ____D C:\Users\user\AppData\Local\Spotify 2013-08-02 17:18 - 2010-10-03 17:58 - 00002370 _____ C:\Users\user\Desktop\Google Chrome.lnk 2013-08-02 16:31 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Default 2013-08-02 16:31 - 2009-07-13 22:37 - 00000000 ___RD C:\Users\Public 2013-08-02 16:16 - 2013-08-02 15:57 - 00000000 ____D C:\Windows\erdnt 2013-08-02 16:11 - 2013-08-08 09:14 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130808-091442.backup 2013-08-02 15:52 - 2013-08-02 15:52 - 02828552 _____ (AVAST Software) C:\Users\user\Desktop\avast-browser-cleanup.exe 2013-08-02 13:59 - 2013-08-04 02:46 - 179347280 _____ C:\Users\user\Desktop\setup_11.0.0.1245.x01_2013_08_02_19_13.exe 2013-08-02 13:58 - 2013-08-04 02:48 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe 2013-08-02 13:55 - 2013-08-09 09:03 - 00167034 _____ C:\Users\user\Desktop\fileassassin-setup-1.06.exe 2013-08-02 13:55 - 2013-08-04 02:49 - 00065232 _____ (Malwarebytes) C:\Users\user\Desktop\regassassin-setup-1.03.exe 2013-08-02 13:53 - 2013-08-09 07:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe 2013-08-02 11:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\wfp 2013-08-02 11:41 - 2010-10-06 11:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-02 11:41 - 2010-10-03 18:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-02 11:41 - 2010-10-03 17:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-08-02 11:41 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration 2013-08-02 11:41 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat 2013-08-02 11:08 - 2013-08-02 11:08 - 00933148 _____ C:\Users\user\AppData\Local\census.cache 2013-08-02 11:07 - 2013-08-02 11:07 - 00166085 _____ C:\Users\user\AppData\Local\ars.cache 2013-08-02 10:02 - 2013-08-02 10:02 - 00000036 _____ C:\Users\user\AppData\Local\housecall.guid.cache 2013-08-02 10:00 - 2013-08-02 10:00 - 00000000 ____D C:\Users\user\AppData\Roaming\QuickScan 2013-08-02 09:29 - 2011-01-11 10:51 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2013-07-27 12:20 - 2013-07-04 22:27 - 00035002 _____ C:\Users\user\Desktop\Check Register.xlsx 2013-07-26 23:32 - 2013-07-26 23:32 - 00002177 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-07-26 23:32 - 2011-12-13 14:42 - 00000000 ____D C:\Program Files\Google 2013-07-22 17:22 - 2013-01-11 16:57 - 00000000 ____D C:\Users\user\Desktop\Android 2013-07-22 17:14 - 2013-07-22 17:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2013-07-16 19:20 - 2012-10-06 16:01 - 00013927 _____ C:\Users\user\Desktop\Monthly Bills due.xlsx 2013-07-12 17:09 - 2013-07-12 17:09 - 00003974 _____ C:\Users\user\Downloads\Huntington_Delimited.csv 2013-07-11 03:45 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-11 03:34 - 2009-07-14 00:02 - 00421448 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 03:33 - 2010-10-05 12:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 03:32 - 2009-08-31 20:36 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 03:32 - 2009-07-14 00:51 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 03:12 - 2010-10-02 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 03:07 - 2010-10-05 10:19 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-02 00:38 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2013 Ran by user at 2013-08-10 09:07:53 Running from C:\Users\user\Desktop\form\fatbar Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer (Version: 6.1.2) 6500_E709_eDocs (Version: 1.00.0000) 6500_E709_Help (Version: 1.00.0000) 6500_E709a (Version: 140.0.000.000) Active Mobster 1.3.9 Adobe AIR (Version: 3.7.0.1860) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) (Version: 10.1.7) Adobe Shockwave Player 11.6 (Version: 11.6.6.636) AIM 7 Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) bpd_scan (Version: 3.00.0000) BPDSoftware (Version: 140.0.000.000) BPDSoftware_Ini (Version: 1.00.0000) BufferChm (Version: 140.0.213.000) BurnAware Free 5.0 Camtasia Studio 2 (Version: 2.1) CDBurnerXP (Version: 4.4.1.3243) COWON Media Center - jetAudio Basic VX (Version: 8.0.16) CrystalDiskMark 3.0.2f (Version: 3.0.2f) D3DX10 (Version: 15.4.2368.0902) Destinations (Version: 130.0.0.0) DeviceDiscovery (Version: 140.0.213.000) DocMgr (Version: 140.0.65.000) DocProc (Version: 140.0.100.000) Dropbox (HKCU Version: 2.0.22) ESET Online Scanner v3 Fax (Version: 140.0.213.000) FileASSASSIN (Version: 1.06) Google Chrome (HKCU Version: 28.0.1500.95) Google Earth (Version: 7.1.1.1888) Google Update Helper (Version: 1.3.21.153) GPBaseService2 (Version: 140.0.212.000) GTK2-Runtime (Version: 2.16.6-2010-05-12-ash) HP Customer Participation Program 14.0 (Version: 14.0) HP Document Manager 2.0 (Version: 2.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Officejet 6500 E709 Series (Version: 14.0) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) HP Update (Version: 5.002.002.002) HPProductAssistant (Version: 140.0.213.000) HPSSupply (Version: 140.0.212.000) inSSIDer (Version: 2.1.5) iPod Access for Windows v4.4.1 iTunes (Version: 10.6.1.7) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Junk Mail filter update (Version: 15.4.3502.0922) Kidspiration 3 Logitech Harmony Remote Software (Version: 1.0.110307) Logitech Vid HD (Version: 7.2 (7259)) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software Driver Package (Version: 12.10.1110) MafiaWars Utility 1.6.1 Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 140.0.214.000) Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Default Manager (Version: 2.1.55.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook Connector (Version: 14.0.5118.5000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Mobster Commander Utility 1.2.1 Mobster Control v1.0.0 Mobster Mini Missions 1.0.5 Mobster Super Adder 1.1.2 Mobster Transfer Utility 1.0.9 Mobster Utility 2.4.5 Mobsters Auth Key Updater v1.0.2 Mobsters Healer 1.0.9 Mobsters Hitlist Lag Checker v1.0.0 Mobsters Hitlist Utility 1.1.2 Mobsters Property Manager v1.1.2 Mobsters Spam Remover v1.0.2 Mobsters Stats Utility v1.0.0 Mobsters Suicide v1.0.7 (BETA) Mobsters Utility 2 v1.1.9 Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Myspace Email Adder 1.0.4 Network (Version: 140.0.215.000) OCR Software by I.R.I.S. 14.0 (Version: 14.0) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) ProductContext (Version: 140.0.000.000) QuickTime (Version: 7.74.80.86) REA's TESTware for the PPST (Version: 2.0.4) Scan (Version: 140.0.167.000) Shop for HP Supplies (Version: 14.0) SmartWebPrinting (Version: 140.0.213.000) SolutionCenter (Version: 140.0.214.000) Spotify (HKCU Version: 0.8.3.222.g317ab79d) Spotify (Version: 0.5.2) Status (Version: 140.0.256.000) swMSM (Version: 12.0.0.1) TeamViewer 8 (Version: 8.0.19617) Toolbox (Version: 140.0.428.000) TrayApp (Version: 140.0.213.000) TurboTax 2011 TurboTax 2011 WinPerFedFormset (Version: 011.000.2955) TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0463) TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214) TurboTax 2011 wohiper (Version: 011.000.1546) TurboTax 2011 wrapper (Version: 011.000.0121) TurboTax 2012 (Version: 2012.0) TurboTax 2012 WinPerFedFormset (Version: 012.000.1804) TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0402) TurboTax 2012 WinPerTaxSupport (Version: 012.000.0164) TurboTax 2012 wohiper (Version: 012.000.1227) TurboTax 2012 wrapper (Version: 012.000.0127) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition VC 9.0 Runtime (Version: 1.0.0) WebReg (Version: 140.0.213.017) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Media Player Firefox Plugin (Version: 1.0.0.8) WinRAR 4.20 (32-bit) (Version: 4.20.0) WinZip 16.5 (Version: 16.5.10095) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar ZoneAlarm Firewall (Version: 11.0.768.000) ZoneAlarm Free Firewall (Version: 11.0.768.000) ZoneAlarm Security (Version: 11.0.768.000) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 22:04 - 2013-08-09 05:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {03D89D04-0D82-4824-99C4-43163BCFFBB5} - System32\Tasks\{D8912381-3E02-4DB1-9BFB-09619AB5A2A4} => C:\Users\user\Downloads\wmpfirefoxplugin.exe [2010-10-18] (Microsoft Corporation) Task: {0E403361-1F80-4B1A-80E9-0857F0A44809} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {178FBF96-7A21-499A-A464-6E63E451F1D0} - System32\Tasks\{2C620D21-3C76-4FD0-A8AC-5D9BC8568295} => C:\Users\user\Desktop\USBDRVEN.EXE [2012-01-16] () Task: {22711553-046A-465D-AC7B-03A3EB03043E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {270837AF-0161-4FBD-97BB-E98F2D764322} - System32\Tasks\Defrag => C:\Windows\System32\Defrag.exe [2009-07-13] (Microsoft Corp.) Task: {36471E46-8A1D-466F-9BA5-FAF4AFD02BE0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03] (Google Inc.) Task: {56847B58-C00E-47EA-A22E-F6E487CD7857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-13] (Google Inc.) Task: {68A4D044-EC95-410D-9CBE-DCD2E0CDC670} - System32\Tasks\{D5199380-75BB-412F-B5E9-96D52C4BD0A7} => C:\Users\user\Downloads\wmpfirefoxplugin(2).exe [2010-10-18] (Microsoft Corporation) Task: {6A6C1860-296E-4A6C-BDCD-6F4067A5B96D} - \Updater21804.exe No Task File Task: {735B2B3C-9EB0-42BF-AC62-E60A29CBB14E} - System32\Tasks\{7228FAEA-6C64-4A44-B2A3-5DD744ADB714} => C:\Users\user\Downloads\wmpfirefoxplugin(2).exe [2010-10-18] (Microsoft Corporation) Task: {74E15840-176A-4C75-B371-226380DC5D5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03] (Google Inc.) Task: {974FC832-E3C0-4616-B468-0B5E93963C70} - System32\Tasks\Check Disk => C:\Windows\System32\chkdsk.exe [2009-07-13] (Microsoft Corporation) Task: {97F0E436-3E91-46C7-904B-90E99B48F6E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-13] (Google Inc.) Task: {9D194C24-72D7-4EDD-92C0-EDD67CD8291C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {CE526F9D-458A-4EDB-BF6A-B9153854F2EA} - System32\Tasks\{867E78DC-166D-42DE-88D9-396C240B55F4} => C:\Users\user\Downloads\wmpfirefoxplugin.exe [2010-10-18] (Microsoft Corporation) Task: {F13E40A2-DEAB-4365-86F7-F9DF39D4E652} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: MpKsl94b29a86 Description: MpKsl94b29a86 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl94b29a86 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: MpKsldb55052f Description: MpKsldb55052f Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsldb55052f Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Officejet 6500 E709a Description: Officejet 6500 E709a Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/10/2013 08:56:51 AM) (Source: sptd) (User: ) Description: Driver detected an internal error in its data structures for . Error: (08/10/2013 08:42:06 AM) (Source: sptd) (User: ) Description: Driver detected an internal error in its data structures for . Error: (08/10/2013 08:41:42 AM) (Source: Service Control Manager) (User: ) Description: The UPnP Device Host service failed to start due to the following error: %%1069 Error: (08/10/2013 08:41:42 AM) (Source: Service Control Manager) (User: ) Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/10/2013 08:41:42 AM) (Source: DCOM) (User: ) Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-08 06:33:13.604 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 14:29:42.428 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 13:54:27.252 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 12:48:30.714 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 12:34:56.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 12:29:38.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 12:23:50.252 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 11:57:54.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 11:48:45.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-07 11:40:27.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 2013.24 MB Available physical RAM: 1013.05 MB Total Pagefile: 4026.48 MB Available Pagefile: 2670.47 MB Total Virtual: 2047.88 MB Available Virtual: 1889.55 MB ==================== Drives ================================ Drive c: (Preload) (Fixed) (Total:146.36 GB) (Free:81.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Wahl_Pet) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF Drive e: (PATRIOT) (Removable) (Total:29.42 GB) (Free:28.69 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 777AA0E1) Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=3 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: 767ABD13) Partition 1: (Not Active) - (Size=29 GB) - (Type=0C) ==================== End Of Log ============================
  5. Issue remains. Started typing and my machine went on an endless loop of typing until i rebooted.
  6. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.10.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 user :: USER-PC [administrator] 8/10/2013 8:46:59 AM mbam-log-2013-08-10 (08-46-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225434 Time elapsed: 7 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.1 (08.10.2013:1) OS: Windows 7 Professional N x86 Ran by user on Sat 08/10/2013 at 8:02:32.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} ~~~ Files Successfully deleted: [File] C:\Windows\system32\tasks\Updater21804.exe ~~~ Folders Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\user\appdata\local\coupon companion plugin" Successfully deleted: [Folder] "C:\Users\user\appdata\local\updater21804" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\vuze_remote" Successfully deleted: [Folder] "C:\Users\user\Local Settings\Application Data\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0" Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0093E08F-AF13-4654-B7C3-E0054E3C5E19} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0165752E-686D-4C55-A3B9-8EBB1E5E9CD5} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{23290DF4-E0E4-46CE-9BEC-30B36C088F08} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{36B51071-C7FE-48E2-B1B8-CF959BE4AB4D} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{52927327-5C5A-4CEC-920D-1563564E9775} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5990A057-29C1-4D71-822C-0565C4EAE7D8} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6F1F5274-A6B1-4A68-B573-A2D5F2C0FB8F} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8470B624-88E2-4618-BC38-C65D9BAC967A} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{884A3A80-0A87-4246-A616-9E24EEA7C237} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{88C355CD-E40A-4AEE-AC62-E9423ED4FF63} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{928836ED-9DBE-46D4-8A79-BC6E6728F1A8} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9335D3AA-24DF-47BC-B211-46B24FF2952F} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A53AC593-8545-40FF-9C8C-6B0A52CA4156} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AFE7D7A0-C7BF-4A35-B90E-F4C77D8ADD29} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B057929A-2061-4B2D-909F-D47DB0742DF8} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E3F6D33A-E2D7-4A40-BEBE-38A562645476} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EAE2E677-DCDC-47CA-B862-2DC036484F62} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F578768E-15E6-4E93-B609-D910E1221303} Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FC73AFD6-82EE-46D2-B326-2090D5DD5CBC} ~~~ FireFox Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\hucvae5e.default\user.js Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\hucvae5e.default\smartbar Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\hucvae5e.default\extensions\staged Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\hucvae5e.default\prefs.js user_pref("CT2504091.installId", "ConduitNSISIntegration"); user_pref("CT2504091.installType", "ConduitNSISIntegration"); user_pref("CT2504091.isPerformedSmartBarTransition", "true"); user_pref("CT2504091.search.searchAppId", "129079840422026594"); user_pref("CT2504091.search.searchCount", "0"); user_pref("CT2504091.smartbar.CTID", "CT2504091"); user_pref("CT2504091.smartbar.Uninstall", "0"); user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote "); user_pref("extensions.crossrider.bic", "13cd5c173669ef3220d46649afc83a9e"); user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true); user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1360795834); user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", false); user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false); user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false); user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false); user_pref("extensions.crossriderapp21804.21804.active", true); user_pref("extensions.crossriderapp21804.21804.addressbar", ""); user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", ""); user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n"); user_pref("extensions.crossriderapp21804.21804.backgroundver", 32); user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true); user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", ""); user_pref("extensions.crossriderapp21804.21804.changeprevious", false); user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1360795834"); user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1360795834"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Wed Mar 06 2013 23:12:58 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%22141543%26pid%3D1382%5C%22%3A%7Bs%3A%5B%5C%2 user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Wed Mar 06 2013 23:12:58 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361253333"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Fri Mar 08 2013 09:50:11 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1362629147"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221361906379%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22100086%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22100086% user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221360789522%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%22100086%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1360796392852"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_sr[adultfriendfinder.com].expiration", "Fri Mar 08 2013 09:50:31 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_sr[adultfriendfinder.com].value", "1362149431"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22143206%22"); user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1360796376927"); user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion"); user_pref("extensions.crossriderapp21804.21804.domain", ""); user_pref("extensions.crossriderapp21804.21804.enablesearch", false); user_pref("extensions.crossriderapp21804.21804.fbremoteurl", ""); user_pref("extensions.crossriderapp21804.21804.group", 0); user_pref("extensions.crossriderapp21804.21804.homepage", ""); user_pref("extensions.crossriderapp21804.21804.iframe", false); user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2289A1C83E70594E40BA029917C2453E10IE%22%2C%22installer_verifi user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "46"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Thu Mar 07 2013 04:57:26 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"); user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWa user_pref("extensions.crossriderapp21804.21804.manifesturl", ""); user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin"); user_pref("extensions.crossriderapp21804.21804.newtab", ""); user_pref("extensions.crossriderapp21804.21804.opensearch", ""); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 4); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 34); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 5); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo"); user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2); user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"); user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28"); user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); user_pref("extensions.crossriderapp21804.21804.pluginsversion", 43); user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps"); user_pref("extensions.crossriderapp21804.21804.searchstatus", 0); user_pref("extensions.crossriderapp21804.21804.setnewtab", false); user_pref("extensions.crossriderapp21804.21804.settingsurl", ""); user_pref("extensions.crossriderapp21804.21804.thankyou", ""); user_pref("extensions.crossriderapp21804.21804.updateinterval", 360); user_pref("extensions.crossriderapp21804.21804.ver", 46); user_pref("extensions.crossriderapp21804.adsOldValue", -1); user_pref("extensions.crossriderapp21804.apps", "21804"); user_pref("extensions.crossriderapp21804.bic", "13cd5c173669ef3220d46649afc83a9e"); user_pref("extensions.crossriderapp21804.cid", 21804); user_pref("extensions.crossriderapp21804.firstrun", false); user_pref("extensions.crossriderapp21804.hadappinstalled", true); user_pref("extensions.crossriderapp21804.installationdate", 1360795891); user_pref("extensions.crossriderapp21804.lastcheck", 22710477); user_pref("extensions.crossriderapp21804.lastcheckitem", 22710489); user_pref("extensions.crossriderapp21804.modetype", "production"); user_pref("extensions.crossriderapp21804.reportInstall", true); Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\hucvae5e.default\minidumps [131 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/10/2013 at 8:36:01.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. # AdwCleaner v2.306 - Logfile created 08/10/2013 at 07:58:28 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Professional N Service Pack 1 (32 bits) # User : user - USER-PC # Boot Mode : Normal # Running from : C:\Users\user\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Deleted on reboot : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Coupon Companion Plugin Folder Deleted : C:\Program Files\Vuze_Remote Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\I Want This Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB8D2C1-2C0C-4F56-B40C-691B0C0D87FC} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F09CD529-DC4C-4825-A04E-AF9A431BB20B} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\Vuze_Remote Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) -\\ Google Chrome v28.0.1500.95 ************************* AdwCleaner[R1].txt - [6783 octets] - [10/08/2013 07:51:52] AdwCleaner[s1].txt - [6362 octets] - [10/08/2013 07:58:28] ########## EOF - C:\AdwCleaner[s1].txt - [6422 octets] ##########
  9. # AdwCleaner v2.306 - Logfile created 08/10/2013 at 07:51:52 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Professional N Service Pack 1 (32 bits) # User : user - USER-PC # Boot Mode : Normal # Running from : C:\Users\user\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Common Files\Software Update Utility Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\Coupon Companion Plugin Folder Found : C:\Program Files\Vuze_Remote Folder Found : C:\Program Files\Vuze_Remote Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\I Want This Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB8D2C1-2C0C-4F56-B40C-691B0C0D87FC} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F09CD529-DC4C-4825-A04E-AF9A431BB20B} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Found : HKLM\Software\TENCENT Key Found : HKLM\Software\Vuze_Remote Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) -\\ Google Chrome v28.0.1500.95 ************************* AdwCleaner[R1].txt - [6654 octets] - [10/08/2013 07:51:52] ########## EOF - C:\AdwCleaner[R1].txt - [6714 octets] ##########
  10. It cleared 3 files, but log has no data really. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
  11. Files are showing in C:\Qoobox 2013-08-02 20:29:21 . 2013-08-02 20:29:21 870 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Coupon Companion Plugin.reg.dat 2013-08-02 20:16:25 . 2013-08-02 20:16:25 192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ROC_ROC_JULY_P1.reg.dat 2013-08-02 20:16:20 . 2013-08-02 20:16:20 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC}.reg.dat 2013-08-02 20:16:19 . 2013-08-02 20:16:19 114 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat 2013-08-02 20:16:19 . 2013-08-02 20:16:19 131 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc}.reg.dat 2013-08-02 20:16:18 . 2013-08-02 20:16:18 203 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc}.reg.dat 2013-08-02 20:16:18 . 2013-08-02 20:16:18 186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat 2013-08-02 20:16:17 . 2013-08-02 20:16:17 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc}.reg.dat 2013-08-02 20:07:06 . 2013-08-09 09:07:42 4,231 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-08-02 20:01:34 . 2013-08-09 03:13:21 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr 2013-08-02 19:59:19 . 2013-08-09 03:13:22 124 ----a-w- C:\Qoobox\Quarantine\catchme.log 2013-08-02 18:56:46 . 2009-10-07 05:47:22 109,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\LVPrcInj02.dll.vir 2013-07-14 16:00:09 . 2013-07-14 16:00:09 712,264 ----a-w- C:\Qoobox\Quarantine\C\Windows\isRS-000.tmp.vir 2013-05-30 13:07:36 . 2013-05-30 13:07:36 114 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir 2011-12-14 17:48:25 . 2011-12-14 17:48:26 1,118 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\207852c7x280j712u053h5fiw4h1.vir 2007-11-07 12:03:18 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir ComboFix 13-08-02.01 - user 08/02/2013 16:01:38.1.2 - x86 Microsoft Windows 7 Professional N 6.1.7601.1.1252.1.1033.18.2013.725 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\207852c7x280j712u053h5fiw4h1 c:\windows\isRS-000.tmp c:\windows\TEMP\logishrd\LVPrcInj02.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 ))))))))))))))))))))))))))))))) . . 2013-08-02 20:10 . 2013-08-02 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-02 14:00 . 2013-08-02 14:00 -------- d-----w- c:\users\user\AppData\Roaming\QuickScan 2013-07-10 07:56 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 07:56 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 07:56 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 07:56 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 07:56 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 07:56 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 07:56 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 07:56 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 07:56 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 07:56 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 07:56 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-09 23:19 . 2013-07-09 23:19 -------- d-----w- c:\program files\CrystalDiskMark 2013-07-09 23:19 . 2013-07-09 23:19 -------- d-----w- c:\users\user\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-02 20:14 . 2013-08-02 20:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{713E79C4-3E75-44E2-80AB-3002E636543D}\offreg.dll 2013-06-27 19:07 . 2013-03-22 20:40 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 19:07 . 2012-01-27 01:27 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 19:07 . 2012-01-27 01:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-12 09:28 . 2012-07-08 16:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 09:28 . 2011-05-20 12:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 07:27 . 2012-07-11 07:55 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 04:45 . 2013-06-12 08:15 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 08:15 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 08:15 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 08:15 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 08:15 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 07:03 . 2013-05-10 07:03 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-10 07:03 . 2013-05-10 07:03 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-10 07:03 . 2013-05-10 07:03 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-05-10 07:03 . 2013-05-10 07:03 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-05-10 07:03 . 2013-05-10 07:03 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-05-10 07:03 . 2013-05-10 07:03 158720 ----a-w- c:\windows\system32\msls31.dll 2013-05-10 07:03 . 2013-05-10 07:03 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-05-10 07:03 . 2013-05-10 07:03 138752 ----a-w- c:\windows\system32\wextract.exe 2013-05-10 07:03 . 2013-05-10 07:03 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-10 07:03 . 2013-05-10 07:03 12800 ----a-w- c:\windows\system32\mshta.exe 2013-05-10 07:03 . 2013-05-10 07:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-10 07:03 . 2013-05-10 07:03 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-10 07:03 . 2013-05-10 07:03 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-05-10 07:03 . 2013-05-10 07:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-10 07:03 . 2013-05-10 07:03 361984 ----a-w- c:\windows\system32\html.iec 2013-05-10 07:03 . 2013-05-10 07:03 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-10 07:03 . 2013-05-10 07:03 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-10 03:20 . 2013-06-12 08:15 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-09 08:59 . 2013-03-22 20:40 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-03-27 07:54 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2012-01-27 01:26 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-01-27 01:26 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2012-01-27 01:27 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2012-01-27 01:26 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-01-27 01:26 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-08 05:38 . 2013-06-12 08:15 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 08:15 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-12 08:15 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2013-07-10 1104384] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Spotify"="c:\program files\Spotify\Spotify.exe" [2013-07-10 4640768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 136176] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-03 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 27056] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 497320] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184] S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 09:28] . 2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 18:42] . 2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 18:42] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 21:57] . 2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 21:57] . 2013-07-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-10-03 19:31] . 2013-07-26 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-10-03 19:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hucvae5e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2010-12-05 14:29; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe AddRemove-Coupon Companion Plugin - c:\program files\Coupon Companion Plugin\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\07\03\0b\06\1b\08?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(564) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'Explorer.exe'(10160) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\conhost.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\iPod Access for Windows\iPAHelper.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\WUDFHost.exe c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\program files\TeamViewer\Version8\TeamViewer.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\TeamViewer\Version8\tv_w32.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\windows\system32\DllHost.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2013-08-02 16:31:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-02 20:31 . Pre-Run: 78,310,731,776 bytes free Post-Run: 78,299,299,840 bytes free . - - End Of File - - AF81529A1557FC6351CEDF4759890950 A36C5E4F47E84449FF07ED3517B43A31
  12. Not sure why, but it is taking a really long time to finish this time around. I had run this before and it took no more then 30 minutes. Right now it is over an hour. It currently says it is gathering the log files so I am waiting on it to complete. I will also paste the previous log of the files removed when it is done.
  13. Whatever is on here it keeps coming back. I randomaly see boxes in the top right corner of the screen popup quickly and then the system goes scary. If I type to long on my keyboard it hijacks my keyboard and forces me to reboot or continually types for me. If I use the on-screen keyboard I can stay on longer. These two entries still show in my msconfig startup list. I had disabled them and cleared all temps along with running a few programs before asking for professional help. StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~2.lnk - c:\users\user\appdata\local\temp\_uninst_88830011.bat StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\user\appdata\local\temp\_uninst_90711916.bat
  14. Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.09.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 user :: USER-PC [administrator] 8/9/2013 4:01:09 PM mbar-log-2013-08-09 (16-01-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 230897 Time elapsed: 12 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.493000 GHz Memory total: 2111037440, free: 914890752 Downloaded database version: v2013.08.08.01 Downloaded database version: v2013.08.08.02 Downloaded database version: v2013.08.08.03 Downloaded database version: v2013.08.08.04 Downloaded database version: v2013.08.08.05 Downloaded database version: v2013.08.08.06 Downloaded database version: v2013.08.08.07 Downloaded database version: v2013.08.09.01 Downloaded database version: v2013.08.09.02 Downloaded database version: v2013.08.09.03 Downloaded database version: v2013.08.09.04 Downloaded database version: v2013.08.09.05 Downloaded database version: v2013.08.09.06 Initializing... ------------ Kernel report ------------ 08/09/2013 16:01:04 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\vsdatant.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk62x86.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\SaiH8000.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\LVPr2Mon.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8633fac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006b\ Lower Device Object: 0xffffffff8633f688 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85c2da58 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xffffffff85b4a908 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85c2da58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85c2d690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85c2da58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85b4c918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff85b4a908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 777AA0E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 306941952 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 306944000 Numsec = 5634048 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8633fac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8633ad10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8633fac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8633f688, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 767ABD13 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 8064 Numsec = 61759616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 31625052160 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished
  15. RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Scan -- Date : 08/09/2013 15:47:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 6 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA.job : C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core.job : C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001Core : C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3829866535-4049626441-3727746084-1001UA : C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V2][sUSP PATH] Updater21804.exe : C:\Users\user\AppData\Local\Updater21804\Updater21804.exe - /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [-][x] -> FOUND [V2][sUSP PATH] {2C620D21-3C76-4FD0-A8AC-5D9BC8568295} : C:\Users\user\Desktop\USBDRVEN.EXE [-] -> FOUND ¤¤¤ Startup Entries : 2 ¤¤¤ [user][sUSP PATH] _uninst_88830011.lnk : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_88830011.lnk @C:\Users\user\AppData\Local\Temp\_uninst_88830011.bat [-][x] -> FOUND [user][sUSP PATH] _uninst_90711916.lnk : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_90711916.lnk @C:\Users\user\AppData\Local\Temp\_uninst_90711916.bat [-][x] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600AAJS-08L7A0 ATA Device +++++ --- User --- [MBR] e4594bb1fe9e10ce6a02ffc96a306427 [bSP] c808a21119bbd3b462861fad9cc3a87e : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 149874 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 306944000 | Size: 2751 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1600AAJS-08L7A0 ATA Device +++++ --- User --- [MBR] aac73395d24e49a894d9f3dcecc1857a [bSP] d06ff45df64deb30a0e491e937266b33 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 30156 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08092013_154710.txt >>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.