Jump to content

Ageel

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No, I didn't find the FF extension. I went into FF and checked the plugins/addons/extenstions and didn't see anything. I also went into regedit and didn't see anything there either.
  2. Good Morning MrC, I could not find Fast Free Converter (FFC) at this location: C:\Program Files (x86)\Fast Free Converter. I even checked C:\Program Files\FFC and didn't find anything. I searched the whole C: drive and found it in a couple of locations: plz see screenshot. I then deleted all the folders. I also ran the eset online scanner. Zero detections.
  3. Yes, all 3 browsers being redirected. IE, FF and Chrome.
  4. Additional txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013Ran by Aguugz at 2013-08-28 18:03:52Running from C:\Users\Aguugz\Desktop\IT ToolkitBoot Mode: Normal========================================================== ==================== Installed Programs ======================= µTorrent (HKCU Version: 3.3.1.30003)7-Zip 9.21 (x32 Version: 9.21.00.0)ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)Acer Backup Manager (x32 Version: 2.0.2.39)Acer eRecovery Management (x32 Version: 4.05.3005)Acer Registration (x32 Version: 1.02.3006)Acer ScreenSaver (x32 Version: 1.1.0909)Acer Updater (x32 Version: 1.01.3014)Acrobat.com (x32 Version: 1.6.65)Adobe AIR (x32 Version: 3.8.0.870)Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)Advertising Center (x32 Version: 0.0.0.2)Akamai NetSession Interface (HKCU)Apple Application Support (x32 Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (x32 Version: 2.1.3.127)Audacity 1.3.13 (Unicode) (x32)avast! Free Antivirus (x32 Version: 8.0.1489.0)Backup Manager Advance (x32 Version: 2.0.2.39)BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35)Bonjour (Version: 3.0.0.10)CDDRV_Installer (Version: 4.60)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)ConvertHelper 2.2 (x32)D3DX10 (x32 Version: 15.4.2368.0902)Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDIRECTV Player (x32 Version: 8.0)Dropbox (HKCU Version: 2.0.22)DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)DVDFab 8.1.3.2 (31/10/2011) Qt (x32)eaner (Version: 4.05)EASEUS Data Recovery Wizard Free Edition 5.0.1 (x32)EASEUS Partition Master 9.1.0 Professional (x32)EASEUS Partition Recovery 5.0.1 (x32)eBay Worldwide (x32 Version: 2.1.0901)eMusic Download Manager 4.1.4 (x32 Version: 4.1.4)EPSON Scan (x32)EPSON TX800FW Series Printer UninstallEpsonNet Config V3 (x32 Version: 3.4a)erLT (x32 Version: 1.20.0137)eSobi v2 (x32 Version: 2.0.4.000274)ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0)Free Alarm Clock 2.2.1 (x32 Version: 2.2)Google Chrome (HKCU Version: 29.0.1547.57)Google Talk Plugin (x32 Version: 3.13.1.11376)Google Talk Plugin (x32 Version: 4.4.2.14502)Google Toolbar for Internet Explorer (x32 Version: 1.0.0)Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)Google Update Helper (x32 Version: 1.3.21.153)Graboid Video 2.03 (x32 Version: 2.03)HandBrake 0.9.5 (x32 Version: 0.9.5)iCloud (Version: 2.1.2.8)Identity Card (x32 Version: 1.00.3002)ImagXpress (x32 Version: 7.0.74.0)ImgBurn (x32 Version: 2.5.7.0)Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3)Intel® Matrix Storage ManagerInternet TV for Windows Media Center (x32 Version: 4.2.2.0)iTunes (Version: 11.0.5.5)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Java SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10)JMicron JMB36X Driver (x32 Version: 1.00.0000)Juniper Networks Network Connect 7.1.0 (x32 Version: 7.1.0.18193)Juniper Networks Network Connect 7.1.10 (x32 Version: 7.1.10.21187)Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853)Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)Junk Mail filter update (x32 Version: 15.4.3502.0922)KhalInstallWrapper (Version: 2.00.0000)Logitech SetPoint (x32 Version: 4.80)LTCM Client (x32 Version: 1.20.3792)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)McAfee SiteAdvisor (Version: 3.3.1.133)McAfee SiteAdvisor (x32 Version: 3.6.168)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Corporation (Version: 9.1.0.0)Microsoft Corporation (x32 Version: 9.1.0.0)Microsoft LifeCam (Version: 3.60.253.0)Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000)Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Visio 2010 (Version: 14.0.7015.1000)Microsoft Office Visio MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Online Services Sign-in Assistant (Version: 7.250.4303.0)Microsoft Project Professional 2010 (Version: 14.0.7015.1000)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visio Premium 2010 (Version: 14.0.7015.1000)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Mobile Mouse Server (x32 Version: 2.5.0)MobileMe Control Panel (Version: 3.1.8.0)MondomixMP3 (x32 Version: 1.1)Morphyre (x32)Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)Mozilla Maintenance Service (x32 Version: 23.0.1)MP3 Rocket (x32)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT_amd64 (x32 Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)Music Editor Free (x32)MyWinLocker (x32 Version: 3.1.76.0)Nero 9 Essentials (x32)Nero ControlCenter (x32 Version: 9.0.0.1)Nero DiscSpeed (x32 Version: 5.4.7.201)Nero DiscSpeed Help (x32 Version: 5.4.4.100)Nero DriveSpeed (x32 Version: 4.4.7.201)Nero DriveSpeed Help (x32 Version: 4.4.4.100)Nero Express Help (x32 Version: 9.4.9.100)Nero InfoTool (x32 Version: 6.4.7.201)Nero InfoTool Help (x32 Version: 6.4.4.100)Nero Installer (x32 Version: 4.4.8.1)Nero Online Upgrade (x32 Version: 1.3.0.0)Nero StartSmart (x32 Version: 9.4.11.209)Nero StartSmart Help (x32 Version: 9.4.11.208)Nero StartSmart OEM (x32 Version: 9.16.0.100)NeroExpress (x32 Version: 9.4.10.505)neroxml (x32 Version: 1.0.0)Netflix in Windows Media Center (x32 Version: 3.3.101.0)Norton Online Backup (x32 Version: 1.2.0.36)NVIDIA 3D Vision Controller Driver 314.07 (Version: 314.07)NVIDIA 3D Vision Driver 314.07 (Version: 314.07)NVIDIA Control Panel 314.07 (Version: 314.07)NVIDIA Display Control Panel (Version: 6.14.12.5896)NVIDIA Graphics Driver 314.07 (Version: 314.07)NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)NVIDIA Install Application (Version: 2.1002.109.706)NVIDIA PhysX (x32 Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)NVIDIA Update 1.12.12 (Version: 1.12.12)NVIDIA Update Components (Version: 1.12.12)ophcrack 3.4.0 (x32 Version: 3.4.0)PerSonoCall Consumer Edition (x32 Version: 2.11.0007)PVSonyDll (Version: 1.00.0001)Python 2.7.5 (64-bit) (Version: 2.7.5150)QuickTime (x32 Version: 7.73.80.64)Radio365 (x32 Version: 2.2.0.5)RealDownloader (x32 Version: 1.3.1)RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)RealUpgrade 1.1 (x32 Version: 1.1.0)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSkype Click to Call (x32 Version: 5.7.8773)Skype™ 6.1 (x32 Version: 6.1.129)Spybot - Search & Destroy (x32 Version: 1.6.2)SUPERAntiSpyware (Version: 5.6.1032)TeamViewer 8 (x32 Version: 8.0.20202)THX TruStudio PC (x32 Version: 1.0)Tixati (x32)tools-freebsd (x32 Version: 9.2.3.1031769)tools-linux (x32 Version: 9.2.3.1031769)tools-netware (x32 Version: 9.2.3.1031769)tools-solaris (x32 Version: 9.2.3.1031769)tools-windows (x32 Version: 9.2.3.1031769)tools-winPre2k (x32 Version: 9.2.3.1031769)TVersity Codec Pack 1.7 (x32 Version: 1.7)TVersity Media Server 1.9.7 (x32 Version: 1.9.7)Unity Web Player (HKCU Version: 2.6.1f3_31223)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionVirtualCloneDrive (x32)VLC media player 2.0.8 (x32 Version: 2.0.8)VMware vCenter Converter Standalone (x32 Version: 5.0.0.470252)VMware Workstation (Version: 9.0.2)VMware Workstation (x32 Version: 9.0.2)Welcome Center (x32 Version: 1.00.3006)WePrint (x32)Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)Windows Live Communications Platform (x32 Version: 15.4.3502.0922)Windows Live Essentials (x32 Version: 15.4.3502.0922)Windows Live Essentials (x32 Version: 15.4.3538.0513)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (x32 Version: 15.4.3502.0922)Windows Live Language Selector (Version: 15.4.3538.0513)Windows Live Mail (x32 Version: 15.4.3502.0922)Windows Live Messenger (x32 Version: 15.4.3538.0513)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (x32 Version: 15.4.3502.0922)Windows Live Photo Common (x32 Version: 15.4.3502.0922)Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)Windows Live SOXE (x32 Version: 15.4.3502.0922)Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)Windows Live Sync (x32 Version: 14.0.8089.726)Windows Live UX Platform (x32 Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)Windows Live Writer (x32 Version: 15.4.3502.0922)Windows Live Writer Resources (x32 Version: 15.4.3502.0922)Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)Windows XP Mode (Version: 1.3.7600.16423)WinRAR 4.20 (64-bit) (Version: 4.20.0)WinZip 17.5 (Version: 17.5.10480)Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)Yammer (x32 Version: 255)Yammer (x32 Version: 300222) ==================== Restore Points ========================= 27-08-2013 18:27:00 Scheduled Checkpoint27-08-2013 19:37:31 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-08-28 14:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00D87272-9ED9-4672-9AC0-AEE6AB04F384} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No FileTask: {01EA4881-A8D2-4AEF-A777-EF2A2101F60B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)Task: {136E7E34-AD39-4DA3-8CE1-9CD720231B16} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {154259D6-696C-4104-AD58-A596D9616027} - System32\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {168FB4D9-5906-4C21-BBF5-7F20B7D4FC18} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update TaskTask: {1E394E1E-7DB8-4256-B0D8-0F41FBE54796} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {235615A6-8733-4C27-AC43-F8A60349DC96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)Task: {31F1254A-F487-4D2D-AAC0-0DE583D54066} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2531113335-1326481275-3410773886-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)Task: {3A306F4D-D166-46E0-B0CE-0B50330A416D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {3AE18BB8-0A61-4240-ABE7-5EB1EE26DC2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {6F058FE9-9CDE-4E7A-B29C-BE3FE212929E} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe No FileTask: {700F0B80-D26B-409A-8582-886C4F4624E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)Task: {7402A89C-577B-436F-8CD4-94DBACD8CB60} - System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)Task: {79E666D5-861A-4C41-94C5-D92116B3DC3B} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)Task: {80E5DD0F-13C8-4839-BB72-C6601590A247} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-13] (Microsoft Corporation)Task: {8933EA15-2A5C-4471-9E1E-6DBDC779379B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {8A256ED2-1B0C-4F5B-91FB-94AFC05DB5AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)Task: {9EB6045B-EE04-4633-841E-18F0D6DF9D96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {A1C93D16-6786-4204-ACD0-406C901E2F65} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)Task: {A89F7281-A727-449B-9987-C520046B4DCF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)Task: {C7E94724-9A3D-423C-80D4-404339607F4C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)Task: {D240E9DC-3460-4B2D-802B-3710DE7C4FCA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {D6308D36-AD58-49F2-8F92-F3116D729E08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-13] (Microsoft Corporation)Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)Task: {E236C8EB-352A-4736-A2A4-909906B1FC4C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {E7FB78B6-9B98-4444-9091-3B7878389190} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-AGUUGZ-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)Task: {EE08118F-A725-4AE9-B693-A4FFBFB1437B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)Task: {F74CEDA7-1AA0-422B-935B-43487011FB8D} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe No FileTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Freya\Desktop\(35 unread) - freyashatry - Yahoo! Mail.website:favicon ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral DeviceDescription: Bluetooth Peripheral DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: MAC Bridge MiniportDescription: MAC Bridge MiniportClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BridgeMPProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:================== System errors:=============Error: (08/28/2013 06:03:52 PM) (Source: Ntfs) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume . Error: (08/28/2013 04:13:36 PM) (Source: Ntfs) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume . Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2013-08-28 14:36:22.271 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-28 14:36:22.201 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:45:24.182 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\zntport64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:45:24.088 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\zntport64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:45:20.391 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\TVicPort64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:45:20.313 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\TVicPort64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:44:51.016 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\int15_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-01-31 13:44:50.954 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\int15_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 43%Total physical RAM: 8182.99 MBAvailable physical RAM: 4588.16 MBTotal Pagefile: 16364.16 MBAvailable Pagefile: 12306.58 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1385.7 GB) (Free:489.3 GB) NTFSDrive e: (Server 2008R2) (Fixed) (Total:422.07 GB) (Free:269.16 GB) NTFSDrive j: (Downloads) (Fixed) (Total:509.43 GB) (Free:2.6 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: A024D30F)Partition 1: (Not Active) - (Size=11 GB) - (Type=27)Partition 2: (Active) - (Size=123 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=-711142566912) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 932 GB) (Disk ID: 03183630)Partition 1: (Not Active) - (Size=422 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=509 GB) - (Type=OF Extended) ==================== End Of Log ============================
  5. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013Ran by Aguugz (administrator) on 28-08-2013 18:02:55Running from C:\Users\Aguugz\Desktop\IT ToolkitWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe() C:\ProgramData\TVersity\Media Server\MediaServer.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Akamai Technologies, Inc.) C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe(NDS Technologies) C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe(Akamai Technologies, Inc.) C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe() C:\Users\Aguugz\AppData\Local\DIRECTV Player\NDSPCShowServer.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe(Dropbox, Inc.) C:\Users\Aguugz\AppData\Roaming\Dropbox\bin\Dropbox.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google) C:\Users\Aguugz\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\system32\SnippingTool.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\THXCfg64.dll [17920 2009-09-30] (Creative Technology Ltd.)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)HKLM\...\Run: [bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKCU\...\Run: [PCShowServer] - C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)HKCU\...\Run: [speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [959488 2009-09-03] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()HKU\Freya\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)HKU\Freya\...\Run: [Google Update] - C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-25] (Google Inc.)HKU\Freya\...\Run: [EPSON TX800FW Series (Copy 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMP.EXE /FU "C:\Users\Freya\AppData\Local\Temp\E_S5708.tmp" /EF "HKCU" [x]HKU\Freya\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [x]HKU\Hasna\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)HKU\Mcx1-AGUUGZ-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION HKU\UpdatusUser\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()Startup: C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Aguugz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnkShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 127.0.0.1:10081HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://sslvpn.tmhs.org/CACHE/stc/7/binaries/vpnweb.cabDPF: HKLM-x32 {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer.custhelp.com/euf/assets/activex/snret.cabDPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6267/mcfscan.cabDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cabDPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.10.10 FireFox:========FF ProfilePath: C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.defaultFF NetworkProxy: "backup.ftp", "proxy1.emirates.net.ae"FF NetworkProxy: "backup.ftp_port", 8080FF NetworkProxy: "backup.gopher", "proxy1.emirates.net.ae"FF NetworkProxy: "backup.gopher_port", 8080FF NetworkProxy: "backup.socks", "proxy1.emirates.net.ae"FF NetworkProxy: "backup.socks_port", 8080FF NetworkProxy: "backup.ssl", "proxy1.emirates.net.ae"FF NetworkProxy: "backup.ssl_port", 8080FF NetworkProxy: "ftp", "proxy1.emirates.net.ae"FF NetworkProxy: "ftp_port", 8080FF NetworkProxy: "gopher", "proxy1.emirates.net.ae"FF NetworkProxy: "gopher_port", 8080FF NetworkProxy: "http", "proxy1.emirates.net.ae"FF NetworkProxy: "http_port", 8080FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "proxy1.emirates.net.ae"FF NetworkProxy: "socks_port", 8080FF NetworkProxy: "socks_remote_dns", trueFF NetworkProxy: "ssl", "proxy1.emirates.net.ae"FF NetworkProxy: "ssl_port", 8080FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No FileFF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aguugz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Aguugz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aguugz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: DoNotTrackMe - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\donottrackplus@abine.comFF Extension: FoxyProxy Basic - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\foxyproxy@eric.h.jungFF Extension: MaskMe - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\idme@abine.comFF Extension: MegaUpload DownloadHelper - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\mgDownloadHelper@yevgenyandrov.netFF Extension: DownloadHelper - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF Extension: FoxLingo - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpiFF Extension: mp3rocketdownloader - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\mp3rocketdownloader@mp3rocket.me.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\sfStatistics.xmlFF Extension: thumbnailZoom - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\thumbnailZoom@dadler.github.com.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{891f0410-aaa2-11e0-9f1c-0800200c9a66}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpiFF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpiFF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FFFF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisorFF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.comFF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No FileCHR Plugin: (Skype Toolbars) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No FileCHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No FileCHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No FileCHR Plugin: (Unity Player) - C:\Users\Aguugz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Entanglement) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1CHR Extension: (reddit companion) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0CHR Extension: (TV) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0CHR Extension: (Chinese Tutor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae\8_0CHR Extension: (Google Calendar) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0CHR Extension: (SiteAdvisor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0CHR Extension: (AdBlock) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_1CHR Extension: (avast! Online Security) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0CHR Extension: (Hover Free) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj\1.0.11_0CHR Extension: (RealDownloader) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0CHR Extension: (Zoho Chat) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhciionmiegecfdffhjlcfanhikpppf\1.1_1CHR Extension: (Analytics Blocker) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0CHR Extension: (Alarm Clock Radio) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi\1.7_1CHR Extension: (Until AM) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0CHR Extension: (Skype Click to Call) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0CHR Extension: (Poppit) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0CHR Extension: (Reddit Infinite Scrolling) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcdiindjnabamiehkinpjhkihgfanof\1.2_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (ezLinkPreview) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkcfbiefgdaceeplickkkmifpicbpcc\5.33_0CHR Extension: (Hover Zoom) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0CHR Extension: (SwiftPreview) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphfkpgklibhnhgegdblhnhicgfginnj\2.2.4_0CHR Extension: (My Chrome Theme) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_1CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crxCHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc.)R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-28 18:01 - 2013-08-28 18:02 - 00000000 ____D C:\Users\Aguugz\Desktop\IT Toolkit2013-08-28 15:52 - 2013-08-28 15:52 - 00001673 _____ C:\Users\Aguugz\Desktop\JRT.txt2013-08-28 15:46 - 2013-08-28 15:46 - 00000000 ____D C:\Windows\ERUNT2013-08-28 15:45 - 2013-08-28 15:45 - 01021434 _____ (Thisisu) C:\Users\Aguugz\Desktop\JRT.exe2013-08-28 15:34 - 2013-08-28 15:39 - 00000000 ____D C:\AdwCleaner2013-08-28 15:09 - 2013-08-28 15:09 - 01656459 _____ C:\Users\Aguugz\Desktop\winrar-x64-420.exe2013-08-28 14:57 - 2013-08-28 14:57 - 00033076 _____ C:\Users\Aguugz\Desktop\combofix.txt2013-08-28 14:56 - 2013-08-28 14:56 - 00033076 _____ C:\ComboFix.txt2013-08-28 14:27 - 2013-08-28 14:56 - 00000000 ____D C:\Qoobox2013-08-28 14:27 - 2013-08-28 14:51 - 00000000 ____D C:\Windows\erdnt2013-08-28 14:27 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe2013-08-28 14:27 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe2013-08-28 14:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-08-28 14:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-08-28 14:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-08-28 14:27 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe2013-08-28 14:27 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe2013-08-28 14:27 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe2013-08-28 14:22 - 2013-08-28 14:22 - 05114728 ____R (Swearware) C:\Users\Aguugz\Desktop\ComboFix.exe2013-08-28 12:57 - 2013-08-28 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-28 12:53 - 2013-08-28 13:35 - 00000000 ____D C:\Users\Aguugz\Desktop\mbar2013-08-28 12:42 - 2013-08-28 12:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Aguugz\Desktop\mbar-1.07.0.1005.exe2013-08-28 12:37 - 2013-08-28 12:39 - 09876312 _____ (PC Tools ) C:\Users\Aguugz\Desktop\tfinstall.exe2013-08-28 11:41 - 2013-08-28 14:18 - 967039928 _____ C:\Users\Aguugz\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso2013-08-28 08:58 - 2013-08-28 08:58 - 00006940 _____ C:\Users\Aguugz\Desktop\RKreport[0]_S_08282013_085820.txt2013-08-28 08:56 - 2013-08-28 11:38 - 00000000 ____D C:\Users\Aguugz\Desktop\RK_Quarantine2013-08-28 08:50 - 2013-08-28 08:50 - 03771904 _____ C:\Users\Aguugz\Desktop\RogueKillerX64.exe2013-08-27 16:08 - 2013-08-27 16:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Aguugz\Desktop\MicrosoftFixit.wu.LB.2730106675446385.1.1.Run.exe2013-08-27 13:31 - 2013-08-28 15:42 - 00015102 _____ C:\Windows\PFRO.log2013-08-27 11:25 - 2013-08-28 15:43 - 00000728 _____ C:\Windows\setupact.log2013-08-27 11:25 - 2013-08-27 11:25 - 00000000 _____ C:\Windows\setuperr.log2013-08-27 10:51 - 2013-08-27 10:51 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Malwarebytes2013-08-27 10:50 - 2013-08-27 10:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-27 10:50 - 2013-08-27 10:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-27 10:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-08-27 10:24 - 2013-08-27 10:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Aguugz\Downloads\mbam-clean-1.60.2.0003.exe2013-08-26 22:25 - 2013-08-26 22:25 - 00332732 _____ C:\Users\Aguugz\Documents\cc_20130826_222511.reg2013-08-26 22:23 - 2013-08-28 13:19 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-08-26 21:13 - 2013-08-26 21:13 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-08-26 21:13 - 2013-08-26 21:13 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-08-26 21:13 - 2013-08-26 21:13 - 00000000 ____D C:\Program Files\CCleaner2013-08-26 21:12 - 2013-08-26 21:13 - 04454952 _____ (Piriform Ltd) C:\Users\Aguugz\Downloads\ccsetup405.exe2013-08-26 20:59 - 2013-08-26 20:59 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-08-26 20:43 - 2013-08-28 15:44 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-10002013-08-26 15:06 - 2013-08-28 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job2013-08-26 15:06 - 2013-08-28 02:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job2013-08-26 15:06 - 2013-08-26 15:06 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac2013-08-26 15:06 - 2013-08-26 15:06 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc7352013-08-26 15:05 - 2013-08-27 10:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-26 15:05 - 2013-08-26 15:05 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\SUPERAntiSpyware.com2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-26 13:32 - 2013-08-26 13:34 - 27229688 _____ (SUPERAntiSpyware) C:\Users\Aguugz\Downloads\SUPERAntiSpyware.exe2013-08-26 13:31 - 2013-08-26 13:31 - 00001087 _____ C:\Users\Aguugz\Desktop\Continue Download Helper Installation.lnk2013-08-26 12:55 - 2013-08-26 12:55 - 02347384 _____ (ESET) C:\Users\Aguugz\Downloads\esetsmartinstaller_enu.exe2013-08-26 12:37 - 2013-08-28 15:44 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-10002013-08-26 12:18 - 2013-08-27 15:06 - 00038199 _____ C:\Users\Aguugz\Desktop\dds.txt2013-08-26 12:18 - 2013-08-27 15:06 - 00013388 _____ C:\Users\Aguugz\Desktop\attach.txt2013-08-26 11:52 - 2013-08-26 12:30 - 492597008 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\WindowsXPMode_en-us (1).exe2013-08-26 11:41 - 2013-08-26 11:41 - 01528184 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\GenuineCheck.exe2013-08-26 11:37 - 2013-08-26 11:37 - 00688992 ____R (Swearware) C:\Users\Aguugz\Downloads\dds.com2013-08-26 10:47 - 2013-08-26 10:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aguugz\Downloads\iexplorer.exe2013-08-22 15:54 - 2013-08-22 15:54 - 00000000 ____D C:\Users\Aguugz\.shsh2013-08-22 15:31 - 2013-08-22 15:31 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iTunes2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iPod2013-08-22 15:16 - 2013-06-25 15:00 - 07197696 _____ (iH8sn0w) C:\Users\Aguugz\Desktop\iFaith-v1.5.9.exe2013-08-22 15:02 - 2013-08-22 15:02 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-08-20 12:45 - 2013-08-02 13:51 - 00000000 ____D C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT2013-08-20 12:43 - 2013-08-20 12:44 - 20285559 _____ C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT.zip2013-08-19 09:09 - 2013-08-19 09:09 - 00029025 _____ C:\Users\Aguugz\Downloads\2BEC9E4483366D4F20A97B800E341B127DE410CE.torrent2013-08-19 09:07 - 2013-08-19 09:07 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB (1).torrent2013-08-19 08:51 - 2013-08-19 08:51 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB.torrent2013-08-14 14:30 - 2013-08-14 14:30 - 00057128 _____ C:\Users\Aguugz\Downloads\42CB1476FA750F9BBDA16432AF40A74DF8EF5D78.torrent2013-08-14 14:29 - 2013-08-14 14:29 - 00029213 _____ C:\Users\Aguugz\Downloads\562ECB0EA9C457FFCE506F14A594566A2F29F85A.torrent2013-08-14 13:56 - 2013-08-14 13:56 - 00057194 _____ C:\Users\Aguugz\Downloads\83A7A73A9608D62BF7B906B96BA7A4B87203078B.torrent2013-08-14 13:55 - 2013-08-14 13:55 - 00028949 _____ C:\Users\Aguugz\Downloads\EA5C135B25751C2C6C4D659502A2A67C0973E2F0.torrent2013-08-14 13:52 - 2013-08-14 13:52 - 00014996 _____ C:\Users\Aguugz\Downloads\77CCD7CA50D887CB888692334DFDEE638DAB3821.torrent2013-08-14 13:51 - 2013-08-14 13:51 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C (1).torrent2013-08-14 13:50 - 2013-08-14 13:50 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C.torrent2013-08-14 12:10 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-08-14 12:10 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-08-14 12:10 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-08-14 12:10 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-08-14 12:10 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-14 12:10 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-14 12:10 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-14 12:10 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-14 12:10 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-14 12:10 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-14 12:10 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-14 12:10 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-14 12:10 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-14 12:10 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-14 12:10 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-08-14 12:10 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-14 12:09 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-14 12:09 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-14 12:09 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-14 12:09 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-14 12:09 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-14 12:09 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-14 12:09 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-14 12:09 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-14 12:09 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-14 12:09 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-13 17:19 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-13 17:19 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-13 17:19 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-13 17:19 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-13 17:19 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-13 17:19 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-13 17:19 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-08-13 17:19 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-13 17:19 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-13 17:19 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-13 17:19 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-13 17:19 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-13 17:19 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-13 17:19 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-13 17:19 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-13 17:19 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-13 17:19 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-13 17:19 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-13 17:19 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-13 17:19 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-13 17:19 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-13 17:19 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-13 17:19 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-13 17:19 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-13 17:19 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-13 17:19 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-13 17:19 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-06 15:25 - 2013-08-06 15:25 - 00343846 _____ C:\Users\Aguugz\Desktop\COCCL - Room List 08-06-13.txt2013-08-06 15:07 - 2013-08-06 15:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-06 10:13 - 2013-08-06 10:13 - 00000857 _____ C:\Users\Aguugz\Desktop\µTorrent.lnk2013-08-06 10:13 - 2013-08-06 10:13 - 00000837 _____ C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Cisco2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\ProgramData\Cisco2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Cisco2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\Users\Aguugz\AppData\Local\WinZip Courier2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\ProgramData\WinZipEC2013-08-01 08:42 - 2013-08-14 12:06 - 00000000 ____D C:\Windows\system32\MRT2013-07-29 12:02 - 2013-07-29 12:02 - 00000000 ____D C:\Users\Aguugz\AppData\Local\DIRECTV Player2013-07-29 12:00 - 2013-07-29 12:01 - 13024568 _____ (DIRECTV) C:\Users\Aguugz\Downloads\DIRECTV_Player_8.0.exe ==================== One Month Modified Files and Folders ======= 2013-08-28 18:03 - 2011-10-17 08:34 - 00000000 ____D C:\Users\Aguugz\Documents\Outlook Files2013-08-28 18:03 - 2011-09-26 11:01 - 00488962 _____ C:\Windows\SysWOW64\TVersityMediaServer.log2013-08-28 18:03 - 2009-07-14 00:13 - 00747834 _____ C:\Windows\system32\PerfStringBackup.INI2013-08-28 18:02 - 2013-08-28 18:02 - 00000000 ____D C:\FRST2013-08-28 18:02 - 2013-08-28 18:01 - 00000000 ____D C:\Users\Aguugz\Desktop\IT Toolkit2013-08-28 17:37 - 2011-03-02 07:07 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job2013-08-28 17:36 - 2011-02-25 03:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-28 17:28 - 2011-09-26 11:01 - 01024114 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.12013-08-28 17:20 - 2011-03-13 08:53 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job2013-08-28 17:10 - 2013-02-08 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-28 16:13 - 2011-09-26 11:01 - 01024004 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.22013-08-28 15:53 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-28 15:53 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-28 15:52 - 2013-08-28 15:52 - 00001673 _____ C:\Users\Aguugz\Desktop\JRT.txt2013-08-28 15:49 - 2011-02-25 12:24 - 01909266 _____ C:\Windows\WindowsUpdate.log2013-08-28 15:46 - 2013-08-28 15:46 - 00000000 ____D C:\Windows\ERUNT2013-08-28 15:46 - 2011-12-06 23:59 - 00000000 ___RD C:\Users\Aguugz\Dropbox2013-08-28 15:46 - 2011-12-06 23:57 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Dropbox2013-08-28 15:45 - 2013-08-28 15:45 - 01021434 _____ (Thisisu) C:\Users\Aguugz\Desktop\JRT.exe2013-08-28 15:44 - 2013-08-26 20:43 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-10002013-08-28 15:44 - 2013-08-26 12:37 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-10002013-08-28 15:44 - 2013-03-06 09:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2.job2013-08-28 15:44 - 2013-02-01 10:47 - 00000000 ____D C:\ProgramData\VMware2013-08-28 15:43 - 2013-08-27 11:25 - 00000728 _____ C:\Windows\setupact.log2013-08-28 15:43 - 2011-03-19 05:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl2013-08-28 15:43 - 2011-02-25 12:37 - 00000000 ____D C:\ProgramData\NVIDIA2013-08-28 15:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-28 15:42 - 2013-08-27 13:31 - 00015102 _____ C:\Windows\PFRO.log2013-08-28 15:39 - 2013-08-28 15:34 - 00000000 ____D C:\AdwCleaner2013-08-28 15:09 - 2013-08-28 15:09 - 01656459 _____ C:\Users\Aguugz\Desktop\winrar-x64-420.exe2013-08-28 15:06 - 2013-08-26 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job2013-08-28 14:57 - 2013-08-28 14:57 - 00033076 _____ C:\Users\Aguugz\Desktop\combofix.txt2013-08-28 14:56 - 2013-08-28 14:56 - 00033076 _____ C:\ComboFix.txt2013-08-28 14:56 - 2013-08-28 14:27 - 00000000 ____D C:\Qoobox2013-08-28 14:56 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default2013-08-28 14:53 - 2011-02-25 00:42 - 00000000 ___RD C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-08-28 14:51 - 2013-08-28 14:27 - 00000000 ____D C:\Windows\erdnt2013-08-28 14:40 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini2013-08-28 14:36 - 2013-04-02 12:14 - 00000000 ____D C:\Program Files (x86)\Yammer2013-08-28 14:22 - 2013-08-28 14:22 - 05114728 ____R (Swearware) C:\Users\Aguugz\Desktop\ComboFix.exe2013-08-28 14:22 - 2011-02-25 00:39 - 00000000 ____D C:\Users\Aguugz2013-08-28 14:18 - 2013-08-28 11:41 - 967039928 _____ C:\Users\Aguugz\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso2013-08-28 13:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing2013-08-28 13:35 - 2013-08-28 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-28 13:35 - 2013-08-28 12:53 - 00000000 ____D C:\Users\Aguugz\Desktop\mbar2013-08-28 13:34 - 2013-07-23 14:06 - 00000000 ____D C:\Users\Aguugz\Desktop\DT ICONS2013-08-28 13:19 - 2013-08-26 22:23 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-08-28 13:19 - 2011-05-06 04:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt2013-08-28 13:12 - 2013-01-30 01:40 - 00000000 ____D C:\Windows\pss2013-08-28 12:51 - 2013-08-28 12:42 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Aguugz\Desktop\mbar-1.07.0.1005.exe2013-08-28 12:39 - 2013-08-28 12:37 - 09876312 _____ (PC Tools ) C:\Users\Aguugz\Desktop\tfinstall.exe2013-08-28 11:38 - 2013-08-28 08:56 - 00000000 ____D C:\Users\Aguugz\Desktop\RK_Quarantine2013-08-28 08:58 - 2013-08-28 08:58 - 00006940 _____ C:\Users\Aguugz\Desktop\RKreport[0]_S_08282013_085820.txt2013-08-28 08:55 - 2011-04-25 18:47 - 00000000 ____D C:\Users\Aguugz\Documents\WePrint2013-08-28 08:50 - 2013-08-28 08:50 - 03771904 _____ C:\Users\Aguugz\Desktop\RogueKillerX64.exe2013-08-28 08:37 - 2011-03-02 07:07 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job2013-08-28 02:00 - 2013-08-26 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job2013-08-27 19:20 - 2011-03-13 08:53 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job2013-08-27 16:53 - 2011-03-04 15:08 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\uTorrent2013-08-27 16:14 - 2009-07-14 00:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-27 16:08 - 2013-08-27 16:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Aguugz\Desktop\MicrosoftFixit.wu.LB.2730106675446385.1.1.Run.exe2013-08-27 15:06 - 2013-08-26 12:18 - 00038199 _____ C:\Users\Aguugz\Desktop\dds.txt2013-08-27 15:06 - 2013-08-26 12:18 - 00013388 _____ C:\Users\Aguugz\Desktop\attach.txt2013-08-27 15:00 - 2011-10-12 08:56 - 00000039 _____ C:\Windows\vbaddin.ini2013-08-27 15:00 - 2011-10-12 08:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-08-27 14:59 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini2013-08-27 13:31 - 2013-03-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-08-27 11:25 - 2013-08-27 11:25 - 00000000 _____ C:\Windows\setuperr.log2013-08-27 10:51 - 2013-08-27 10:51 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Malwarebytes2013-08-27 10:51 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-27 10:50 - 2013-08-27 10:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-27 10:45 - 2013-08-26 15:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-08-27 10:24 - 2013-08-27 10:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Aguugz\Downloads\mbam-clean-1.60.2.0003.exe2013-08-26 22:25 - 2013-08-26 22:25 - 00332732 _____ C:\Users\Aguugz\Documents\cc_20130826_222511.reg2013-08-26 22:24 - 2011-02-25 03:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-08-26 22:22 - 2010-01-26 13:26 - 00000000 ____D C:\Windows\Panther2013-08-26 21:13 - 2013-08-26 21:13 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-08-26 21:13 - 2013-08-26 21:13 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-08-26 21:13 - 2013-08-26 21:13 - 00000000 ____D C:\Program Files\CCleaner2013-08-26 21:13 - 2013-08-26 21:12 - 04454952 _____ (Piriform Ltd) C:\Users\Aguugz\Downloads\ccsetup405.exe2013-08-26 21:07 - 2011-03-11 23:46 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\vlc2013-08-26 20:59 - 2013-08-26 20:59 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-08-26 18:39 - 2011-03-02 02:39 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Mozilla2013-08-26 17:15 - 2013-01-30 09:47 - 00000000 ____D C:\Program Files (x86)\ophcrack2013-08-26 15:06 - 2013-08-26 15:06 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac2013-08-26 15:06 - 2013-08-26 15:06 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc7352013-08-26 15:05 - 2013-08-26 15:05 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\SUPERAntiSpyware.com2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-26 13:34 - 2013-08-26 13:32 - 27229688 _____ (SUPERAntiSpyware) C:\Users\Aguugz\Downloads\SUPERAntiSpyware.exe2013-08-26 13:31 - 2013-08-26 13:31 - 00001087 _____ C:\Users\Aguugz\Desktop\Continue Download Helper Installation.lnk2013-08-26 12:55 - 2013-08-26 12:55 - 02347384 _____ (ESET) C:\Users\Aguugz\Downloads\esetsmartinstaller_enu.exe2013-08-26 12:30 - 2013-08-26 11:52 - 492597008 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\WindowsXPMode_en-us (1).exe2013-08-26 11:41 - 2013-08-26 11:41 - 01528184 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\GenuineCheck.exe2013-08-26 11:37 - 2013-08-26 11:37 - 00688992 ____R (Swearware) C:\Users\Aguugz\Downloads\dds.com2013-08-26 10:48 - 2013-08-26 10:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aguugz\Downloads\iexplorer.exe2013-08-26 09:35 - 2013-05-21 09:31 - 00002196 ____H C:\Users\Aguugz\Documents\Default.rdp2013-08-22 15:54 - 2013-08-22 15:54 - 00000000 ____D C:\Users\Aguugz\.shsh2013-08-22 15:31 - 2013-08-22 15:31 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iTunes2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iPod2013-08-22 15:30 - 2011-10-16 08:43 - 00000000 ____D C:\Program Files (x86)\iTunes2013-08-22 15:02 - 2013-08-22 15:02 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-08-20 15:48 - 2011-02-25 02:51 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Google2013-08-20 12:44 - 2013-08-20 12:43 - 20285559 _____ C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT.zip2013-08-19 09:09 - 2013-08-19 09:09 - 00029025 _____ C:\Users\Aguugz\Downloads\2BEC9E4483366D4F20A97B800E341B127DE410CE.torrent2013-08-19 09:07 - 2013-08-19 09:07 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB (1).torrent2013-08-19 08:51 - 2013-08-19 08:51 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB.torrent2013-08-15 14:23 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp2013-08-15 14:21 - 2013-02-01 10:55 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\VMware2013-08-15 14:20 - 2013-02-01 10:55 - 00000000 ____D C:\Users\Aguugz\AppData\Local\VMware2013-08-14 16:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-08-14 14:30 - 2013-08-14 14:30 - 00057128 _____ C:\Users\Aguugz\Downloads\42CB1476FA750F9BBDA16432AF40A74DF8EF5D78.torrent2013-08-14 14:29 - 2013-08-14 14:29 - 00029213 _____ C:\Users\Aguugz\Downloads\562ECB0EA9C457FFCE506F14A594566A2F29F85A.torrent2013-08-14 13:56 - 2013-08-14 13:56 - 00057194 _____ C:\Users\Aguugz\Downloads\83A7A73A9608D62BF7B906B96BA7A4B87203078B.torrent2013-08-14 13:55 - 2013-08-14 13:55 - 00028949 _____ C:\Users\Aguugz\Downloads\EA5C135B25751C2C6C4D659502A2A67C0973E2F0.torrent2013-08-14 13:52 - 2013-08-14 13:52 - 00014996 _____ C:\Users\Aguugz\Downloads\77CCD7CA50D887CB888692334DFDEE638DAB3821.torrent2013-08-14 13:51 - 2013-08-14 13:51 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C (1).torrent2013-08-14 13:50 - 2013-08-14 13:50 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C.torrent2013-08-14 12:06 - 2013-08-01 08:42 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 12:03 - 2011-03-02 02:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-06 15:25 - 2013-08-06 15:25 - 00343846 _____ C:\Users\Aguugz\Desktop\COCCL - Room List 08-06-13.txt2013-08-06 15:07 - 2013-08-06 15:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-06 15:07 - 2013-07-09 14:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-08-06 15:07 - 2013-04-05 10:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-08-06 15:07 - 2013-04-05 10:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-08-06 15:07 - 2013-04-02 10:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll2013-08-06 15:07 - 2011-11-09 22:07 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-08-06 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF2013-08-06 10:14 - 2013-04-02 14:48 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\tixati2013-08-06 10:13 - 2013-08-06 10:13 - 00000857 _____ C:\Users\Aguugz\Desktop\µTorrent.lnk2013-08-06 10:13 - 2013-08-06 10:13 - 00000837 _____ C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Cisco2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\ProgramData\Cisco2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Cisco2013-08-02 13:51 - 2013-08-20 12:45 - 00000000 ____D C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\Users\Aguugz\AppData\Local\WinZip Courier2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\ProgramData\WinZipEC2013-07-31 15:40 - 2013-04-02 12:14 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Yammer2013-07-29 12:02 - 2013-07-29 12:02 - 00000000 ____D C:\Users\Aguugz\AppData\Local\DIRECTV Player2013-07-29 12:01 - 2013-07-29 12:00 - 13024568 _____ (DIRECTV) C:\Users\Aguugz\Downloads\DIRECTV_Player_8.0.exe Files to move or delete:====================C:\Users\Aguugz\AppData\Local\Temp\Quarantine.exeC:\Users\Aguugz\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 09:07 ==================== End Of Log ============================
  6. MBAM Log: Says no malware detected, but still getting website redirection!! Oh well, might just have to reinstall Windows 7 again! Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.08.28.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Aguugz :: AGUUGZ-PC [administrator] Protection: Disabled 8/28/2013 5:20:24 PMmbam-log-2013-08-28 (17-20-24).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 330301Time elapsed: 3 minute(s), 58 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  7. MBAM Log: Says no malware detected, but still getting website redirection!! Oh well, might just have to reinstall Windows 7 again! Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.08.28.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Aguugz :: AGUUGZ-PC [administrator] Protection: Disabled 8/28/2013 5:20:24 PMmbam-log-2013-08-28 (17-20-24).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 330301Time elapsed: 3 minute(s), 58 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  8. JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.4 (08.22.2013:1)OS: Windows 7 Home Premium x64Ran by Aguugz on Wed 08/28/2013 at 15:46:32.66~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2737658 ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Aguugz\appdata\locallow\fast free converter"Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{2873E0C3-6B28-407D-9970-5A6783C6953A}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{3978AF7D-C676-4F97-B81F-B696170DEC2F}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{833E80C8-DB72-4C77-88FD-3F7A4EC3AA9E}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{88CDE7D6-00E1-4C3C-8CE6-A9AFD7D74DC2}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{A6F2D022-EF7E-4B95-BA33-12757A6D3A8D}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{C3E957BD-ECEC-43EE-8757-8EF690C64B99}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{F18B5DAD-9CBD-4E21-A8EA-0D787819B15D}Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{FB5BF2F8-A0D7-45DE-81EE-E942739CC321} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 08/28/2013 at 15:52:26.61End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. Post Reboot AdwCleaner report: Am now running JRT. MBAM and Avast disabled. # AdwCleaner v3.001 - Report created 28/08/2013 at 15:39:13# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Aguugz - AGUUGZ-PC# Running from : C:\Users\Aguugz\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Program Files\BabylonFolder Deleted : C:\Users\Aguugz\AppData\Local\Bundled software uninstallerFolder Deleted : C:\Users\Aguugz\AppData\Local\PackageAwareFolder Deleted : C:\Users\Aguugz\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Freya\AppData\Local\BabylonFolder Deleted : C:\Users\Freya\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Hasna\AppData\Local\BabylonFolder Deleted : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\jetpackFolder Deleted : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}Folder Deleted : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdmFile Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdmKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLLKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKCU\Software\BIKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\ImeshKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKLM\Software\Conduit ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\prefs.js ] Line Deleted : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);Line Deleted : user_pref("extensions.enabledItems", "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1,foxyproxy@eric.h.jung:2.22.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6,mgDownloadHelper@yevgenyandrov.net:1.0.2,{D[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); -\\ Google Chrome v [ File : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5931 octets] - [28/08/2013 15:34:52]AdwCleaner[R1].txt - [5991 octets] - [28/08/2013 15:37:10]AdwCleaner[s0].txt - [5813 octets] - [28/08/2013 15:39:13] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5873 octets] ##########
  10. AdwCleaner report: I didn't need anything listed. Followed your instructions and did a clean on second run. # AdwCleaner v3.001 - Report created 28/08/2013 at 15:34:52# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Aguugz - AGUUGZ-PC# Running from : C:\Users\Aguugz\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\ENDFolder Found : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdmFolder Found : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}Folder Found C:\Program Files\BabylonFolder Found C:\ProgramData\PartnerFolder Found C:\Users\Aguugz\AppData\Local\Bundled software uninstallerFolder Found C:\Users\Aguugz\AppData\Local\PackageAwareFolder Found C:\Users\Aguugz\AppData\LocalLow\ConduitFolder Found C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\jetpackFolder Found C:\Users\Freya\AppData\Local\BabylonFolder Found C:\Users\Freya\AppData\LocalLow\ConduitFolder Found C:\Users\Hasna\AppData\Local\Babylon ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\BIKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\ImeshKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Found : [x64] HKCU\Software\BIKey Found : [x64] HKCU\Software\ConduitKey Found : [x64] HKCU\Software\ImeshKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdmKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\prefs.js ] Line Found : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);Line Found : user_pref("extensions.enabledItems", "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1,foxyproxy@eric.h.jung:2.22.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6,mgDownloadHelper@yevgenyandrov.net:1.0.2,{D[...]Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); -\\ Google Chrome v [ File : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5775 octets] - [28/08/2013 15:34:52] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5835 octets] ##########
  11. MrCharlie, Per your request, I have ran ComboFix and attached the txt file. Thanks again for all your invaluable assistance. ComboFix.txt
  12. MrCharlie, I did as you instructed. Scan didn't find anything. I still am being redirected to the sites I talked about previously. When url is being redirected, the address displays fastfreeconverter for a split second and then ilivid, wizard 101, or other websites are displayed. mbar-log-2013-08-28 (13-14-13).txt system-log.txt
  13. Should I disable Avast prior to running mbar? Thanks.
  14. Thanks in advance for all your assistance. I did as you suggested. I turned off Defender, disabled utorrent and deleted whatever keygens/cracks I could find. I ran RogueKiller 64bit and closed it out without fixing anything. RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Aguugz [Admin rights]Mode : Scan -- Date : 08/28/2013 08:58:20| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [7] -> KILLED [TermProc][sUSP PATH] NDSPCShowServer.exe -- C:\Users\Aguugz\AppData\Local\DIRECTV Player\NDSPCShowServer.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2531113335-1326481275-3410773886-1000\[...]\Run : Google Update ("C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2531113335-1326481275-3410773886-1000\[...]\Run : PCShowServer ("C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:10081) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 9 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V2][sUSP PATH] KMS Activation for Office : C:\Windows\KMSAct.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤[FF][PROXY] f57z29r6.default : user_pref("network.proxy.hxxp", "proxy1.emirates.net.ae"); -> FOUND[FF][PROXY] f57z29r6.default : user_pref("network.proxy.hxxp_port", 8080); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\Users\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]-> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD15EADS-22P8B0 +++++--- User ---[MBR] 580179ec5e8903d9c640981d3e43395a[bSP] 5553c15a8ce7c12c984c57ef7254606f : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11720 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24006656 | Size: 122 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24258150 | Size: 1418953 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD15EADS-22P8B0 +++++--- User ---[MBR] 105496f9069088d6aa438dbbc69b9e71[bSP] 3ef1edbd72062b7c3931aab2ef2db7bf : Empty MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 432201 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885165433 | Size: 521657 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD15EADS-22P8B0 +++++--- User ---[MBR] 80437cd8b9e3133868a6b0722d39af1b[bSP] 9b6ebbf7c1a08cbb9ccbeeaea6641cdb : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476907 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_08282013_085820.txt >> Let me know if you need any further information. Regards,Ageel
  15. Initial problems: Website redirection to ilivid, wizard 101, jollywallet pop ups...etc. System restore was turned off by virus (es?), earlier restore points deleted, unable to update MBAM. Was finally able to turn on System restore, but previous points still deleted, now able to update MBAM. I updated it, ran a quick and a full scan, and a boot time scan. I also ran scans with SuperAntiSpyware and Avast. There were detections, which I removed from my system, but I still am having issues with my browsers being redirected! I use FF, Chrome and IE, all have been updated to the current release. Alot of times when I click on a link, I am redirected to one of the aforementioned sites. I have ran scans multiple times and rebooted multiple times, but I still keep getting the same problem when using all 3 browsers. Your assistance will be greatly appreciated. I have attached the dds.txt, attach.txt and the mbam log. Let me know if I need to include anything else. Thanks.attach.txtdds.txtmbam-log-2013-08-27 (10-53-36).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.