Jump to content

eddy123

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by eddy123

    how to remove PUM.UserWLoad and Trojan.Agent

    in Resolved Malware Removal Logs

    Posted

    RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com




     

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Eddy [Admin rights]

    Mode : Scan -- Date : 09/15/2013 00:26:11

    | ARK || FAK || MBR |

     

    ¤¤¤ Bad processes : 0 ¤¤¤

     

    ¤¤¤ Registry Entries : 6 ¤¤¤

    [sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Eddy\LOCALS~1\Temp\mswrkv.exe [x]) -> FOUND

    [sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Eddy\LOCALS~1\Temp\mswrkv.exe [x]) -> FOUND

    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [bROK VAL] HKCR\[...]\command :  () -> MISSING

     

    ¤¤¤ Scheduled tasks : 4 ¤¤¤

    [V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\windows\TEMP\{99A48462-5121-4253-8138-CDDA9C28F5A0}.exe - --uninstall=1 [x] -> FOUND

    [V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\windows\TEMP\{40314581-E1AA-47B0-867E-B0131C700290}.exe - --uninstall=1 [x] -> FOUND

    [V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\windows\TEMP\{40314581-E1AA-47B0-867E-B0131C700290}.exe - --uninstall=1 [x] -> FOUND

    [V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\windows\TEMP\{99A48462-5121-4253-8138-CDDA9C28F5A0}.exe - --uninstall=1 [x] -> FOUND

     

    ¤¤¤ Startup Entries : 3 ¤¤¤

    [Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

    [Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

    [DefaultAppPool][sUSP PATH] Best Buy pc app.lnk : C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

     

    ¤¤¤ Web browsers : 0 ¤¤¤

     

    ¤¤¤ Particular Files / Folders: ¤¤¤

     

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

     

    ¤¤¤ External Hives: ¤¤¤

     

    ¤¤¤ Infection :  ¤¤¤

     

    ¤¤¤ HOSTS File: ¤¤¤

    --> %SystemRoot%\System32\drivers\etc\hosts

     

     

     

     

    ¤¤¤ MBR Check: ¤¤¤

     

    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++

    --- User ---

    [MBR] fd84593535230c8cc752dbb735a98a3f

    [bSP] cedacd4b54b1de3b38a4718d7781dd7b : KIWI Image system MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 278528 Mo

    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 570632192 | Size: 416423 Mo

    3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1423466496 | Size: 20351 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

     

    Finished : << RKreport[0]_S_09152013_002611.txt >>

    how to remove PUM.UserWLoad and Trojan.Agent

    in Resolved Malware Removal Logs

    Posted

    Attach.txt contents:

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/27/2012 7:45:01 AM
    System Uptime: 9/14/2013 11:17:17 PM (1 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | QX311/QX411/QX412/QX511
    Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 272 GiB total, 172.494 GiB free.
    D: is FIXED (NTFS) - 407 GiB total, 126.201 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_C0A0144D&REV_06\4&3A33A527&0&00E3
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_C0A0144D&REV_06\4&3A33A527&0&00E3
    Service: RTL8167
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel® Centrino® WiMAX 6150
    Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8087_07D6\1&1869C5E3&0&1
    Manufacturer: Intel Corporation
    Name: Intel® Centrino® WiMAX 6150
    PNP Device ID: {12110A2A-BBCC-418B-B9F4-76099D720767}\BPMP_8087_07D6\1&1869C5E3&0&1
    Service: bpmp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&01
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&02
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1FD03075&0&02
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP88: 9/5/2013 1:22:29 AM - Installed Jar2Exe Wizard
    RP89: 9/5/2013 1:23:52 AM - Installed Jar2Exe Wizard
    RP90: 9/10/2013 11:46:15 PM - Windows Update
    RP91: 9/13/2013 12:48:55 PM - Removed Google Talk Plugin
    RP92: 9/14/2013 10:28:51 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    Adobe AIR
    Adobe Download Assistant
    Adobe Dreamweaver CS6
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Photoshop CS5.1
    Adobe Reader 9.1
    Adobe Widget Browser
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira Free Antivirus
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    BatteryLifeExtender
    Best Buy pc app
    Bonjour
    Canon E610 series MP Drivers
    Canon E610 series On-screen Manual
    Canon IJ Scan Utility
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon My Image Garden
    Canon My Image Garden Design Files
    Canon My Printer
    Canon Speed Dial Utility
    CCleaner
    ChargeableUSB
    CyberLink Media Suite
    CyberLink Media+ Player10
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink YouCam 5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Easy Content Share
    Easy Display Manager
    Easy Migration
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    EasyFileShare
    Facebook Messenger 2.1.4814.0
    Fast Start
    Fotogalerija Windows Live
    Free Audio Converter version 5.0.23.320
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    GlassFish Server Open Source Edition 3.1.2.2
    GlassFish Server Open Source Edition 4.0
    Google Chrome
    Google Update Helper
    Heroku version 2.39.5
    Install Creator
    Intel PROSet Wireless
    Intel® Control Center
    Intel® Management Engine Components
    Intel® Processor Graphics
    Intel® PROSet/Wireless WiFi Software
    Intel® Rapid Storage Technology
    Intel® Turbo Boost Technology Monitor 2.0
    Intel® Wireless Display
    Intel® PROSet/Wireless WiMAX Software
    Internet Information Services (IIS) 7 Manager
    iTunes
    Jar2Exe Wizard
    Java 7 Update 25
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 21
    Java SE Development Kit 7 Update 9 (64-bit)
    JSmooth 0.9.9-7
    Junk Mail filter update
    MakeInstall
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Movie Color Enhancer
    MSVCRT
    MSVCRT_amd64
    NetBeans IDE 7.3.1
    Notepad++
    NVIDIA Control Panel 266.72
    NVIDIA Graphics Driver 266.72
    NVIDIA Install Application
    NVIDIA Optimus 1.0.15
    NVIDIA Update Components
    PDF Settings CS5
    PhotoScape
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Pošta Windows Live
    Raccolta foto di Windows Live
    RailsInstaller 2.2.2
    RAPTOR
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Ruby 1.9.3-p448
    S?????? f?t???af??? t?? Windows Live
    Samsung AnyWeb Print
    Samsung Printer Live Update
    Samsung Recovery Solution 5
    Samsung Support Center
    Samsung Universal Print Driver
    Samsung Universal Scan Driver
    Samsung Update Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skype™ 6.3
    SRS Premium Sound Control Panel
    Stardock Fences 2
    Steam
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    User Guide
    VirtualDJ Home FREE
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.8
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinRAR 4.20 (64-bit)
    WordWeb
    YTD Video Downloader 4.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2013 2:15:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    9/14/2013 9:22:05 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
    9/12/2013 1:46:27 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    9/12/2013 1:46:24 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    9/10/2013 5:59:09 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/10/2013 5:59:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware service to connect.
    9/10/2013 5:59:01 PM, Error: Service Control Manager [7000]  - The Ad-Aware service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    9/10/2013 5:59:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
    .
    ==== End Of File ===========================
     
     
     
    DDS.txt contents:
     
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 
    Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
    Run by Eddy at 0:11:49 on 2013-09-15
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.63.1033.18.6058.4035 [GMT 8:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\rundll32.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\hkcmd.exe
    C:\Users\Eddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Eddy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
    uWindows: Load = C:\Users\Eddy\LOCALS~1\Temp\mswrkv.exe
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [AdobeBridge] <no file>
    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\Eddy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Eddy\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: SafeKey Fill Forms - C:\Users\Eddy\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    TCP: NameServer = 124.106.7.2 124.106.5.2
    TCP: Interfaces\{4E655F89-F186-489A-BE54-1D42F6EC1C02} : DHCPNameServer = 124.106.7.2 124.106.5.2
    TCP: Interfaces\{4E655F89-F186-489A-BE54-1D42F6EC1C02}\A42584023427F677E6 : DHCPNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
    x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-5-11 25960]
    R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-9-14 28600]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-5-11 13824]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-9-14 84024]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-9-14 108088]
    R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-9-14 105344]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-1-18 75264]
    R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-1-18 81920]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-11-12 31216]
    R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-5-12 317440]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
    S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-1-18 173568]
    S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-7-31 39504]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-11 425064]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-14 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-31 1255736]
    S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-9-14 815160]
    S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-1-30 499200]
    S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S4 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-5-12 166704]
    S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
    S4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
    S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-11 2655768]
    S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-1-30 885248]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-09-14 06:49:50 -------- d-----w- C:\Users\Eddy\AppData\Roaming\Avira
    2013-09-14 06:45:32 81112 ----a-w- C:\windows\System32\drivers\avnetflt.sys
    2013-09-14 06:43:22 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
    2013-09-14 06:43:22 105344 ----a-w- C:\windows\System32\drivers\avgntflt.sys
    2013-09-14 06:43:20 -------- d-----w- C:\ProgramData\Avira
    2013-09-14 06:43:20 -------- d-----w- C:\Program Files (x86)\Avira
    2013-09-14 02:29:55 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50735700-B98A-42C9-BC4E-B21C40BBF1DB}\mpengine.dll
    2013-09-13 03:47:39 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2013-09-13 03:47:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-09-10 15:48:56 -------- d-----w- C:\windows\System32\MRT
    2013-09-10 15:40:47 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-09-04 17:27:04 -------- d-----w- C:\Program Files\Jar2Exe Wizard
    2013-09-04 16:42:48 -------- d-----w- C:\Users\Eddy\AppData\Roaming\Clickteam
    2013-09-04 16:42:22 -------- d-----w- C:\Program Files (x86)\Install Creator
    2013-09-04 16:25:59 -------- d-----w- C:\Program Files (x86)\MakeInstall
    2013-09-04 16:25:56 -------- d-----w- C:\Users\Eddy\applogs
    2013-09-04 13:37:31 -------- d-----w- C:\Program Files (x86)\JSmooth 0.9.9-7
    2013-09-04 08:02:23 -------- d-----w- C:\Users\Eddy\New folder (2)
    2013-08-29 13:26:10 -------- d-----w- C:\Users\Eddy\New folder
    2013-08-23 15:02:19 -------- d-----w- C:\Users\Eddy\AppData\Local\{BD6FB99A-B3ED-48E7-8232-CC6772990A21}
    2013-08-20 03:46:53 -------- d-----w- C:\Users\Eddy\AppData\Roaming\PDAppFlex
    .
    ==================== Find3M  ====================
    .
    2013-08-06 20:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
    2013-07-28 12:17:28 26549760 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-25 03:37:25 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2013-07-25 03:30:49 1392128 ----a-w- C:\windows\System32\wininet.dll
    2013-07-25 03:29:41 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2013-07-25 03:28:46 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2013-07-25 03:28:31 599040 ----a-w- C:\windows\System32\vbscript.dll
    2013-07-25 03:27:20 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2013-07-25 02:32:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-07-25 02:26:10 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-07-25 02:25:30 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2013-07-25 02:23:59 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2013-07-25 02:23:58 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2013-07-25 02:22:35 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-06-30 06:16:51 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-30 06:16:51 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    2013-06-30 06:16:51 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-10-10 08:29:25 193643728 ----a-w- C:\Program Files\CyberLink.5.0.1523d.18978_YUC120326-06.exe
    .
    ============= FINISH:  0:12:04.91 ===============
     

    how to remove PUM.UserWLoad and Trojan.Agent

    in Resolved Malware Removal Logs

    Posted

    I cant seem to delete them with malwarebytes. There were some other malware detected too.

     

    here's the result of my scan:

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Database version: v2013.09.14.05
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Eddy :: EDDY-PC [administrator]
     
    9/14/2013 10:37:07 PM
    mbam-log-2013-09-14 (22-37-07).txt
     
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 300898
    Time elapsed: 10 minute(s), 31 second(s)
     
    Memory Processes Detected: 0
    (No malicious items detected)
     
    Memory Modules Detected: 0
    (No malicious items detected)
     
    Registry Keys Detected: 0
    (No malicious items detected)
     
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\Eddy\LOCALS~1\Temp\mswrkv.exe -> Delete on reboot.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Eddy\LOCALS~1\Temp\mswrkv.exe -> Delete on reboot.
     
    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&ctid=CT3220468) Good: (http://www.google.com) -> Quarantined and repaired successfully.
     
    Folders Detected: 3
    C:\Users\Eddy\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Eddy\AppData\Roaming\OpenCandy\74EF1688C8B8431795FD73D076FEEF83 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Eddy\AppData\Roaming\OpenCandy\3B6E26C93EF441DAADE42E13D54FC72D (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
     
    Files Detected: 4
    C:\Users\Eddy\AppData\Roaming\OpenCandy\74EF1688C8B8431795FD73D076FEEF83\PasswordBoxCHSTORE_p1v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Eddy\AppData\Local\Temp\nsu1AC.tmp\Offercast2802_SGT_.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
    C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
    C:\Users\Eddy\AppData\Roaming\OpenCandy\3B6E26C93EF441DAADE42E13D54FC72D\RegistryReviverSetup_AFF.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
     
    (end)
     
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.