KilleN
-
Posts
28 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by KilleN
-
it did not find anything else .. he is what u asked for .. thank u soo much for your help it is runnig much better ty Addition.txt FRST.txt -
he is part 2 AdwCleaner[C00].txt
-
ok this is what u asked for from step 1.. going to start step 2 now Fixlog.txt
-
he is what u asked for.. mbst-grab-results.zip
-
So I believe during the course of my brother in-law using his new PC he downloaded a game or movie or something that deeply infected him. I can't remove the root issues with either Malwarebytes or Bitdefender but over time as the virus/malware repopulates some of its stuff in appdata and temp folders it will pick it up again. So I think the root issue is something I will definitely need help identifying and removing (Baring this im going to reformat his PC but if I can avoid that it would becool. Thanks so much) Below are the logs requested in the stickied thread explaining how to best get assistance. If there is anything else needed please let me know and I will provide it ASAP. I appreciate your time and help. FRST.txt Addition.txt MWbyteslog.txt
-
Here is the last logfile. So far seems to be running better... ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=53ee1b3066c1454e8bc5a4c9a4c0aceb# end=init# utc_time=2015-08-01 04:51:32# local_time=2015-08-01 12:51:32 (-0500, Eastern Daylight Time)# country="United States"# osver=6.1.7601 NT Service Pack 1Update InitUpdate DownloadUpdate FinalizeUpdated modules version: 25076# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=53ee1b3066c1454e8bc5a4c9a4c0aceb# end=updated# utc_time=2015-08-01 04:55:43# local_time=2015-08-01 12:55:43 (-0500, Eastern Daylight Time)# country="United States"# osver=6.1.7601 NT Service Pack 1# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7777# api_version=3.1.1# EOSSerial=53ee1b3066c1454e8bc5a4c9a4c0aceb# engine=25076# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-08-01 06:55:39# local_time=2015-08-01 02:55:39 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1='AVG AntiVirus Free Edition 2014'# compatibility_mode=1051 16777213 100 100 28774 124602923 0 0# compatibility_mode_1=''# compatibility_mode=5893 16776574 66 85 62886893 189955589 0 0# scanned=217922# found=0# cleaned=0# scan_time=7196
-
Oh so sorry I must have missed that step somehow. Here is the fixlog and currently going to run the eset scanner now. Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015Ran by Owner (2015-08-01 00:35:31) Run:1Running from C:\Users\Owner\DesktopLoaded Profiles: Owner (Available Profiles: Owner)Boot Mode: Normal============================================== fixlist content:*****************StartHKU\S-1-5-21-2506510586-2041945763-302385794-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!FF DefaultSearchEngine: My Web SearchFF SelectedSearchEngine: My Web SearchFF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F8742972-7A4A-437E-B783-F299F87B2E1E&n=780b89e3&ind=2014022115&id=CDxdm003YYus&ptnrS=CDxdm003YYus&si=CMTZ-qf4wa0CFcZM4AodIWXsBA&searchfor=FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\user.js [2015-06-21]FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\searchplugins\askcom.xml [2013-07-21]S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32464 2014-07-16] () <==== ATTENTIONC:\Windows\System32\DRIVERS\fileHiders.sys2015-02-10 19:30 - 2015-02-10 19:30 - 6103040 _____ () C:\Program Files (x86)\GUT3ABF.tmp2015-07-19 21:08 - 2015-07-19 21:08 - 6420480 _____ () C:\Program Files (x86)\GUTC217.tmp2014-02-16 20:08 - 2014-02-16 20:08 - 0000000 _____ () C:\ProgramData\273e3d313d5f292b_cCustomCLSID: HKU\S-1-5-21-2506510586-2041945763-302385794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No FilepathEmptytemp:End***************** HKU\S-1-5-21-2506510586-2041945763-302385794-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found. HKU\S-1-5-21-2506510586-2041945763-302385794-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found. Firefox DefaultSearchEngine removed successfullyFirefox SelectedSearchEngine removed successfullyFirefox Keyword.URL removed successfully"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfullyC:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\user.js not found."C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\searchplugins\askcom.xml" => not found.fileHiders => service not found."C:\Windows\System32\DRIVERS\fileHiders.sys" => File/Folder not found."C:\Program Files (x86)\GUT3ABF.tmp" => File/Folder not found."C:\Program Files (x86)\GUTC217.tmp" => File/Folder not found.C:\ProgramData\273e3d313d5f292b_c => moved successfully.HKU\S-1-5-21-2506510586-2041945763-302385794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => key not found. EmptyTemp: => 266.5 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 00:40:15 ====
-
EDIT*** (This is the updated Malwarebytes log. Hope this is everything, thanks for helping me out.) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/31/2015Scan Time: 12:02 AMLogfile: Administrator: Yes Version: 2.1.8.1057Malware Database: v2015.07.31.01Rootkit Database: v2015.07.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Owner Scan Type: Threat ScanResult: CancelledObjects Scanned: 875Time Elapsed: 2 min, 32 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/31/2015Scan Time: 1:05 AMLogfile: Administrator: Yes Version: 2.1.8.1057Malware Database: v2015.07.31.01Rootkit Database: v2015.07.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Owner Scan Type: Threat ScanResult: CompletedObjects Scanned: 359743Time Elapsed: 31 min, 31 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 2Trojan.Poweliks.B, HKU\S-1-5-21-2506510586-2041945763-302385794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Delete-on-Reboot, [81ccb43446447abc661dde24a15fc53b], Trojan.Poweliks, HKU\S-1-5-21-2506510586-2041945763-302385794-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\ ^ , Quarantined, [b7966187fc8e52e41175a85a5da3cf31], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
-
Last log requested. (I will run Malwarebytes once more just incase I have to. Log coming soon as its done) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.13, November 2010Started On Wed Nov 24 21:49:33 2010 Engine internal result code = 80508015 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 24 21:50:43 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.14, December 2010Started On Wed Dec 15 21:47:19 2010->Scan ERROR: resource process://pid:2900 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:1084 (code 0x00000005 (5)) Engine internal result code = 80508015 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 21:49:02 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.15, January 2011Started On Tue Jan 11 23:33:45 2011->Scan ERROR: resource process://pid:3600 (code 0x00000005 (5)) Engine internal result code = 80508015 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 11 23:35:26 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.16, February 2011Started On Wed Feb 09 21:09:59 2011->Scan ERROR: resource process://pid:852 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4280 (code 0x00000005 (5))->Scan ERROR: resource process://pid:508 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2196 (code 0x00000490 (1168)) Engine internal result code = 80508015 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 09 21:12:32 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.17, March 2011Started On Thu Mar 10 14:09:09 2011->Scan ERROR: resource process://pid:624 (code 0x00000005 (5))->Scan ERROR: resource process://pid:4832 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 14:12:29 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.18, April 2011Started On Thu Apr 14 21:09:21 2011 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 14 21:11:50 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.18, April 2011Started On Sun May 01 22:26:35 2011->Scan ERROR: resource process://pid:960 (code 0x00000005 (5))->Scan ERROR: resource process://pid:2836 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4112 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4572 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun May 01 22:30:33 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.19, May 2011Started On Fri May 20 15:49:19 2011->Scan ERROR: resource process://pid:4548 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri May 20 15:50:55 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.20, June 2011Started On Wed Jun 29 14:59:30 2011->Scan ERROR: resource process://pid:4064 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3924 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 29 15:03:05 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.21, July 2011Started On Fri Jul 15 02:02:03 2011->Scan ERROR: resource process://pid:1864 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4328 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 15 02:05:05 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.22, August 2011Started On Mon Aug 22 10:20:53 2011->Scan ERROR: resource process://pid:908 (code 0x00000005 (5))->Scan ERROR: resource process://pid:2328 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3104 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3804 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4664 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:1348 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4660 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3868 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2604 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4224 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4252 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 22 10:25:47 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.0, September 2011Started On Thu Sep 15 21:46:22 2011->Scan ERROR: resource process://pid:3536 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4236 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3008 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3152 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2740 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 15 21:58:22 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.0, September 2011Started On Wed Sep 28 12:15:45 2011->Scan ERROR: resource process://pid:2988 (code 0x00000005 (5))->Scan ERROR: resource process://pid:4544 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4328 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 28 12:17:47 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.1, October 2011Started On Fri Oct 14 12:00:00 2011->Scan ERROR: resource process://pid:3332 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2352 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 14 12:04:41 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.2, November 2011Started On Sat Nov 12 09:57:07 2011->Scan ERROR: resource process://pid:4628 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5052 (code 0x0000012B (299))->Scan ERROR: resource process://pid:1736 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:692 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5600 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:1808 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3000 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5288 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3112 (code 0x0000012B (299))->Scan ERROR: resource process://pid:5840 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 12 10:00:48 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.3, December 2011Started On Thu Dec 15 20:31:44 2011 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 15 20:40:40 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.4, January 2012Started On Wed Jan 11 18:12:13 2012->Scan ERROR: resource process://pid:2212 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 11 18:16:34 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.5, February 2012Started On Thu Feb 16 22:37:40 2012->Scan ERROR: resource process://pid:5632 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 16 22:41:41 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.6, March 2012Started On Wed Mar 14 14:17:00 2012->Scan ERROR: resource process://pid:1948 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 14 14:19:41 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.7, April 2012Started On Sun Apr 15 19:28:36 2012->Scan ERROR: resource process://pid:1944 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4228 (code 0x0000012B (299)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 15 19:31:45 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.8, May 2012Started On Wed May 09 17:39:22 2012->Scan ERROR: resource process://pid:5464 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2260 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 17:44:44 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.9, June 2012Started On Mon Jul 16 23:12:34 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 16 23:16:55 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.10, July 2012Started On Mon Jul 23 21:04:37 2012->Scan ERROR: resource process://pid:2764 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4192 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4552 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5672 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:6096 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:1144 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3660 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3368 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5460 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5068 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 23 21:22:43 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Fri Aug 17 12:52:37 2012->Scan ERROR: resource process://pid:1116 (code 0x00000005 (5))->Scan ERROR: resource process://pid:2024 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:6136 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3112 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 17 12:56:51 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Mon Sep 17 23:55:08 2012->Scan ERROR: resource process://pid:1140 (code 0x00000005 (5))->Scan ERROR: resource process://pid:3168 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 17 23:58:04 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.13, October 2012Started On Wed Oct 10 13:14:35 2012->Scan ERROR: resource process://pid:6068 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 13:23:59 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.14, November 2012Started On Wed Nov 14 21:16:07 2012->Scan ERROR: resource process://pid:3716 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 21:18:27 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.15, December 2012Started On Wed Dec 12 16:17:09 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 16:21:36 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013Started On Fri Jan 25 14:46:15 2013->Scan ERROR: resource process://pid:3956 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 25 14:54:50 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013Started On Wed Feb 20 13:39:55 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 20 13:47:45 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.18, March 2013Started On Fri Mar 15 10:59:28 2013->Scan ERROR: resource process://pid:1664 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:3720 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2936 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2480 (code 0x00000005 (5))->Scan ERROR: resource process://pid:5252 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2428 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 15 11:07:16 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.19, April 2013Started On Wed Apr 10 14:45:27 2013->Scan ERROR: resource process://pid:5128 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 14:50:12 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.20, May 2013Started On Wed May 22 10:08:17 2013->Scan ERROR: resource process://pid:1760 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 22 10:16:34 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.21, June 2013Started On Sun Jun 30 20:30:15 2013->Scan ERROR: resource process://pid:3708 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:4444 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 30 20:34:10 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.22, July 2013Started On Sun Jul 21 15:04:28 2013->Scan ERROR: resource process://pid:3188 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5900 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 21 15:11:25 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)Started On Sun Aug 25 13:19:12 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 25 13:23:52 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)Started On Sat Sep 14 20:02:28 2013 Engine: 1.1.9800.0Signatures: 1.157.932.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 14 20:07:10 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)Started On Sun Oct 13 18:05:40 2013 Engine: 1.1.9901.0Signatures: 1.159.530.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 13 18:15:17 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)Started On Fri Nov 15 16:29:38 2013 Engine: 1.1.10003.0Signatures: 1.161.1618.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 15 16:32:34 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)Started On Tue Dec 17 13:44:32 2013 Engine: 1.1.10100.0Signatures: 1.163.1013.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 17 13:51:04 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)Started On Sun Jan 26 17:06:27 2014 Engine: 1.1.10201.0Signatures: 1.165.1273.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 26 17:11:03 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)Started On Sun Feb 16 15:52:42 2014 Engine: 1.1.10201.0Signatures: 1.165.3163.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 16:03:21 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)Started On Mon Mar 31 21:06:33 2014 Engine: 1.1.10302.0Signatures: 1.167.1001.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 31 21:11:49 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)Started On Wed Aug 20 22:03:21 2014 Engine: 1.1.10502.0Signatures: 1.173.1305.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 20 22:10:51 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)Started On Fri Sep 05 08:42:15 2014 Engine: 1.1.10802.0Signatures: 1.179.1796.0 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Thu Sep 11 01:30:11 2014 Engine: 1.1.10904.0Signatures: 1.183.882.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 11 01:38:50 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Sat Nov 01 21:34:58 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 01 22:05:04 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Tue Nov 11 17:03:11 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 11 17:10:02 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Sat Dec 13 22:19:45 2014 Engine: 1.1.11202.0Signatures: 1.189.872.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 13 22:30:21 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Mar 03 14:52:37 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 03 16:00:11 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)Started On Fri Apr 10 14:03:17 2015 Engine: 1.1.11400.0Signatures: 1.193.1181.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 10 14:33:33 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)Started On Wed May 13 17:58:50 2015 Engine: 1.1.11502.0Signatures: 1.195.1215.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 18:43:18 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)Started On Sat May 16 17:05:16 2015 Engine: 1.1.11602.0Signatures: 1.197.1100.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat May 16 17:30:27 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)Started On Fri Jun 12 11:03:52 2015 Engine: 1.1.11701.0Signatures: 1.199.892.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 12 11:14:33 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)Started On Thu Jul 30 16:13:20 2015 Engine: 1.1.11804.0Signatures: 1.201.883.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 30 18:12:19 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)Started On Fri Jul 31 00:53:35 2015 Engine: 1.1.11804.0Signatures: 1.201.883.0 Results Summary:----------------No infection found.
-
Next on the list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.4 (07.27.2015:1)OS: Windows 7 Home Premium x64Ran by Owner on Fri 07/31/2015 at 0:29:47.00~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp UndeleteSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update FindRight ~~~ Files Successfully deleted: [File] C:\Program Files (x86)\GUT3ABF.tmpSuccessfully deleted: [File] C:\Program Files (x86)\GUTC217.tmpSuccessfully deleted: [File] C:\Users\Owner\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorageSuccessfully deleted: [File] C:\Users\Owner\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal ~~~ Folders Failed to delete: [Folder] C:\Windows\SysWOW64\ai_recyclebinSuccessfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3CFBBC16-7FDF-407A-95F0-1BF346BCD3DE}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{3E34330E-BEC1-4176-B418-0AE04F32DEA3}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{46B67EAA-FFA7-43D6-9E2D-6C335DB25148}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{698F6828-83FF-45C4-9991-2F23F4430CF9}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{6AB3887F-D9F7-4F7F-82D0-9893EDD493CC}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{72FA2217-B6C5-4848-BE84-E4C5EC80FC05}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{7ED4247E-6E75-4028-929D-6BDBEE4837A7}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{89CF4921-89CC-4270-8C91-890799C74DA4}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{95768298-2674-400E-9790-814A57552205}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{B730A859-DFAE-4EC9-8489-38C627E130CA}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{CA8A24BC-67F1-4E94-B83F-CBF60805B690}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{EC0009AC-AD9D-4D80-9C78-A673B1B36DB4}Successfully deleted: [Empty Folder] C:\Users\Owner\Appdata\Local\{F92100F0-DF19-47A5-BEBD-D0BC8483C9C4}Successfully deleted: [Folder] C:\Program Files\kromtechSuccessfully deleted: [Folder] C:\ProgramData\kromtechSuccessfully deleted: [Folder] C:\Users\Owner\Appdata\Local\couponalert_2p ~~~ Chrome [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Owner\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 07/31/2015 at 0:42:17.18End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
The log from AdwCleaner. # AdwCleaner v4.208 - Logfile created 31/07/2015 at 00:12:52# Updated 09/07/2015 by Xplode# Database : 2015-07-26.2 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Owner - OWNER-PC# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : AVG Security Toolbar Service[#] Service Deleted : Partner ServiceService Deleted : PCKeeper2Service[#] Service Deleted : PCKeeperOcfService[#] Service Deleted : fileHiders[#] Service Deleted : vToolbarUpdater18.7.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\KromtechFolder Deleted : C:\ProgramData\Avg_Update_0814tbFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KromtechFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CouponsFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\AVG Security ToolbarFolder Deleted : C:\Program Files (x86)\AVG\AVG10\ToolbarFolder Deleted : C:\Program Files (x86)\CouponsFolder Deleted : C:\Program Files (x86)\Optimizer ProFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Windows\SysWOW64\SearchProtectFolder Deleted : C:\Program Files\KromtechFolder Deleted : C:\Users\Owner\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Security ToolbarFolder Deleted : C:\Users\Owner\AppData\Roaming\SystweakFolder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorageFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journalFile Deleted : C:\Windows\System32\drivers\fileHiders.sysFile Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\searchplugins\Askcom.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xmlFile Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ibt5p7qx.default\user.jsFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xmlFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorageFile Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.comKey Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dllKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBhoKey Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311941162}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322942262}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355945562}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366946662}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355945562}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366946662}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\powerpackKey Deleted : HKCU\Software\SocialBitKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\Avg Secure UpdateKey Deleted : HKCU\Software\KromtechKey Deleted : HKCU\Software\AppDataLow\Software\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\systweakKey Deleted : HKLM\SOFTWARE\Avg Secure UpdateKey Deleted : HKU\.DEFAULT\Software\AVG Secure SearchKey Deleted : HKU\.DEFAULT\Software\Avg Secure UpdateKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT079149Key Deleted : [x64] HKLM\SOFTWARE\KromtechKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17909 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v5.0 (en-US) [ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "My Web Search");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "irmsd0202ie");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "1734463261");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.AL", 2);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0202ie");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.cr", "1734463261");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...][ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.id", "78E4002E7CC00693");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16117");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...][ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzuyBzz0EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...][ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:20:38");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mysysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/EyEtDtDtB0EyB0C0CtDtDyCzytAtN0D0AtDtC1N1R&cr=1734463261&ir=");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F8742972-7A4A-437E-B783-F299F87B2E1E&n=780b89e3&ind=2014022115&id=CDxdm003YYus&ptnrS=C[...][ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=F8742972-7A4A-437E-B783-F299F87B2E1E&n=780b89e3&ptnrS=CDxdm003YYus&si=CMTZ-qf4wa0CFcZM4AodIW[...][ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.contextKey", "");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2014022115");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDxdm003YYus");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "CMTZ-qf4wa0CFcZM4AodIWXsBA");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "F8742972-7A4A-437E-B783-F299F87B2E1E");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.lastActivePing", "1434845179723");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", true);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.searchHistory", "hxxp://www.ilr.cornell.edu/library/workplace-issuses today");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "10001");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");[ibt5p7qx.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F8742972-7A4A-437E-B783-F299F87B2E1E&n=780b89e3&ind=2014022115&id=CDxdm003YYus&ptnrS=CDxdm003YYus&si=CMTZ-qf[...] -\\ Google Chrome v44.0.2403.125 [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 22D9B842ADA640D585A059DCC87E79B7224BF0B801CE7C7E690AC591A3C9A158"},"software_reporter":{"prompt_reason":"ADBB022EC2A747E17452AA7DFAB56A9379F4BE19357107AB806AB9F4AF3AC141","prompt_seed":"0F225D9E8EE6F880ABC41366D3A715C120067E625408F7D7E3E4137C9261B2BE","prompt_version":"A6DC1E15D67BBF69D69B2B18EC9B9692D781098B0C3520E736A82905E418098C"},"sync":{"remaining_rollback_tries":"3C2934CB8AFAE833D819332B328112EE9DBADE799F13729FA38F3A94EE9D30F4"}},"super_mac":"B3E151D3993E1FD89FA374D4334C4899DAE7576DD6904A4E25E44EBCFBE6FF5E"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://isearch.avg.com/?cid={EBC48637-A81B-4CF9-8ACD-5BD0E456DF6C}&mid=07321e202fa147d6a904a113f00c13b0-9c1a078b55150396320297967dc3154cdf4b0e0a〈=en&ds=AVG&pr=fr&d=2012-10-06 12:41:14&v=14.0.2.14&pid=avg&sg=&sap=hp ************************* AdwCleaner[R0].txt - [27852 bytes] - [31/07/2015 00:07:07]AdwCleaner[s0].txt - [22919 bytes] - [31/07/2015 00:12:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [22979 bytes] ##########
-
The computer shut off when I came back not sure if it ran through fully. Here is the log maybe you can tell me? Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, IP Database, 2015.6.12.1, 2015.7.24.3, Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, Domain Database, 2015.6.12.1, 2015.7.24.2, Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, Remediation Database, 2015.6.15.1, 2015.7.28.1, Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, Rootkit Database, 2015.6.15.1, 2015.7.29.2, Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, program, 2.1.6.1022, 2.1.8.0, Update, 7/30/2015 4:10 PM, SYSTEM, OWNER-PC, Manual, Malware Database, 2015.6.21.4, 2015.7.30.5, Error, 7/30/2015 7:02 PM, SYSTEM, OWNER-PC, Protection, IsLicensed, 13, Protection, 7/30/2015 7:02 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Stopping, Protection, 7/30/2015 7:02 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Stopped, Error, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Update, Bad md5 or size: akadomains, 11, Error, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Update, Bad md5 or size: akaips, 11, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.30.1, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.29.1, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.29.3, Update, 7/30/2015 11:56 PM, SYSTEM, OWNER-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.31.1, (end)
-
Sooo my mom's laptop is, for lack of a better term, uhg. It takes everything in me to not throw it across the room while trying to accomplish anything on it that is how slow and bogged down it is. Hopefully you can help, I did run a MB scan removed a ton of stuff but it did not help for long. I will attach the logs needed to begin the process.FRST.txtAddition.txt
-
Will do, thanks a ton
-
I noticed svchost was getting to really high memory usage levels and this does not seem to be happening. Hopefully it doesnt
-
It does seem less bogged. I know I have an overheating issue and need to reapply some thermal paste on the CPU. I think extra processes and services or something was causing this problem to be worse than normal and I think whatever you had me do rectified this problem. As far as I can tell.
-
Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Owner on Thu 06/11/2015 at 19:23:58.91. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Owner\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-11-151932.log 20147 bytes ==== System Restore Info ====================== 6/11/2015 7:24:49 PM Zoek.exe System Restore Point Created Successfully. ==== Deleting Files \ Folders ====================== "C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences" deleted ==== Reset Google Chrome ====================== C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=196 folders=222 580369897 bytes) ==== EOF on Thu 06/11/2015 at 19:25:26.95 ======================
-
Attached MB log and pasted other one as per request. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Owner on Thu 06/11/2015 at 10:36:56.32.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Owner\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/11/2015 10:41:47 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\dumps deleted successfullyC:\PROGRA~2\GUM3CF1.tmp deleted successfullyC:\PROGRA~2\GUM87D5.tmp deleted successfullyC:\PROGRA~2\GUMA604.tmp deleted successfullyC:\PROGRA~2\GUMBD72.tmp deleted successfullyC:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfullyC:\PROGRA~2\MSXML 4.0 deleted successfullyC:\PROGRA~2\Razer deleted successfullyC:\Program Files\MagicTG deleted successfullyC:\Program Files\Paint.NET deleted successfullyC:\Program Files\tutu deleted successfullyC:\PROGRA~3\BlueStacks deleted successfullyC:\PROGRA~3\Oracle deleted successfullyC:\Users\Owner\AppData\Roaming\Malwarebytes deleted successfullyC:\Users\Owner\AppData\Roaming\NCSOFT deleted successfullyC:\Users\Owner\AppData\Roaming\Windows Live Writer deleted successfullyC:\Users\Owner\AppData\Roaming\XCPCSync.OEM deleted successfullyC:\Users\Administrator\AppData\Local\{09F51CB0-7E91-4232-8894-2E47846658FA} deleted successfullyC:\Users\Administrator\AppData\Local\{232F4B88-5063-4770-90FA-2CA1C391E888} deleted successfullyC:\Users\Owner\AppData\Local\CRE deleted successfullyC:\Users\Owner\AppData\Local\NCSOFT deleted successfullyC:\Users\Owner\AppData\Local\Razer deleted successfullyC:\Users\Owner\AppData\Local\Western Digital deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3ieb75e.default user.js not found---- FireFox user.js and prefs.js backups ---- prefs_20150611_1100_.backup ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\qst9a1jn.default user.js not found---- FireFox user.js and prefs.js backups ---- prefs_20150611_1100_.backup ProfilePath: C:\Users\Owner\AppData\Roaming\KompoZer\Profiles\08mjz995.default user.js not found---- FireFox user.js and prefs.js backups ---- prefs_20150611_1100_.backup ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default user.js not found---- Lines blekko removed from prefs.js ----user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private---- FireFox user.js and prefs.js backups ---- prefs_20150611_1100_.backup ProfilePath: C:\Users\Owner\AppData\Roaming\Thunderbird\Profiles\mbmr3eib.default user.js not found---- FireFox user.js and prefs.js backups ---- prefs_20150611_1100_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\dumps not foundC:\PROGRA~2\GUM3CF1.tmp not foundC:\PROGRA~2\GUM87D5.tmp not foundC:\PROGRA~2\GUMA604.tmp not foundC:\PROGRA~2\GUMBD72.tmp not foundC:\PROGRA~2\Razer not foundC:\Users\Owner\.android deletedC:\install.exe deletedC:\PROGRA~3\InstallMate deletedC:\PROGRA~3\PC Drivers HeadQuarters deletedC:\Users\Owner\AppData\Local\CrashRpt deletedC:\Windows\Syswow64\sho569A.tmp deletedC:\Windows\Syswow64\sho7FEE.tmp deletedC:\Windows\Syswow64\sho93C6.tmp deletedC:\Windows\Syswow64\shoE018.tmp deletedC:\Windows\SysWow64\AI_RecycleBin deletedC:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\searchplugins\safeguard-secure-search.xml deleted"C:\Users\Owner\AppData\Local\0o70yb7i77f051" deleted"C:\ProgramData\0o70yb7i77f051" deleted"C:\PROGRA~3\Package Cache" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.defaultuser_pref("browser.startup.homepage", "www.google.com"); ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"mozilla_cc@internetdownloadmanager.com"="C:\Users\Owner\AppData\Roaming\IDM\idmmzcc3" [07/13/2012 03:37 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3ieb75e.default- XUL Cache - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p3ieb75e.default\extensions\{64415a29-0aad-4857-9c24-6b91b89e4007}- XUL Cache - %ProfilePath%\extensions\{64415a29-0aad-4857-9c24-6b91b89e4007} ProfilePath: C:\Users\Owner\AppData\Roaming\KompoZer\Profiles\08mjz995.default- Undetermined - %ProfilePath%\extensions\installed-extensions.txt- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default- XUL Cache - %ProfilePath%\extensions\{64415a29-0aad-4857-9c24-6b91b89e4007}- HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi- RankChecker - %ProfilePath%\extensions\rankchecker@seobook.com.xpi- SEO For Firefox - %ProfilePath%\extensions\seo4firefox@seobook.com.xpi- Seo Toolbar - %ProfilePath%\extensions\seotoolbar@seobook.com.xpi- ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave FlashA850CDD9B02AD865A18FAE00A95B9D63 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player492100C9050D4B6A10EAB7F3AE60A552 - C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall pluginD892C77AFA8AFABA6F474A7DA401BD7C - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Deleted Firefox Extensions ====================== C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p3ieb75e.default\extensions\{64415a29-0aad-4857-9c24-6b91b89e4007} deletedC:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\extensions\{64415a29-0aad-4857-9c24-6b91b89e4007} deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 Chrome Hotword Shared Module - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferencese},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071973006024414","last_active_pingday":"13020937198408691","lastpingday":"13078393155686949","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"NMcKillen@gmail.com","username":"NMcKillen@gmail.com"}},"homepage":"","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"DDF75460F8902E461F9199C8F0BB30234244B385126C0E6BF1A46709F3693CB9"},"default_search_provider":{"keyword":"13A5C5C05E18F4D715BDBA05AFB2FA57733DFACB4C53045BE74AC74A5FE757EF","name":"944DDC87184583A015FF26215F854A938ADD7B56F7D98396D4AC6CE82FDE4FE8","search_url":"6411A47137B4B5966931412797FDACCA1CF87177EB5BDD11B3F35309DD8ADDB2"},"default_search_provider_data":{"template_url_data":"5E9CF5FDC98E0B0F78C6EEDFD90A54C4C54DAAD72F84713853DF4E9B8F348BB2"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"1112D939A859C0C75D39F44C9E94DE2D026CD0D827936E6CC4FFD518F6AF1C14","aohghmighlieiainnegkcijnfilokake":"B36236CC7372EBCEC2513112297F39CA3CB91C510C3E2F902E9AA59F215D3101","apdfllckaahabafndbhieahigkjlhalf":"8619D9A37F31EDE16B1015257E54FDE53D87D68274404A3E03089BC039239E59","bepbmhgboaologfdajaanbcjmnhjmhfn":"629394D1BBB0EE495AF9C14D4C6F4EBCF20F28C66C297542A7B0A4C72EAC8706","blpcfgokakmgnkcojhhkbfbldkacnbeo":"F66725F18555DCC7183B3D10D3362C38A3CD8E519256550C0B230FB2B5E08CCE","coobgpohoikkiipiblmjeljniedjpjpf":"E79BE677ADCD671621E9BCA8A8E3AEA23882758A5C5E9541236F5327506D4C48","dnhpdliibojhegemfjheidglijccjfmc":"2B71B8CC094DE5F402E9EA9D49498E35F29CF92926FD748078BC54147795F329","eemcgdkfndhakfknompkggombfjjjeno":"B0683CBE043BFE5696D116C4E0DE3F604C300C31B20B81E4776B82B20148240F","ennkphjdgehloodpbhlhldgbnhmacadg":"BA350B98DD05E0BFBE9F02FA979614A18B47C138B6D0313F34178D812F10BCEC","gfdkimpbcpahaombhbimeihdjnejgicl":"8B2A01CD5D1280058C75E9E785DA4074D5551076852D8709142C48292B0C140B","kmendfapggjehodndflmmgagdbamhnfd":"F4CCF1253477C3D382F47F3D4F9D75653EA94D3821C9C5ED3E1AA9DFC07B2187","lccekmodgklaepjeofjdjpbminllajkg":"462656C05ED710AD1553EF74B63F2BCE326F69C2A7517CA5ED8DAF486ACF035B","mfehgcgbbipciphmccgaenjidiccnmng":"A3040AD0643381D8831D2B1AF5903D75BD0EFFC1774234A23198EE4B2E82FDD7","mgndgikekgjfcpckkfioiadnlibdjbkf":"6F86E37457CB589C72BE1B998DA5F7A65FB603F64CF8E71C0DF9A4EE1219B9CA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"88766E67B7FFE28F25A29FE7C650A3495F49EA1C73D1DE6C11088FE52C93AB99","nbpagnldghgfoolbancepceaanlmhfmd":"8E7902992582BA664CEF4601DC1F7F61D802F73357A51C044C263E689C64031C","neajdppkdcdipfabeoofebfddakdcjhd":"42126AE9526DB6D9478CF02A9176B339960BEF86ECD8D59229B4A64FD5613DF6","nkeimhogjdpnpccoofpliimaahmaaome":"FBFB69A177CD75A58D5C18DEF990AA3703F89507AAB6493F748FB64FAADD5007","nmmhkkegccagdldgiimedpiccmgmieda":"58BFAB7DD91AC6AD47F26C22F477620D6343A8EAB898CB6D34B029318A835F92","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"BFEC13331ED09B0468F62C88C979D3AE76EFF834DE5DF0524A98237E4DA3FE95","pjkljhegncpnkpknbcohdijeoejaedia":"834FFDFEC5D71DE7D5A5D536E445301AB8364693FCE538B12C961DE4DBBE0AD6"}},"google":{"services":{"last_username":"5D042E3C4F1146EABA3F6AAD56AD34847CD4C54669C8A01D4F1EC51C81054068","username":"4ACBE049E9C21B0A43F829C3A4CACE600FCBCB18D46F58071FB6485C2BFD9AD8"}},"homepage":"4AD2F2257566105DD224048D4A933CA61AB4F10F6C1F474C44D70352D113CCB3","homepage_is_newtabpage":"50DDC96538E769143DC87C6D0AE4B29EE90DCFC161D6D8C5C2A6919DD56C54A8","pinned_tabs":"4474E5C614C0426C64CC4B016FCF6F31E4AA30F6AB034E0ABD4C7C0F3390110D","prefs":{"preference_reset_time":"1293352DE31A92AE5B8643D7E2A4AD32EF9C4BC8D312068E37BF0F5BB95F2F5C"},"profile":{"reset_prompt_memento":"9A9F39278BA09D28CB409D9D8658EF5ECE503F052A533171741F9A0C5C3AA352"},"safebrowsing":{"incidents_sent":"250D5CB16FEB11FB8E4CB65E87831D4D1EE64EBC1C5E0A77698272816428E248"},"search_provider_overrides":"98757B6EDE501A7A687AEA067F3B557945EED39E576BB370C343A45DCA480185","session":{"restore_on_startup":"79A5B77F4C13F590EDAD58E2B08D66F0DCFDCF511F3935D4A1B616F698D6CC30","startup_urls":"17AAC2A09AB4DE4C9CFEC372D4D781D6AB2E27B0AC33330A320D6016BB6FD8C4"},"software_reporter":{"prompt_reason":"F6AEF0945D0E7078858BE4694BB1CB7B56A503B3AEFBAC113ED769B7A4E57769","prompt_seed":"5BF823A45D0A517BFA0DC723F89D63793CC1FC1C40FEEA8ADB8C9C300772B5A7","prompt_version":"D7BE5011F50905DC7DC387D7DA6017A47ECDC81EFCCD09D34A2ECE2873D945B3"},"sync":{"remaining_rollback_tries":"E5AFABEC0FECC4C8B64A11EDFF4412F721F969263384C8EBBE6EACCF04C419A3"}},"super_mac":"623690A6A487D1AD08E6877012B776B7EF4FA7AA14F70A8C84A387D2A05DACA5"},"session":{"restore_on_startup":5},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfullyC:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfullyC:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfullyC:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://g.msn.com/HPNOT/1" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://g.msn.com/HPNOT/1" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}"{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6C} deleted successfullyHKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6C} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6C} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68D84204-7BF2-AE2A-EDEC-A78BD8A72036} deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHider deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP3 Computer Alarm Clock deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sendori Tray deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNOD UP deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\p3ieb75e.default\Cache emptied successfullyC:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\cyzrdnsa.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=195 folders=222 580222286 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfullyC:\Users\Default\AppData\Local\temp emptied successfullyC:\Users\Default User\AppData\Local\temp emptied successfullyC:\Users\KilleN\AppData\Local\temp emptied successfullyC:\Users\Owner\AppData\Local\Temp will be emptied at rebootC:\Users\Public\AppData\Local\temp emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at rebootC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Owner\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7JMV9WSL\videos.nightlifetelevision.com" not found ==== EOF on Thu 06/11/2015 at 11:19:32.77 ====================== mblog.txt
-
I cannot seem to figure out what is wrong so I am once again stopping in for help from the pros. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015Ran by Owner (administrator) on KILLEN on 11-06-2015 01:22:21Running from C:\Users\Owner\DesktopLoaded Profiles: Owner (Available Profiles: Owner & Administrator)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\Run: [spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)HKU\S-1-5-18\...\Run: [Apple Computer] => 2345678ÌñOµHKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-03-02] (Tonec Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1753044388-1519083302-2595871801-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyServer: [s-1-5-21-1753044388-1519083302-2595871801-1000] => 127.0.0.1:8080HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1753044388-1519083302-2595871801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope value is missingSearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1753044388-1519083302-2595871801-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1753044388-1519083302-2595871801-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKU\S-1-5-21-1753044388-1519083302-2595871801-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxBHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-04-05] (Internet Download Manager, Tonec Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: No Name -> {003A76C0-CDAF-4EC7-9BA8-6E6F87778B6c} -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll No FileBHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-04-15] (Internet Download Manager, Tonec Inc.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)Toolbar: HKU\S-1-5-21-1753044388-1519083302-2595871801-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.defaultFF Homepage: www.google.comFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-16] ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-16] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2015-01-30] (Tencent)FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-01-30] (Tencent)FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-11-06] ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1753044388-1519083302-2595871801-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-10-04] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-03-17] (Nullsoft, Inc.)FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\searchplugins\safeguard-secure-search.xml [2013-10-19]FF Extension: XUL Cache - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\{64415a29-0aad-4857-9c24-6b91b89e4007} [2011-07-21]FF Extension: HP Detect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-07-25]FF Extension: Firebug - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\firebug@software.joehewitt.com.xpi [2011-06-19]FF Extension: RankChecker - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\rankchecker@seobook.com.xpi [2011-04-23]FF Extension: SEO For Firefox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\seo4firefox@seobook.com.xpi [2011-04-23]FF Extension: Seo Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\seotoolbar@seobook.com.xpi [2011-04-23]FF Extension: ScrapBook - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2011-04-23]FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-04-23]FF HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Owner\AppData\Roaming\IDM\idmmzcc3FF Extension: IDM CC - C:\Users\Owner\AppData\Roaming\IDM\idmmzcc3 [2012-07-13]FF HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Owner\AppData\Roaming\IDM\idmmzcc3 Chrome: =======CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-10]CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-10]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-10]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-10]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed]S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2010-11-04] (ESET)R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2010-11-04] (ESET)S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-11-05] (Apple Inc.) [File not signed]R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1286656 2013-11-05] (Research In Motion Limited) [File not signed]R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-07] (BlueStack Systems)R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170104 2010-09-03] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-07-29] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [171152 2010-07-29] (ESET)R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33632 2010-07-29] (ESET)R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-07-29] (ESET)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-06-09] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-11-05] (Research in Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-08-07] () [File not signed]S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)U3 atdrpqco; C:\Windows\System32\Drivers\atdrpqco.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 01:22 - 2015-06-11 01:23 - 00024392 _____ C:\Users\Owner\Desktop\FRST.txt2015-06-11 01:21 - 2015-06-11 01:22 - 00000000 ____D C:\FRST2015-06-11 01:21 - 2015-06-11 01:21 - 02108928 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe2015-05-24 20:01 - 2015-05-24 20:01 - 00001816 _____ C:\Users\Public\Desktop\Apps.lnk2015-05-24 20:01 - 2015-05-24 20:01 - 00001767 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk2015-05-24 20:00 - 2015-05-24 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks2015-05-24 20:00 - 2015-05-24 20:00 - 00000000 ____D C:\ProgramData\BlueStacks2015-05-24 19:58 - 2015-05-24 20:00 - 00000000 ____D C:\Program Files (x86)\BlueStacks2015-05-24 19:58 - 2015-05-24 19:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Bluestacks2015-05-24 19:57 - 2015-05-24 19:57 - 14152992 _____ (BlueStack Systems Inc.) C:\Users\Owner\Downloads\BlueStacks-ThinInstaller.exe2015-05-21 18:53 - 2015-05-21 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games2015-05-21 18:50 - 2015-05-21 18:50 - 00000000 ____D C:\Program Files (x86)\EA Games2015-05-21 18:09 - 2015-05-21 18:13 - 798463305 _____ (Macrovision Corporation) C:\Users\Owner\Downloads\UOML_setup.exe2015-05-21 17:20 - 2015-05-21 18:58 - 00000000 ____D C:\Users\Owner\Desktop\FNB2015-05-21 17:18 - 2015-05-21 17:19 - 300022915 _____ C:\Users\Owner\Downloads\FNB.rar2015-05-21 09:51 - 2015-05-21 09:51 - 00000000 ____D C:\Program Files (x86)\Electronic Arts2015-05-21 09:12 - 2015-05-21 09:20 - 982540066 _____ C:\Users\Owner\Downloads\UOClassicSetup_7_0_15_1.exe2015-05-18 13:32 - 2015-05-18 13:32 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk2015-05-18 13:32 - 2015-05-18 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy2015-05-18 13:32 - 2015-05-18 13:32 - 00000000 ____D C:\Program Files\Speccy2015-05-18 13:31 - 2015-05-18 13:32 - 05127432 _____ (Piriform Ltd) C:\Users\Owner\Downloads\spsetup128.exe2015-05-16 22:56 - 2015-05-16 22:57 - 00000000 ____D C:\Program Files (x86)\GUMA604.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 01:13 - 2009-07-14 01:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-11 01:08 - 2013-06-10 04:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-11 01:07 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-11 01:06 - 2011-02-20 05:38 - 01561659 _____ C:\Windows\WindowsUpdate.log2015-06-11 01:06 - 2009-07-14 01:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-06-11 01:01 - 2013-06-10 04:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-11 01:01 - 2013-05-13 13:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-11 00:39 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-11 00:39 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-11 00:34 - 2014-02-20 19:59 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS2015-06-10 13:37 - 2012-05-14 15:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus2015-06-10 01:42 - 2011-04-23 12:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DMCache2015-06-09 19:47 - 2014-04-16 14:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net2015-06-09 09:53 - 2014-10-22 23:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify2015-06-09 09:51 - 2014-10-22 23:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify2015-06-09 00:26 - 2014-06-13 16:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-09 00:25 - 2009-07-14 00:51 - 00176113 _____ C:\Windows\setupact.log2015-06-08 01:31 - 2013-07-09 15:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\mIRC2015-06-03 23:51 - 2014-04-16 14:56 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-05-31 23:28 - 2014-06-18 10:10 - 00000034 _____ C:\Users\Owner\Desktop\the wire.txt2015-05-28 16:25 - 2012-07-09 00:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-05-27 20:28 - 2013-11-16 00:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-05-26 23:59 - 2011-04-28 10:16 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps2015-05-25 01:52 - 2011-02-20 05:43 - 00456692 _____ C:\Windows\PFRO.log2015-05-24 20:05 - 2014-08-08 01:23 - 00000000 ____D C:\ProgramData\BlueStacksSetup2015-05-24 20:01 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries2015-05-21 18:56 - 2013-12-03 15:17 - 00000000 ____D C:\Program Files (x86)\UOSteam2015-05-21 18:50 - 2011-01-09 06:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-05-21 09:38 - 2015-01-30 00:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tencent2015-05-16 22:56 - 2013-06-10 04:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-16 22:56 - 2013-06-10 04:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-15 10:41 - 2013-07-25 19:44 - 00000000 ____D C:\Users\Owner\Desktop\Random stuff2015-05-14 15:32 - 2014-08-20 20:17 - 00000000 ____D C:\Program Files (x86)\Hearthstone ==================== Files in the root of some directories ======= 2011-12-11 15:02 - 2011-12-11 21:18 - 0013048 ___SH () C:\Users\Owner\AppData\Local\0o70yb7i77f0512011-07-13 01:22 - 2013-11-14 01:57 - 0007602 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg2011-12-11 15:02 - 2011-12-11 21:18 - 0013048 ___SH () C:\ProgramData\0o70yb7i77f0512012-08-23 18:42 - 2012-08-23 18:42 - 0000151 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log2011-01-09 06:02 - 2011-01-09 06:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log2011-01-09 06:01 - 2011-01-09 06:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log2011-01-09 06:00 - 2011-01-09 06:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Owner\AppData\Local\Temp\BlackBerryDeviceManager.exeC:\Users\Owner\AppData\Local\Temp\BlackBerryLauncher.exeC:\Users\Owner\AppData\Local\Temp\GameuxInstallHelper.dllC:\Users\Owner\AppData\Local\Temp\i4jdel0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 00:23 ==================== End of log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015Ran by Owner at 2015-06-11 01:25:21Running from C:\Users\Owner\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1753044388-1519083302-2595871801-500 - Administrator - Enabled) => C:\Users\AdministratorGuest (S-1-5-21-1753044388-1519083302-2595871801-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1753044388-1519083302-2595871801-1004 - Limited - Enabled)Owner (S-1-5-21-1753044388-1519083302-2595871801-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}AS: ESET Smart Security 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)Adobe Reader 9.3.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.1.31 - BlackBerry Ltd.)BlackBerry Link (x32 Version: 1.2.1.31 - BlackBerry Ltd.) HiddenBlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)BlueStacks Notification Center (HKLM-x32\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)Bootstrapper (x32 Version: 1.2.1.0 - Minitab, Inc.) HiddenBroadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)CopyTrans Suite Remove Only (HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)CPUID CPU-Z 1.61.5 (HKLM\...\CPUID CPU-Z_is1) (Version: - )CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3922 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) HiddenEntity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)ESET Smart Security (HKLM\...\{57A55288-6BA7-47F4-9F6D-9E4086463471}) (Version: 4.2.67.10 - ESET, spol. s r.o.)ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)Ghost Mouse Auto Clicker 3.8.6 (HKLM-x32\...\{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1) (Version: - AMAC Ltd.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHEX (HKLM-x32\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version: - HEX Entertainment)HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)HP Software Framework (HKLM-x32\...\{35D2E477-8524-4294-9D6A-D8481328389F}) (Version: 4.0.80.1 - Hewlett-Packard Company)HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6315.0 - IDT)IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - )Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) HiddenLeague of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) HiddenLocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) HiddenMagic The Gathering (HKLM-x32\...\InstallShield_{6463EA8A-08AE-48BB-A921-A570CA34F28B}) (Version: 3.201 - Wizards of the Coast)Magic The Gathering (x32 Version: 3.201 - Wizards of the Coast) HiddenMagic Tutorial (HKLM-x32\...\InstallShield_{B433721C-CEAD-4FA6-B9E0-F0C4ACB6FE2C}) (Version: 1.00.0000 - Wizards of the Coast)Magic Tutorial (x32 Version: 1.00.0000 - Wizards of the Coast) HiddenMagicTG (HKLM-x32\...\{a517a98e-d5c2-41ea-a12d-47365cbd8813}.sdb) (Version: - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{c268086c-18ee-4c0d-b057-1f49530d413a}) (Version: 11.0.50727.26 - Microsoft Corporation)Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)Minitab 17 (HKLM-x32\...\Minitab17) (Version: 17.1.0 - Minitab, Inc.)Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.2.0.0 - Minitab, Inc.)Minitab17 (x32 Version: 17.1.0.0 - Minitab Inc) HiddenMinitab17 (x32 Version: 17.1.0.0 - Minitab, Inc.) HiddenmIRC (HKLM-x32\...\mIRC) (Version: 6.2 - mIRC Co. Ltd.)Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) HiddenPreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) HiddenPrerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.75 - raidcall.com)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) HiddenSecure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)SoftwareManager (x32 Version: 1.2.0.0 - Minitab, Inc.) HiddenSpeccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)Spotify (HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)Unity Web Player (HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)UO Auto-Map (HKLM-x32\...\UOAM) (Version: - )UOSteam version 1.0.4.1 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.4.1 - UOSteam, Team.)Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) HiddenWCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) HiddenWCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)Winamp Detector Plug-in (HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1753044388-1519083302-2595871801-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-12 13:58 - 2013-11-18 20:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06DAE8F1-4C73-41A7-9B55-1B5C99D03215} - System32\Tasks\{5319C221-B477-4900-A0FF-09257783E735} => pcalua.exe -a C:\Users\Owner\Downloads\Programs\Win7Vista_64_152254.exe -d C:\Users\Owner\Downloads\ProgramsTask: {16011657-2DC3-490D-847D-5B220E0612AE} - System32\Tasks\{D4CBA8B7-F964-485C-B6F3-4A853A1C0E87} => pcalua.exe -a C:\Users\Owner\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Owner\DesktopTask: {26B08C6E-4472-4B36-850A-B7827A43DE89} - System32\Tasks\{5A4FE32A-3EBD-4B67-B3D5-1DDE67081084} => C:\Program Files\American Systems\EZ Macros\EZMacros.exe [2013-05-23] (American Systems)Task: {2A55912D-65E5-4C2F-8D52-6E230A5C7685} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2013-12-04] (Minitab)Task: {2C315F57-A20E-419E-A904-D7866E4F2814} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)Task: {2D66A5AC-AB77-4828-BA07-788F72CEE394} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)Task: {3A7C402C-E195-4A3E-AB58-1189BAC6F44B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-20] ()Task: {52703641-CF32-4BFB-92BB-358EBD77ECC4} - System32\Tasks\{6560166D-AF25-4D93-82A8-96F0F7D7626C} => pcalua.exe -a C:\Users\Owner\Downloads\Programs\Razor_Old.exe -d C:\Users\Owner\Downloads\ProgramsTask: {5E86B585-4858-4A2C-857D-8BD451CED19E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-24] (Microsoft Corporation)Task: {6AF18842-D5CF-4416-8FBA-1EFE94AC15AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)Task: {80F76F84-5A46-426E-B9D4-BD0C8D394694} - System32\Tasks\{EEBD15E5-6948-4BFF-B545-B61460151C59} => C:\Program Files\American Systems\EZ Macros\EZMacros.exe [2013-05-23] (American Systems)Task: {C7D7B4F4-46BC-42B6-B479-649A2A1476EF} - System32\Tasks\AdobeAAMUpdater-1.0-KILLEN-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)Task: {C90F0075-D0F7-4D68-98FF-C20CC8B5F744} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {CDC74257-7589-4B90-B174-32B7705499DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {F8286944-F818-4B80-A1B9-A7B1CDD892A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2011-04-23 12:03 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll2010-12-08 14:55 - 2010-12-08 14:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-07-21 18:33 - 2010-07-21 18:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll2014-04-29 12:28 - 2014-04-29 12:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll2011-02-20 05:35 - 2010-09-13 22:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-09-06 12:44 - 2014-09-06 12:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll2015-06-09 20:03 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll2015-06-09 20:03 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll2015-06-09 20:03 - 2015-06-05 14:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll2015-02-14 20:40 - 2015-02-14 20:40 - 00381440 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Baldur's Gate: Tales of the Sword Coast.lnkAlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1753044388-1519083302-2595871801-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AeLookupSvc => 3MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: BDESVC => 3MSCONFIG\Services: BlackBerry Device Manager => 3MSCONFIG\Services: BstHdAndroidSvc => 3MSCONFIG\Services: BstHdLogRotatorSvc => 3MSCONFIG\Services: BstHdUpdaterSvc => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: WDDMService => 2MSCONFIG\Services: WDFME => 2MSCONFIG\Services: WDSC => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk => C:\Windows\pss\Trillian.lnk.StartupMSCONFIG\startupreg: -2030966228 => C:\Users\Owner\AppData\Local\Temp\tmph1324662998641551284.tmpMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automountMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesMSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exeMSCONFIG\startupreg: ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3311875\plugins\TBVerifier.dll",RunConduitFloatingPlugin blklojfklgnogjaijkibhfjepakiocngMSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeMSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeMSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenMSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeMSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onbootMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"MSCONFIG\startupreg: IPHider => C:\Program Files (x86)\IP Hider\IP Hider.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenMSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeMSCONFIG\startupreg: MP3 Computer Alarm Clock => C:\PROGRA~2\MP3COM~1\mp3alarmclock.exeMSCONFIG\startupreg: MRT => "C:\Windows\system32\MRT.exe" /RMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeMSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe"MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizedMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silentMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeMSCONFIG\startupreg: TNOD UP => "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /iMSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exeFirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exeFirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exeFirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exeFirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exeFirewallRules: [{479B7B56-0F82-4C3E-BCFE-88B44EA31B20}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exeFirewallRules: [{6F060B84-A52F-4AED-8F44-6D9E75A0B572}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exeFirewallRules: [{F1CD0F8B-B1CF-4A2D-8482-5E02ADA9DAC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{11E51B2E-A210-494B-9C1F-450372A515AC}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exeFirewallRules: [{3B65DED3-2FBB-4EDD-ABA7-CE43A3E45706}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exeFirewallRules: [{67CECF7C-1B1A-48A2-8FE8-F4D96211D32A}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exeFirewallRules: [{117A966A-F210-4E11-9736-203EA949022F}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exeFirewallRules: [TCP Query User{F8E23901-DE85-4D9E-B280-74BD41416259}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exeFirewallRules: [uDP Query User{FB5D9F44-DD84-4D25-9C88-3E4D857909CC}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exeFirewallRules: [TCP Query User{10EAEA35-6294-4EDF-A56F-5E6B3B0B7DD5}C:\program files (x86)\magictg\manalink.exe] => (Block) C:\program files (x86)\magictg\manalink.exeFirewallRules: [uDP Query User{183D5E81-835B-4613-91B2-49EAE6AC76BA}C:\program files (x86)\magictg\manalink.exe] => (Block) C:\program files (x86)\magictg\manalink.exeFirewallRules: [TCP Query User{34026D2D-6F9E-43DE-A73A-99EB05CEA5AF}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exeFirewallRules: [uDP Query User{860DEA8E-BAF7-49BC-80D9-BA9ADBDEE138}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exeFirewallRules: [TCP Query User{3E1B6BC3-5623-4708-97FE-A969A69C5E71}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exeFirewallRules: [uDP Query User{5882AEBC-B916-457D-BECD-25D5C3F13C20}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exeFirewallRules: [TCP Query User{293E0968-3E3A-4939-86C5-4F6A4AF40C12}C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe] => (Allow) C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exeFirewallRules: [uDP Query User{A2D71A7E-932B-450D-B472-D9C593ECBDFB}C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe] => (Allow) C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exeFirewallRules: [TCP Query User{B95B8909-8952-4A92-81BA-F4587698F22A}C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe] => (Allow) C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exeFirewallRules: [uDP Query User{57F1F79E-0347-4270-BDB8-2176F333EF4D}C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe] => (Allow) C:\users\owner\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exeFirewallRules: [{8B2B1034-7764-451C-9C94-895DF9591DD3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{C14DF9FB-735D-4924-9866-75452B7623B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{90FB1326-BD80-4A92-886C-3A3E420ACB35}C:\program files (x86)\ea games\ultima online mondain's legacy\stormclient.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\stormclient.exeFirewallRules: [uDP Query User{E17ADEE8-1550-43BD-BDC3-D678CACF67A8}C:\program files (x86)\ea games\ultima online mondain's legacy\stormclient.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\stormclient.exeFirewallRules: [TCP Query User{633A32A2-492A-4586-9E80-6A4893725D19}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\client.exeFirewallRules: [uDP Query User{3A8536A5-75A3-41B4-B807-2612CCA7CCBF}C:\program files (x86)\ea games\ultima online mondain's legacy\client.exe] => (Allow) C:\program files (x86)\ea games\ultima online mondain's legacy\client.exeFirewallRules: [TCP Query User{F242231C-2172-453F-B14C-88F8F87ED33A}C:\program files (x86)\mirc\mirc.exe] => (Block) C:\program files (x86)\mirc\mirc.exeFirewallRules: [uDP Query User{51CDCB01-79D9-4C63-8EF9-E6C0FE649B3B}C:\program files (x86)\mirc\mirc.exe] => (Block) C:\program files (x86)\mirc\mirc.exeFirewallRules: [TCP Query User{D4BEC581-7D51-4505-B986-8AC59C0EA534}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exeFirewallRules: [uDP Query User{E2A87EC9-4486-4600-8EE1-3B51F9FE1BAF}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exeFirewallRules: [TCP Query User{386EBBDF-2CE8-4641-99DB-0111CE6CA0FB}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exeFirewallRules: [uDP Query User{9CC03B82-BBF8-4A9A-BE1E-0B46AA38D1A5}C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\uninstall.exe _=c\program files (x86)\mirc\mirc.exeFirewallRules: [{AB076EBC-17B2-4C97-AB63-255EA957F134}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exeFirewallRules: [{647D47A0-B8F3-42FB-A718-CA8325D33594}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exeFirewallRules: [{4C1794E5-21D4-4369-A313-9980F74EF754}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exeFirewallRules: [{75C70473-1831-4323-A620-E8CFCEAC22E4}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exeFirewallRules: [{D22979B8-F2F7-4E34-97E5-41D3E5B495FC}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exeFirewallRules: [{29C99B3B-A4CB-4D8B-B9F7-5FD437F94954}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exeFirewallRules: [TCP Query User{DCC56D60-E299-4617-99FE-0DA8E7E59707}C:\program files\uoam\uoam.exe] => (Allow) C:\program files\uoam\uoam.exeFirewallRules: [uDP Query User{B152258B-5564-4384-9B26-E6ACF0A0B938}C:\program files\uoam\uoam.exe] => (Allow) C:\program files\uoam\uoam.exeFirewallRules: [{1E954626-F7C8-4BE9-8097-E94E020092E5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exeFirewallRules: [TCP Query User{5FC75C5C-00C5-466A-9119-266CDF75A791}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [uDP Query User{0532CCB8-45B4-4273-8C28-C92F1AE3BDD8}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [TCP Query User{D91732BE-3717-46B1-9557-B9249753ABD0}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exeFirewallRules: [uDP Query User{9F707E9C-37E5-4FAC-9403-25DB2CE16A1A}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exeFirewallRules: [TCP Query User{F29B6800-375F-406C-98F0-2F87488B529C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exeFirewallRules: [uDP Query User{EA04924B-6AB8-4EFE-937C-28629EFA4DB2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exeFirewallRules: [{27F117E2-1385-453A-8972-44742A22BEBF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{1AFE2B13-9133-4AAE-AB73-8721F748ED9A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{2183C6BC-A304-440B-9A90-D0F554F7F657}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{23F66CFB-75FA-4F32-AA41-D2845EACBA1D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{895D2C87-AB69-44CE-8BF6-18E7D64F2D3A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{2F6C5111-12F1-49F8-B234-00264D7E2050}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{8F058DD1-4286-47F2-971B-51F89DF0B877}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exeFirewallRules: [{BD3FA031-3379-4126-9B4A-611B760F5249}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exeFirewallRules: [{95E5F050-250D-4D0A-A0D8-B91B8827FA68}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exeFirewallRules: [{A71DF3E9-AD28-4159-B481-D85B56F90689}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exeFirewallRules: [{6B34D95F-86CF-4291-8178-747A5A1117A3}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exeFirewallRules: [{E96604ED-713E-4753-B92C-77E384E6431F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{492E7E72-6C7B-4E41-A268-F2A6EFFF9DEF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{151E938B-16D0-4EFB-B321-09DC10EA6994}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Unknown DeviceDescription: Unknown DeviceClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors:==================Error: (06/08/2015 03:00:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands. at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds) at BlueStacks.hyperDroid.Service.Service.OnStop() at BlueStacks.hyperDroid.Service.Service.OnShutdown() at System.ServiceProcess.ServiceBase.DeferredShutdown(). Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 600: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 572: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (05/31/2015 03:50:13 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (05/31/2015 03:36:53 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10031 Error: (05/31/2015 03:36:53 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10031 Error: (05/31/2015 03:36:52 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/31/2015 08:12:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005 Error: (05/29/2015 03:18:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 640: ERROR: read_msg errno 0 (The operation completed successfully.) System errors:=============Error: (06/11/2015 01:20:32 AM) (Source: volsnap) (EventID: 36) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (06/11/2015 01:15:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 2 time(s). Error: (06/11/2015 01:15:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 2 time(s). Error: (06/11/2015 01:08:29 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error: (06/11/2015 01:06:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/11/2015 01:06:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/11/2015 01:06:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/11/2015 01:06:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/11/2015 01:06:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/11/2015 01:06:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office:=========================Error: (06/08/2015 03:00:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands. at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds) at BlueStacks.hyperDroid.Service.Service.OnStop() at BlueStacks.hyperDroid.Service.Service.OnShutdown() at System.ServiceProcess.ServiceBase.DeferredShutdown(). Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 600: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (05/31/2015 03:50:14 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 572: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (05/31/2015 03:50:13 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (05/31/2015 03:36:53 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10031 Error: (05/31/2015 03:36:53 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10031 Error: (05/31/2015 03:36:52 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/31/2015 08:12:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80004005 Error: (05/29/2015 03:18:47 PM) (Source: RIM MDNS) (EventID: 100) (User: )Description: 640: ERROR: read_msg errno 0 (The operation completed successfully.) CodeIntegrity Errors:=================================== Date: 2013-11-19 11:08:22.476 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-19 11:08:22.325 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-19 11:08:22.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-19 11:08:22.023 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-18 19:22:29.724 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-18 19:22:29.568 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-07-12 13:57:07.828 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-07-12 13:57:07.766 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHzPercentage of memory in use: 43%Total physical RAM: 3893.86 MBAvailable physical RAM: 2207.05 MBTotal Pagefile: 6049.7 MBAvailable Pagefile: 3773.15 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.9 GB) (Free:1.01 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:14.56 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of log ============================
-
Seems to be running great, going to go run a game or two to check it out more. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Smart Security 4.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.0 Java 6 Update 22 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.152 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (25.0.1) Google Chrome 31.0.1650.48 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
-
Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.19.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Owner :: KILLEN [administrator] Protection: Enabled 11/19/2013 12:27:36 PM mbam-log-2013-11-19 (12-27-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249564 Time elapsed: 6 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) (Testing comp, ill post an update) Thanks a ton for the quick help.
-
# AdwCleaner v3.012 - Report created 19/11/2013 at 12:21:01 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Owner - KILLEN # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\StarApp Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Owner\AppData\Roaming\Searchprotect Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\CT3311875 Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea} Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\searchplugins\Askcom.xml File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\searchplugins\Conduit.xml File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\prefs.js ] Line Deleted : user_pref("CT3311875.FF19Solved", "true"); Line Deleted : user_pref("CT3311875.UserID", "UN23604853422932511"); Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3311875.fullUserID", "UN23604853422932511.IN.20131019094430"); Line Deleted : user_pref("CT3311875.installDate", "19/10/2013 09:44:32"); Line Deleted : user_pref("CT3311875.installSessionId", "{2A16A387-DB29-442B-9E9F-C11F687EA9ED}"); Line Deleted : user_pref("CT3311875.installSp", "TRUE"); Line Deleted : user_pref("CT3311875.installerVersion", "1.7.1.7"); Line Deleted : user_pref("CT3311875.keyword", "true"); Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", ""); Line Deleted : user_pref("CT3311875.originalSearchEngine", "AVG Secure Search"); Line Deleted : user_pref("CT3311875.originalSearchEngineName", "AVG Secure Search"); Line Deleted : user_pref("CT3311875.searchRevert", "false"); Line Deleted : user_pref("CT3311875.searchUserMode", "2"); Line Deleted : user_pref("CT3311875.smartbar.homepage", "true"); Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.20.1.8"); Line Deleted : user_pref("CT3311875.xpeMode", "0"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("browser.search.defaultenginename", "SweetTunes Customized Web Search"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search"); Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Customized Web Search"); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311875"); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311875"); Line Deleted : user_pref("smartbar.machineId", "1U9LZFUPLIQB07PFPPKQ9TMDQWRQ6+KNFC+W/45N79T2+3OYVAADKWQ9W6OBQXYCLKTLKDCC85A1M/7PHO+9YA"); [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p3ieb75e.default\prefs.js ] -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7820 octets] - [19/11/2013 12:02:46] AdwCleaner[s0].txt - [7373 octets] - [19/11/2013 12:21:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7433 octets] ##########
-
ComboFix 13-11-19.01 - Owner 11/19/2013 11:02:29.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1306 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 ))))))))))))))))))))))))))))))) . . 2013-11-19 16:08 . 2013-11-19 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-11-19 16:08 . 2013-11-19 16:08 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-11-19 16:08 . 2013-11-19 16:08 -------- d-----w- c:\users\KilleN\AppData\Local\temp 2013-11-19 16:08 . 2013-11-19 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-19 16:08 . 2013-11-19 16:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-11-18 20:30 . 2013-11-18 22:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-18 20:30 . 2013-11-18 21:36 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-18 20:25 . 2013-11-18 21:36 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-18 10:20 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-11-18 10:19 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-11-18 10:19 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll 2013-11-18 10:19 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll 2013-11-18 10:19 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-11-18 10:19 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-11-18 10:19 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll 2013-11-18 10:19 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-11-18 10:19 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-11-18 10:19 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-18 10:19 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-11-18 10:19 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-18 10:19 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-18 10:19 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-15 10:34 . 2013-11-18 13:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1C4929-2BB6-47F0-A537-275DBF00484D}\offreg.dll 2013-11-15 10:33 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1C4929-2BB6-47F0-A537-275DBF00484D}\mpengine.dll 2013-11-13 17:57 . 2013-11-14 15:26 -------- d-----r- c:\users\Owner\Dropbox 2013-11-13 17:55 . 2013-11-14 15:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox 2013-10-31 04:46 . 2013-10-31 04:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-10-31 04:23 . 2013-11-18 10:29 -------- d-----w- c:\windows\system32\MRT 2013-10-31 04:07 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-10-31 04:04 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-31 04:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-10-31 04:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-10-31 04:04 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-31 04:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-10-22 19:32 . 2013-10-31 22:01 -------- d-----w- c:\program files\Core Temp 2013-10-21 19:46 . 2013-10-31 22:02 -------- d-----w- c:\users\Owner\AppData\Local\Razer 2013-10-21 19:46 . 2013-10-31 22:02 -------- d-----w- c:\program files (x86)\Razer 2013-10-21 19:46 . 2013-10-21 19:46 -------- d-----w- c:\programdata\Razer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-18 10:26 . 2011-04-23 16:44 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-11-14 15:31 . 2013-05-04 18:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-17 04:42 . 2013-10-17 04:42 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-09-03 18:35 . 2011-04-23 14:35 278800 ----a-w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:48 . 2013-10-31 04:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6c}] c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-25 3298712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Apple Computer"="2345678ÌñOµ" [X] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x] R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-14 21:02 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-13 15:31] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 08:40] . 2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 08:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 127.0.0.1:8080 uInternet Settings,ProxyOverride = local IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\ FF - prefs.js: browser.search.selectedEngine - SweetTunes Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-10-19 09:44; {5fec7248-515c-47be-ab0a-6bc547472dea}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea} FF - user.js: general.useragent.extra.brc - . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):b5,63,73,e4,69,47,2b,d6,83,4a,3a,23,e0,3f,f4,79,5b,b8,30,62,dd, 3e,99,29,8b,17,59,b9,58,f9,68,63,17,64,f5,d2,45,97,64,de,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000_Classes\Wow6432Node\CLSID\{901f9def-3327-447d-927b-4aa50f9b1a16}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000091 "Therad"=dword:00000022 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,c3,4d,9e,47,61,a7,8f,c3,bc,6c,45,ca,be,94,f5,fb,7e,14,46,17,74,d5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\05\01\0e\138\18A" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-19 11:11:25 ComboFix-quarantined-files.txt 2013-11-19 16:11 ComboFix2.txt 2013-11-19 00:26 ComboFix3.txt 2012-07-12 18:03 . Pre-Run: 53,080,944,640 bytes free Post-Run: 52,985,024,512 bytes free . - - End Of File - - 74297E4DBC006947A3DE6A710EB5BD37
-
ComboFix 13-11-18.01 - Owner 11/18/2013 19:05:36.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2155 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\FlashPlayerApp.exe . c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 ))))))))))))))))))))))))))))))) . . 2013-11-19 00:23 . 2013-11-19 00:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-11-19 00:23 . 2013-11-19 00:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-11-19 00:23 . 2013-11-19 00:23 -------- d-----w- c:\users\KilleN\AppData\Local\temp 2013-11-19 00:23 . 2013-11-19 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-19 00:23 . 2013-11-19 00:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-11-18 20:30 . 2013-11-18 22:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-18 20:30 . 2013-11-18 21:36 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-18 20:25 . 2013-11-18 21:36 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-18 10:20 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-11-18 10:19 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-11-18 10:19 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll 2013-11-18 10:19 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll 2013-11-18 10:19 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-11-18 10:19 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-11-18 10:19 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll 2013-11-18 10:19 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-11-18 10:19 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-11-18 10:19 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-18 10:19 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-11-18 10:19 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-18 10:19 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-18 10:19 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-15 10:34 . 2013-11-18 13:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1C4929-2BB6-47F0-A537-275DBF00484D}\offreg.dll 2013-11-15 10:33 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1C4929-2BB6-47F0-A537-275DBF00484D}\mpengine.dll 2013-11-13 17:57 . 2013-11-14 15:26 -------- d-----r- c:\users\Owner\Dropbox 2013-11-13 17:55 . 2013-11-14 15:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox 2013-10-31 04:46 . 2013-10-31 04:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-10-31 04:23 . 2013-11-18 10:29 -------- d-----w- c:\windows\system32\MRT 2013-10-31 04:07 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-10-31 04:04 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-31 04:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-10-31 04:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-10-31 04:04 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-31 04:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-10-22 19:32 . 2013-10-31 22:01 -------- d-----w- c:\program files\Core Temp 2013-10-21 19:46 . 2013-10-31 22:02 -------- d-----w- c:\users\Owner\AppData\Local\Razer 2013-10-21 19:46 . 2013-10-31 22:02 -------- d-----w- c:\program files (x86)\Razer 2013-10-21 19:46 . 2013-10-21 19:46 -------- d-----w- c:\programdata\Razer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-18 10:26 . 2011-04-23 16:44 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-11-14 15:31 . 2013-05-04 18:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-17 04:42 . 2013-10-17 04:42 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-09-03 18:35 . 2011-04-23 14:35 278800 ----a-w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:48 . 2013-10-31 04:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{003A76C0-CDAF-4EC7-9BA8-6E6F87778B6c}] c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-25 3298712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Apple Computer"="2345678ÌñOµ" [X] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x] R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-14 21:02 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-13 15:31] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 08:40] . 2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 08:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 127.0.0.1:8080 uInternet Settings,ProxyOverride = local IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\ FF - prefs.js: browser.search.selectedEngine - SweetTunes Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-10-19 09:44; {5fec7248-515c-47be-ab0a-6bc547472dea}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cyzrdnsa.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea} FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):b5,63,73,e4,69,47,2b,d6,83,4a,3a,23,e0,3f,f4,79,5b,b8,30,62,dd, 3e,99,29,8b,17,59,b9,58,f9,68,63,17,64,f5,d2,45,97,64,de,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1753044388-1519083302-2595871801-1000_Classes\Wow6432Node\CLSID\{901f9def-3327-447d-927b-4aa50f9b1a16}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000091 "Therad"=dword:00000022 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,c3,4d,9e,47,61,a7,8f,c3,bc,6c,45,ca,be,94,f5,fb,7e,14,46,17,74,d5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\05\01\0e\138\18A" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-18 19:26:09 ComboFix-quarantined-files.txt 2013-11-19 00:26 ComboFix2.txt 2012-07-12 18:03 . Pre-Run: 53,276,618,752 bytes free Post-Run: 52,943,597,568 bytes free . - - End Of File - - C8A0130665819E98F7D1DBC6521781A9
-
--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16736 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4083007488, free: 1421180928 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16736 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4083007488, free: 1423171584 Downloaded database version: v2013.11.18.07 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 11/18/2013 15:30:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys C:\Program Files\ESET\ESET Smart Security\em006_64.dat \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\System32\Drivers\a3bc9ia2.SYS \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\Epfwndis.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\drivers\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\system32\DRIVERS\btwrchid.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\eamonm.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\epfw.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\epfwwfp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\monitor.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\rpcrt4.dll \Windows\System32\imm32.dll \Windows\System32\Wldap32.dll \Windows\System32\urlmon.dll \Windows\System32\advapi32.dll \Windows\System32\usp10.dll \Windows\System32\sechost.dll \Windows\System32\setupapi.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\kernel32.dll \Windows\System32\iertutil.dll \Windows\System32\psapi.dll \Windows\System32\clbcatq.dll \Windows\System32\difxapi.dll \Windows\System32\gdi32.dll \Windows\System32\ws2_32.dll \Windows\System32\oleaut32.dll \Windows\System32\imagehlp.dll \Windows\System32\msctf.dll \Windows\System32\lpk.dll \Windows\System32\nsi.dll \Windows\System32\wininet.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\user32.dll \Windows\System32\comdlg32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800523e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004fdc050 Lower Device Driver Name: \Driver\iaStor\ IRP handler 0 of \Driver\iaStor is hooked IRP handler 2 of \Driver\iaStor is hooked IRP handler 14 of \Driver\iaStor is hooked IRP handler 15 of \Driver\iaStor is hooked IRP handler 16 of \Driver\iaStor is hooked IRP handler 22 of \Driver\iaStor is hooked IRP handler 23 of \Driver\iaStor is hooked IRP handler 27 of \Driver\iaStor is hooked Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800523e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004fdc050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800523e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800511c860, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800523e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004fdc050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00261b540, 0xfffffa800523e060, 0xfffffa8004add1e0 Lower DeviceData: 0xfffff8a011a77890, 0xfffffa8004fdc050, 0xfffffa80097fe1e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F4AEA3A7 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 945614848 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 946024448 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Infected: C:\Windows\system64 --> [Trojan.0Access] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal successful. No system shutdown is required. ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16736 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4083007488, free: 2609975296 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16736 Java version: 1.6.0_22 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4083007488, free: 2742513664 Initializing... ====================== ------------ Kernel report ------------ 11/18/2013 16:36:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys C:\Program Files\ESET\ESET Smart Security\em006_64.dat \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\System32\Drivers\ak4kcgaw.SYS \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\Epfwndis.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\drivers\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\system32\DRIVERS\btwrchid.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\eamonm.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\epfw.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\epfwwfp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\urlmon.dll \Windows\System32\msvcrt.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\nsi.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\imm32.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\Wldap32.dll \Windows\System32\clbcatq.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\usp10.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\oleaut32.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005240060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004f91050 Lower Device Driver Name: \Driver\iaStor\ IRP handler 0 of \Driver\iaStor is hooked IRP handler 2 of \Driver\iaStor is hooked IRP handler 14 of \Driver\iaStor is hooked IRP handler 15 of \Driver\iaStor is hooked IRP handler 16 of \Driver\iaStor is hooked IRP handler 22 of \Driver\iaStor is hooked IRP handler 23 of \Driver\iaStor is hooked IRP handler 27 of \Driver\iaStor is hooked Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005240060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004f91050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005240060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005240b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005240060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004f91050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00d177c00, 0xfffffa8005240060, 0xfffffa8004370790 Lower DeviceData: 0xfffff8a00bf9f150, 0xfffffa8004f91050, 0xfffffa8009d67e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F4AEA3A7 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 945614848 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 946024448 Numsec = 30535680 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished