Jump to content

RVK

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi It's all fixed now thank you. ) The windows repair took a while 4-5 hours but it sort of fixed the shut down button problem- which would work sometimes and sometimes it would not. After the repair installation I got a fully updated windows but Eset not recognized by Windows Action Center again and although I was connected to internet the browser just wont go beyond- waiting for randomname-xyz.com...... Clearly it was a problem with firewall and uninstalling eset solved the problem. Re installed eset and internet is up and running. For the Shut down button problem, I did some detective work why it was not working at all the times and disabled programs one by one until it started working fully. Spyshelter anti logger was the culprit and probably had some incompatibility with a system driver. Removed successfully. The OS is running perfectly with all the updates
  2. Hi Sorry I panicked. I had restored it to the backup made by tweaking.com tool only before it had repaired anything. The restore points previous than that were already wiped off with the help of delfix. I ran the repair tool again..as expected same Windows action center message and shut down button not working . Here is the log.. System Variables--------------------------------------------------------------------------------OS: Windows 7 UltimateOS Architecture: 32-bitOS Version: 6.1.7601OS Service Pack: Service Pack 1Computer Name: R-PCWindows Drive: C:\Windows Path: C:\WindowsCurrent Profile: C:\Users\RCurrent Profile SID: S-1-5-21-296529163-4271216340-3131809865-1000Current Profile Classes: S-1-5-21-296529163-4271216340-3131809865-1000_ClassesProfiles Location: C:\UsersProfiles Location 2: C:\Windows\ServiceProfilesLocal Settings AppData: C:\Users\R\AppData\Local-------------------------------------------------------------------------------- System Information--------------------------------------------------------------------------------System Up Time: 0 Days 00:04:18 Process Count: 56Commit Total: 910.52 MBCommit Limit: 3.92 GBCommit Peak: 1.40 GBHandle Count: 17284Kernel Total: 209.27 MBKernel Paged: 179.51 MBKernel Non Paged: 29.75 MBSystem Cache: 690.59 MBThread Count: 708-------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 1.96 GBMemory Used: 795.04 MB(39.5813%)Memory Avail.: 1.19 GB-------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 1.96 GBMemory Used: 661.45 MB(32.9304%)Memory Avail.: 1.32 GB-------------------------------------------------------------------------------- Starting Repairs... Start (15-04-2014 17:56:35) Running Repair Under System Account01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (15-04-2014 17:56:37) Running Repair Under Current User Account Done (15-04-2014 17:57:19) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (15-04-2014 17:57:20) Running Repair Under System Account Done (15-04-2014 17:58:48) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (15-04-2014 17:58:48) Running Repair Under System Account Done (15-04-2014 17:59:23) 03 - Register System Files Start (15-04-2014 17:59:24) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 17:59:54) 04 - Repair WMI Start (15-04-2014 17:59:54) Starting Security Center So We Can Export The Security Info. Exporting Antivirus Info... ESET Smart Security 7.0 Exported. Exporting AntiSpyware Info... Windows Defender Exported. Spybot - Search and Destroy Exported. ESET Smart Security 7.0 Exported. Exporting 3rd Party Firewall Info... ESET Personal firewall Exported. Running Repair Under Current User Account Done (15-04-2014 18:04:14) 05 - Repair Windows Firewall Start (15-04-2014 18:04:14) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:04:56) 06 - Repair Internet Explorer Start (15-04-2014 18:04:56) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:05:28) 07 - Repair MDAC/MS Jet Start (15-04-2014 18:05:28) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:05:41) 08 - Repair Hosts File Start (15-04-2014 18:05:41) Running Repair Under System Account Done (15-04-2014 18:05:43) 09 - Remove Policies Set By Infections Start (15-04-2014 18:05:43) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:05:48) 10 - Repair Start Menu Icons Removed By Infections Start (15-04-2014 18:05:48) Running Repair Under System Account Done (15-04-2014 18:05:51) 11 - Repair Icons Start (15-04-2014 18:05:51) Running Repair Under Current User Account Done (15-04-2014 18:05:54) 12 - Repair Winsock & DNS Cache Start (15-04-2014 18:05:54) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:06:17) 14 - Repair Proxy Settings Start (15-04-2014 18:06:17) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:06:22) 16 - Repair Windows Updates Start (15-04-2014 18:06:22) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:06:53) 17 - Repair CD/DVD Missing/Not Working Start (15-04-2014 18:06:53) iTunes not found, not applying UpperFilters iTunes Reg Key Done (15-04-2014 18:06:53) 18 - Repair Volume Shadow Copy Service Start (15-04-2014 18:06:53) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:04) 20 - Repair MSI (Windows Installer) Start (15-04-2014 18:07:04) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:17) 22.01 - Repair bat Association Start (15-04-2014 18:07:17) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:22) 22.02 - Repair cmd Association Start (15-04-2014 18:07:22) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:27) 22.03 - Repair com Association Start (15-04-2014 18:07:27) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:31) 22.04 - Repair Directory Association Start (15-04-2014 18:07:31) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:36) 22.05 - Repair Drive Association Start (15-04-2014 18:07:36) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:41) 22.06 - Repair exe Association Start (15-04-2014 18:07:41) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:46) 22.07 - Repair Folder Association Start (15-04-2014 18:07:46) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:51) 22.08 - Repair inf Association Start (15-04-2014 18:07:51) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:07:55) 22.09 - Repair lnk (Shortcuts) Association Start (15-04-2014 18:07:56) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:00) 22.10 - Repair msc Association Start (15-04-2014 18:08:00) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:05) 22.11 - Repair reg Association Start (15-04-2014 18:08:05) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:10) 22.12 - Repair scr Association Start (15-04-2014 18:08:10) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:15) 23 - Repair Windows Safe Mode Start (15-04-2014 18:08:15) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:20) 24 - Repair Print Spooler Start (15-04-2014 18:08:20) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:08:35) 25 - Restore Important Windows Services Start (15-04-2014 18:08:35) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:09:09) 26 - Set Windows Services To Default Startup Start (15-04-2014 18:09:09) Running Repair Under Current User Account Running Repair Under System Account Done (15-04-2014 18:09:26) Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Cleaning up empty logs... All Selected Repairs Done. Done (15-04-2014 18:09:27) Total Repair Time: 00:12:54 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account
  3. Hi I did as you suggested and first time I ran the tweaking tool, the shut down button on start menu started working(yay) but later I realized the Windows Action Center was showing a message - Windows did not find any antivirus even though eset was up and running. I think I made a mistake I restored my system to the earlier point than reinstalling eset. Ran the tweaking tool again but the power button didnt work this time and Windows Action Center again showed the message. Reinstalled eset and it working fine but I am back to same shut down button issue. Should I run the repair again? Here is the Log: System Variables--------------------------------------------------------------------------------OS: Windows 7 UltimateOS Architecture: 32-bitOS Version: 6.1.7601OS Service Pack: Service Pack 1Computer Name: R-PCWindows Drive: C:\Windows Path: C:\WindowsCurrent Profile: C:\Users\RCurrent Profile SID: S-1-5-21-296529163-4271216340-3131809865-1000Current Profile Classes: S-1-5-21-296529163-4271216340-3131809865-1000_ClassesProfiles Location: C:\UsersProfiles Location 2: C:\Windows\ServiceProfilesLocal Settings AppData: C:\Users\R\AppData\Local-------------------------------------------------------------------------------- System Information--------------------------------------------------------------------------------System Up Time: 0 Days 00:07:40 Process Count: 55Commit Total: 957.57 MBCommit Limit: 3.92 GBCommit Peak: 1.57 GBHandle Count: 16955Kernel Total: 257.88 MBKernel Paged: 227.02 MBKernel Non Paged: 30.86 MBSystem Cache: 1,012.04 MBThread Count: 629-------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 1.96 GBMemory Used: 685.55 MB(34.1306%)Memory Avail.: 1.29 GB-------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 1.96 GBMemory Used: 556.03 MB(27.6823%)Memory Avail.: 1.42 GB-------------------------------------------------------------------------------- Starting Repairs... Start (14-04-2014 23:35:46) Running Repair Under System Account01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (14-04-2014 23:35:48) Running Repair Under Current User Account Done (14-04-2014 23:36:31) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (14-04-2014 23:36:31) Running Repair Under System Account Done (14-04-2014 23:38:17) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (14-04-2014 23:38:17) Running Repair Under System Account Done (14-04-2014 23:38:50) 03 - Register System Files Start (14-04-2014 23:38:50) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:39:20) 04 - Repair WMI Start (14-04-2014 23:39:20) Starting Security Center So We Can Export The Security Info. Exporting Antivirus Info... ESET Smart Security 7.0 Exported. Exporting AntiSpyware Info... Windows Defender Exported. Spybot - Search and Destroy Exported. ESET Smart Security 7.0 Exported. Exporting 3rd Party Firewall Info... ESET Personal firewall Exported. Running Repair Under Current User Account Done (14-04-2014 23:43:47) 05 - Repair Windows Firewall Start (14-04-2014 23:43:47) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:44:29) 06 - Repair Internet Explorer Start (14-04-2014 23:44:29) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:45:01) 07 - Repair MDAC/MS Jet Start (14-04-2014 23:45:01) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:45:16) 08 - Repair Hosts File Start (14-04-2014 23:45:16) Running Repair Under System Account Done (14-04-2014 23:45:19) 09 - Remove Policies Set By Infections Start (14-04-2014 23:45:19) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:45:24) 10 - Repair Start Menu Icons Removed By Infections Start (14-04-2014 23:45:24) Running Repair Under System Account Done (14-04-2014 23:45:26) 11 - Repair Icons Start (14-04-2014 23:45:26) Running Repair Under Current User Account Done (14-04-2014 23:45:29) 12 - Repair Winsock & DNS Cache Start (14-04-2014 23:45:29) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:45:51) 14 - Repair Proxy Settings Start (14-04-2014 23:45:51) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:45:57) 16 - Repair Windows Updates Start (14-04-2014 23:45:57) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:46:28) 17 - Repair CD/DVD Missing/Not Working Start (14-04-2014 23:46:29) iTunes not found, not applying UpperFilters iTunes Reg Key Done (14-04-2014 23:46:29) 18 - Repair Volume Shadow Copy Service Start (14-04-2014 23:46:29) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:46:38) 20 - Repair MSI (Windows Installer) Start (14-04-2014 23:46:38) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:46:53) 22.01 - Repair bat Association Start (14-04-2014 23:46:53) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:46:58) 22.02 - Repair cmd Association Start (14-04-2014 23:46:58) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:02) 22.03 - Repair com Association Start (14-04-2014 23:47:02) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:07) 22.04 - Repair Directory Association Start (14-04-2014 23:47:07) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:12) 22.05 - Repair Drive Association Start (14-04-2014 23:47:12) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:17) 22.06 - Repair exe Association Start (14-04-2014 23:47:17) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:22) 22.07 - Repair Folder Association Start (14-04-2014 23:47:22) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:27) 22.08 - Repair inf Association Start (14-04-2014 23:47:27) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:31) 22.09 - Repair lnk (Shortcuts) Association Start (14-04-2014 23:47:31) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:36) 22.10 - Repair msc Association Start (14-04-2014 23:47:36) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:41) 22.11 - Repair reg Association Start (14-04-2014 23:47:41) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:46) 22.12 - Repair scr Association Start (14-04-2014 23:47:46) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:51) 23 - Repair Windows Safe Mode Start (14-04-2014 23:47:51) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:47:56) 24 - Repair Print Spooler Start (14-04-2014 23:47:56) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:48:13) 25 - Restore Important Windows Services Start (14-04-2014 23:48:13) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:48:47) 26 - Set Windows Services To Default Startup Start (14-04-2014 23:48:47) Running Repair Under Current User Account Running Repair Under System Account Done (14-04-2014 23:49:09) Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Cleaning up empty logs... All Selected Repairs Done. Done (14-04-2014 23:49:09) Total Repair Time: 00:13:25 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account
  4. Thank you so much! Your help is very much appreciated. Ever since I had this problem I have added WOT as suggested onto my chrome browser(been ad block fan for a while). I have been using another add on for chrome named as Disconnect -lets you visualize and block the otherwise invisible websites that track your search and browsing history and has wi-fi protection as well.Lastly, changed my search engine to a private, more secure startpage.com. I have been using Eset for years, but Avast free is also very good. Uninstalled Combofix and delfix to remove the traces. Updated Java sucessfully. Sadly, updated adobe reader to the latest one. I liked reader 9. Still can't get the start button to function. oh well , will have wait till I do a clean windows install. --RVK
  5. Here is the security check log file : Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Smart Security 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpyShelter Personal Free 9.0 Spybot - Search & Destroy Java 6 Update 45 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 Google Chrome Filzip.ini.. ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  6. Hi, sorry I was out of town for one day. Here is the Adwcleaner Log: # AdwCleaner v3.023 - Report created 13/04/2014 at 18:20:10# Updated 01/04/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)# Username : R - R-PC# Running from : C:\Users\R\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainerKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v [ File : C:\UseRs\R\AppData\Roaming\Mozilla\FiRefox\PRofiles\gnkyid3q.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[s1].txt - [2466 octets] - [24/03/2014 15:19:24]AdwCleaner[s2].txt - [2107 octets] - [13/04/2014 18:20:10] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2167 octets] ##########
  7. C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Recordpad\recordpad.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Recordpad\recordpadsetup_v4.32.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Program Files\Hide ALL IP\HideAllIP.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Program Files\NCH Software\Recordpad\recordpad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Program Files\NCH Software\Recordpad\recordpadsetup_v4.32.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Qoobox\Quarantine\C\Users\R\AppData\Roaming\WebcamMax-7.7.7.2.MultiLanguage.Setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\Users\R\Downloads\Programs\ApexDC++_1.5.7_Setup.exe Win32/OpenCandy potentially unsafe application C:\Users\R\Downloads\Programs\kbsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Users\R\Downloads\Programs\rpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Users\R\Downloads\Programs\stsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\Users\R\Downloads\Programs\Unlocker1.9.2.exe Win32/DownWare.L potentially unwanted application C:\Users\R\Downloads\Programs\videopad.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\R\Downloads\Programs\voxal voice changer.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\1 NTFS_001\Downloads\Documents\Downloads\Compressed\Platinum.HideIP.3.1.4.6 giveaway\Platinum.HideIP.3.1.4.6\PlatinumHideIP-3.1.4.6.Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application E:\1 NTFS_001\System Volume Information\_restore{5C360E0B-B9D3-4B24-91EC-CA0276CF5E5B}\RP82\A0055166.exe probably a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
  8. Oh Okay no problem take your time , No problems
  9. Hi Here is the Log of latest CFscript. The scan always seems to spend maximum time at 49th stage. Also rebooting after the CF, sometime later Malwarebytes showed partial protection ( malicious website blocking off) and then when I started the dashboard it crashed. I rebooted it and it working fine now. ComboFix 14-04-03.01 - R 04-04-2014 20:14:02.5.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2009.1299 [GMT 5.5:30]Running from: c:\users\R\Downloads\Programs\ComboFix.exeCommand switches used :: c:\users\R\Downloads\Programs\CFScript.txtAV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 )))))))))))))))))))))))))))))))..2014-04-04 16:36 . 2014-04-04 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp2014-04-03 14:06 . 2014-03-05 03:56 51416 ----a-w- c:\windows\system32\drivers\mwac.sys2014-04-03 14:06 . 2014-04-03 14:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-04-03 12:51 . 2014-04-04 16:36 -------- d-----w- c:\users\R\AppData\Local\temp2014-04-03 06:32 . 2014-04-03 07:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-04-03 06:32 . 2014-04-04 13:00 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\users\R\AppData\Local\Currach Software2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\program files\Currach Software2014-03-31 16:16 . 2014-03-31 16:16 2 --shatr- c:\windows\winstart.bat2014-03-30 06:29 . 2014-03-31 19:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2014-03-30 06:06 . 2014-03-30 14:00 -------- d-----w- c:\program files\HitmanPro2014-03-30 06:05 . 2014-03-30 06:31 -------- d-----w- c:\programdata\HitmanPro2014-03-29 13:17 . 2014-03-31 19:48 -------- d-----w- c:\users\R\AppData\Roaming\QuickScan2014-03-27 15:33 . 2014-03-27 15:33 -------- d-----w- c:\programdata\CyberLink2014-03-27 07:32 . 2014-03-27 14:32 -------- d-----w- c:\program files\softendo.com2014-03-26 16:19 . 2014-03-26 16:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\offreg.dll2014-03-26 16:17 . 2014-03-17 04:46 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\mpengine.dll2014-03-26 01:31 . 2013-09-20 05:19 18968 ----a-w- c:\windows\system32\sdnclean.exe2014-03-26 01:31 . 2014-03-27 04:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-03-26 01:30 . 2014-03-26 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\users\R\AppData\Local\SoftConstructors2014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\program files\SoftConstructors2014-03-25 08:59 . 2014-04-02 10:36 -------- d-----w- c:\program files\TimeBell2014-03-25 04:45 . 2014-03-05 03:56 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-25 02:34 . 2014-03-25 02:34 -------- d-----w- c:\users\R\AppData\Local\ElevatedDiagnostics2014-03-24 12:47 . 2014-04-03 14:06 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes2014-03-24 12:47 . 2014-04-03 14:06 -------- d-----w- c:\programdata\Malwarebytes2014-03-24 12:47 . 2014-03-05 03:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-21 13:42 . 2014-03-21 18:41 -------- d-----w- c:\users\R\AppData\Roaming\Mipony2014-03-20 12:20 . 2013-11-28 00:24 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys2014-03-19 13:08 . 2014-04-04 14:46 -------- d-----w- c:\users\R\AppData\Local\CrashDumps2014-03-19 03:20 . 2013-05-22 14:33 33080 ----a-w- c:\windows\system32\SpyShelterShellExt.dll2014-03-19 03:20 . 2014-02-08 07:51 3397120 ----a-w- c:\windows\system32\Osklauncher.exe2014-03-19 03:20 . 2012-10-22 12:51 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll2014-03-19 03:20 . 2014-03-22 23:44 -------- d-----w- c:\users\R\AppData\Roaming\SpyShelter2014-03-19 03:20 . 2014-03-19 03:20 -------- d-----w- c:\program files\SpyShelter Personal Free2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\users\R\AppData\Local\Zemana2014-03-18 08:06 . 2002-11-26 09:06 10752 ----a-w- c:\windows\system32\hh.exe2014-03-18 08:06 . 2001-04-05 12:13 1009336 ----a-w- c:\windows\system32\mschrt20.ocx2014-03-18 08:06 . 2014-03-18 08:06 -------- d-----w- c:\program files\Kiran's Typing Tutor2014-03-18 06:43 . 2014-03-18 06:43 -------- d-----w- c:\program files\TypeFaster2014-03-16 04:18 . 2014-03-16 04:18 -------- d-----w- c:\program files\ESET2014-03-16 02:31 . 2014-03-16 02:31 -------- d-----w- c:\users\R\AppData\Roaming\CrystalIdea Software2014-03-16 01:57 . 2014-03-16 03:17 -------- d-----w- c:\windows\system32\wbem\REP.OLD2014-03-15 07:38 . 2014-03-15 07:38 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2014-03-15 06:51 . 2014-03-15 06:51 -------- d-----w- c:\users\R\AppData\Roaming\TuneUp Software2014-03-12 08:30 . 2014-03-12 08:30 -------- d-----w- c:\program files\Java22014-03-09 17:53 . 2014-03-29 12:21 -------- d-----w- c:\program files\PhotoInstrument2014-03-08 13:22 . 2014-03-08 13:22 -------- d-----w- c:\program files\SoftMaker FreeOffice2014-03-08 04:10 . 2014-03-08 04:45 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-03-08 04:10 . 2014-03-08 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2014-03-07 03:48 . 2014-03-24 06:58 -------- d-----w- c:\program files\Dobermann...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-31 19:12 . 2013-01-13 17:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-03-31 19:12 . 2013-01-13 17:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-02-06 19:20 . 2014-02-16 02:30 33608 ----a-w- c:\windows\system32\drivers\tap0901.sys2014-01-13 01:04 . 2013-12-09 07:33 286720 ------w- c:\windows\Setup1.exe2014-01-13 01:04 . 2013-12-09 07:33 73216 ----a-w- c:\windows\ST6UNST.EXE2014-01-13 00:51 . 2014-01-13 00:51 75776 ----a-w- c:\windows\system32\temp.0012014-01-13 00:43 . 2014-01-13 00:43 75776 ----a-w- c:\windows\system32\temp.0002014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ditto"="c:\users\R\Desktop\ditto\DittoPortable\App\Ditto\Ditto.exe" [2012-11-09 1433200]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-31 3829328]"SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2014-02-13 5058912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"= 014.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"DisableThumbnails"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FileBox eXtender.lnk]backup=c:\windows\pss\FileBox eXtender.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiClipBoard.lnk]backup=c:\windows\pss\MultiClipBoard.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]backup=c:\windows\pss\Dropbox.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LetMeType.lnk]backup=c:\windows\pss\LetMeType.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QClip.lnk]backup=c:\windows\pss\QClip.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spartan.lnk]backup=c:\windows\pss\Spartan.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]2013-04-18 01:23 3377256 ----a-w- c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2013-02-18 17:43 116648 ----atw- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-11-14 11:12 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]2013-12-18 06:13 1980416 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe.R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-12-09 580232]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2013-04-02 163616]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 esgiguard;esgiguard;c:\users\R\AppData\Local\Temp\RarSFX0\esgiguard.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-12 102784]R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-03-05 23256]R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]R3 MFE_RR;MFE_RR;c:\users\R\AppData\Local\Temp\mfe_rr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2013-11-24 42976]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-03-05 73432]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2014-02-13 358240]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-12 73216]S3 SafeIPS;SafeIPS;c:\program files\SafeIP\SafeIPs.exe [2013-06-28 3860480]S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:23 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7c259d6f70f7.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000Core.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000UA1ce482131e04cee.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-04 c:\windows\Tasks\Wise Care 365.job- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-05-31 09:08].2014-04-04 c:\windows\Tasks\Wise Turbo Checker.job- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-05-31 09:08]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>uInternet Settings,ProxyServer = socks=127.0.0.1:9050IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htmIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download all videos by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htmIE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htmIE: Download current video by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\SafeIPs.dllTrusted Zone: parachat.com\chat..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:79,0a,1a,3d,03,c0,ce,01.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{086BE988-583B-436E-8180-AB72BBD37652}*]@Allowed: (Read) (RestrictedCode)"oajckabhnnkbideamojcnidgnkhggo"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"napcicofmiojnjfekbgjoickdocn"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"handmpidobhmphae"=hex:64,62,68,65,65,6e,6e,62,61,70,6e,6e,66,64,68,70,6c,6b, 63,62,67,6c,68,6f,6c,6d,6a,70,6c,70,6c,70,65,68,68,69,61,70,67,66,00,f5"gandmpidlbendf"=hex:6f,61,66,63,69,62,63,6d,63,6e,70,6a,67,61,66,63,63,67,6b, 6c,70,62,66,6e,65,67,6b,63,6f,69,00,70.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B0B4D0C-AD08-A6C3-446E-91D04033ADAB}*]@Allowed: (Read) (RestrictedCode)"jaonlfppjbicilcimpch"=hex:64,62,6d,6f,66,65,69,63,6a,69,6d,67,61,6d,6d,63,63, 63,6e,6f,70,65,6e,6b,61,66,6c,6d,6f,69,66,69,6c,63,65,67,68,6d,70,68,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61FBAC5B-8BE1-ED45-0FC7-1B08A7E25B50}*]@Allowed: (Read) (RestrictedCode)"iaickoceiebejphnjc"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00"hacbimogbdfjjcjp"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A090CF22-0430-F8AB-E9A1-7377EDD82557}*]"hanodfedhchcckea"=hex:61,62,61,6d,6f,6c,6a,6c,6f,70,6d,64,69,67,6b,69,6a,6c, 63,6a,64,6d,62,69,69,6f,6c,6f,63,6c,67,6d,67,6b,00,74"jamoohopkkjeomgbiedp"=hex:64,62,6b,6f,6b,6c,68,6e,6c,6a,6f,6b,67,64,6f,65,62, 63,6c,65,64,6d,6e,69,70,6c,69,6a,64,70,6d,66,68,6c,65,67,64,65,67,6c,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC0A384C-75B2-8B2A-661D-1C938459337E}*]"jalikbblohecbmghifgm"=hex:62,61,6f,63,00,00"jalikbblohecbmghifkm"=hex:62,61,6f,63,00,00"ialhgjikmbgifdkmlf"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00"habhmomcbpkoajpa"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA9C3B16-9640-4513-4341-C4DEFEA5D4B0}*]@Allowed: (Read) (RestrictedCode)"iadhjhjhhihpjhdnle"=hex:6b,61,67,64,69,6f,69,6c,6f,6b,65,68,62,6a,6d,6b,6c,6d, 63,63,70,6c,00,00"hanfljhlobpdlchp"=hex:6b,61,67,64,6d,6f,65,6d,64,67,67,6b,70,62,6f,68,6a,61, 66,70,62,6f,00,00"dakifghc"=hex:61,62,61,69,61,63,62,66,69,61,6b,62,68,62,65,6f,6c,6d,67,65,6a, 68,6b,66,69,61,6e,67,62,68,6c,6f,62,69,00,00"dakinajg"=hex:61,61,00,69"dakibple"=hex:69,62,6a,64,6d,68,67,61,6d,65,62,62,64,6b,61,6e,66,66,65,66,66, 6e,69,6f,6f,62,62,67,6f,6e,6e,6d,6f,62,6f,70,6a,70,70,6b,61,61,6c,6e,63,62,\"dakicpfe"=hex:66,62,65,66,64,64,6a,63,65,6b,6e,67,64,70,6f,69,64,70,63,6d,61, 68,69,6c,62,6d,65,66,6e,6e,6a,65,70,6f,6e,62,6a,6e,6d,62,6f,6b,61,6a,00,62.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-04-04 22:10:20ComboFix-quarantined-files.txt 2014-04-04 16:40ComboFix2.txt 2014-04-04 12:10ComboFix3.txt 2014-04-03 12:51ComboFix4.txt 2014-04-02 12:01.Pre-Run: 49,259,216,896 bytes freePost-Run: 49,207,701,504 bytes free.- - End Of File - - 90164D79D3A7423ADC3038AC6049AA2EA36C5E4F47E84449FF07ED3517B43A31
  10. Hi I ran the CFscript as instructed. It took lesser time than last time. Here is the log : ComboFix 14-04-03.01 - R 04-04-2014 15:35:34.4.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2009.1111 [GMT 5.5:30]Running from: c:\users\R\Downloads\Programs\ComboFix.exeCommand switches used :: c:\users\R\Downloads\Programs\CFScript.txtAV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 )))))))))))))))))))))))))))))))..2014-04-04 12:07 . 2014-04-04 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp2014-04-03 14:06 . 2014-03-05 03:56 51416 ----a-w- c:\windows\system32\drivers\mwac.sys2014-04-03 14:06 . 2014-04-03 14:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-04-03 12:51 . 2014-04-04 12:07 -------- d-----w- c:\users\R\AppData\Local\temp2014-04-03 06:32 . 2014-04-03 07:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-04-03 06:32 . 2014-04-04 09:59 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\users\R\AppData\Local\Currach Software2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\program files\Currach Software2014-03-31 16:16 . 2014-03-31 16:16 2 --shatr- c:\windows\winstart.bat2014-03-30 06:29 . 2014-03-31 19:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2014-03-30 06:06 . 2014-03-30 14:00 -------- d-----w- c:\program files\HitmanPro2014-03-30 06:05 . 2014-03-30 06:31 -------- d-----w- c:\programdata\HitmanPro2014-03-29 13:17 . 2014-03-31 19:48 -------- d-----w- c:\users\R\AppData\Roaming\QuickScan2014-03-27 15:33 . 2014-03-27 15:33 -------- d-----w- c:\programdata\CyberLink2014-03-27 07:32 . 2014-03-27 14:32 -------- d-----w- c:\program files\softendo.com2014-03-26 16:19 . 2014-03-26 16:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\offreg.dll2014-03-26 16:17 . 2014-03-17 04:46 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\mpengine.dll2014-03-26 01:31 . 2013-09-20 05:19 18968 ----a-w- c:\windows\system32\sdnclean.exe2014-03-26 01:31 . 2014-03-27 04:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-03-26 01:30 . 2014-03-26 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\users\R\AppData\Local\SoftConstructors2014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\program files\SoftConstructors2014-03-25 08:59 . 2014-04-02 10:36 -------- d-----w- c:\program files\TimeBell2014-03-25 04:45 . 2014-03-05 03:56 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-25 02:34 . 2014-03-25 02:34 -------- d-----w- c:\users\R\AppData\Local\ElevatedDiagnostics2014-03-24 12:47 . 2014-04-03 14:06 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes2014-03-24 12:47 . 2014-04-03 14:06 -------- d-----w- c:\programdata\Malwarebytes2014-03-24 12:47 . 2014-03-05 03:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-21 13:42 . 2014-03-21 18:41 -------- d-----w- c:\users\R\AppData\Roaming\Mipony2014-03-20 12:20 . 2013-11-28 00:24 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys2014-03-19 13:08 . 2014-04-03 03:33 -------- d-----w- c:\users\R\AppData\Local\CrashDumps2014-03-19 03:20 . 2013-05-22 14:33 33080 ----a-w- c:\windows\system32\SpyShelterShellExt.dll2014-03-19 03:20 . 2014-02-08 07:51 3397120 ----a-w- c:\windows\system32\Osklauncher.exe2014-03-19 03:20 . 2012-10-22 12:51 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll2014-03-19 03:20 . 2014-03-22 23:44 -------- d-----w- c:\users\R\AppData\Roaming\SpyShelter2014-03-19 03:20 . 2014-03-19 03:20 -------- d-----w- c:\program files\SpyShelter Personal Free2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\users\R\AppData\Local\Zemana2014-03-18 08:06 . 2002-11-26 09:06 10752 ----a-w- c:\windows\system32\hh.exe2014-03-18 08:06 . 2001-04-05 12:13 1009336 ----a-w- c:\windows\system32\mschrt20.ocx2014-03-18 08:06 . 2014-03-18 08:06 -------- d-----w- c:\program files\Kiran's Typing Tutor2014-03-18 06:43 . 2014-03-18 06:43 -------- d-----w- c:\program files\TypeFaster2014-03-16 04:18 . 2014-03-16 04:18 -------- d-----w- c:\program files\ESET2014-03-16 02:31 . 2014-03-16 02:31 -------- d-----w- c:\users\R\AppData\Roaming\CrystalIdea Software2014-03-16 01:57 . 2014-03-16 03:17 -------- d-----w- c:\windows\system32\wbem\REP.OLD2014-03-15 07:38 . 2014-03-15 07:38 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2014-03-15 06:51 . 2014-03-15 06:51 -------- d-----w- c:\users\R\AppData\Roaming\TuneUp Software2014-03-12 08:30 . 2014-03-12 08:30 -------- d-----w- c:\program files\Java22014-03-09 17:53 . 2014-03-29 12:21 -------- d-----w- c:\program files\PhotoInstrument2014-03-08 13:22 . 2014-03-08 13:22 -------- d-----w- c:\program files\SoftMaker FreeOffice2014-03-08 04:10 . 2014-03-08 04:45 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-03-08 04:10 . 2014-03-08 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2014-03-07 03:48 . 2014-03-24 06:58 -------- d-----w- c:\program files\Dobermann...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-31 19:12 . 2013-01-13 17:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-03-31 19:12 . 2013-01-13 17:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-02-06 19:20 . 2014-02-16 02:30 33608 ----a-w- c:\windows\system32\drivers\tap0901.sys2014-01-13 01:04 . 2013-12-09 07:33 286720 ------w- c:\windows\Setup1.exe2014-01-13 01:04 . 2013-12-09 07:33 73216 ----a-w- c:\windows\ST6UNST.EXE2014-01-13 00:51 . 2014-01-13 00:51 75776 ----a-w- c:\windows\system32\temp.0012014-01-13 00:43 . 2014-01-13 00:43 75776 ----a-w- c:\windows\system32\temp.0002014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ditto"="c:\users\R\Desktop\ditto\DittoPortable\App\Ditto\Ditto.exe" [2012-11-09 1433200]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-31 3829328]"SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2014-02-13 5058912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"= 014.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"DisableThumbnails"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FileBox eXtender.lnk]backup=c:\windows\pss\FileBox eXtender.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiClipBoard.lnk]backup=c:\windows\pss\MultiClipBoard.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]backup=c:\windows\pss\Dropbox.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LetMeType.lnk]backup=c:\windows\pss\LetMeType.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QClip.lnk]backup=c:\windows\pss\QClip.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spartan.lnk]backup=c:\windows\pss\Spartan.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]2013-04-18 01:23 3377256 ----a-w- c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2013-02-18 17:43 116648 ----atw- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-11-14 11:12 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]2013-12-18 06:13 1980416 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe.R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-12-09 580232]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2013-04-02 163616]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 esgiguard;esgiguard;c:\users\R\AppData\Local\Temp\RarSFX0\esgiguard.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-12 102784]R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-03-05 23256]R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]R3 MFE_RR;MFE_RR;c:\users\R\AppData\Local\Temp\mfe_rr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2013-11-24 42976]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-03-05 73432]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2014-02-13 358240]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-12 73216]S3 SafeIPS;SafeIPS;c:\program files\SafeIP\SafeIPs.exe [2013-06-28 3860480]S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:23 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7c259d6f70f7.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000Core.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000UA1ce482131e04cee.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-04 c:\windows\Tasks\Wise Care 365.job- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-05-31 09:08].2014-04-04 c:\windows\Tasks\Wise Turbo Checker.job- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-05-31 09:08]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>uInternet Settings,ProxyServer = socks=127.0.0.1:9050IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htmIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download all videos by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htmIE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htmIE: Download current video by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\SafeIPs.dllTrusted Zone: parachat.com\chat..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:79,0a,1a,3d,03,c0,ce,01.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{086BE988-583B-436E-8180-AB72BBD37652}*]@Allowed: (Read) (RestrictedCode)"oajckabhnnkbideamojcnidgnkhggo"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"napcicofmiojnjfekbgjoickdocn"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"handmpidobhmphae"=hex:64,62,68,65,65,6e,6e,62,61,70,6e,6e,66,64,68,70,6c,6b, 63,62,67,6c,68,6f,6c,6d,6a,70,6c,70,6c,70,65,68,68,69,61,70,67,66,00,f5"gandmpidlbendf"=hex:6f,61,66,63,69,62,63,6d,63,6e,70,6a,67,61,66,63,63,67,6b, 6c,70,62,66,6e,65,67,6b,63,6f,69,00,70.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B0B4D0C-AD08-A6C3-446E-91D04033ADAB}*]@Allowed: (Read) (RestrictedCode)"jaonlfppjbicilcimpch"=hex:64,62,6d,6f,66,65,69,63,6a,69,6d,67,61,6d,6d,63,63, 63,6e,6f,70,65,6e,6b,61,66,6c,6d,6f,69,66,69,6c,63,65,67,68,6d,70,68,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61FBAC5B-8BE1-ED45-0FC7-1B08A7E25B50}*]@Allowed: (Read) (RestrictedCode)"iaickoceiebejphnjc"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00"hacbimogbdfjjcjp"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A090CF22-0430-F8AB-E9A1-7377EDD82557}*]"hanodfedhchcckea"=hex:61,62,61,6d,6f,6c,6a,6c,6f,70,6d,64,69,67,6b,69,6a,6c, 63,6a,64,6d,62,69,69,6f,6c,6f,63,6c,67,6d,67,6b,00,74"jamoohopkkjeomgbiedp"=hex:64,62,6b,6f,6b,6c,68,6e,6c,6a,6f,6b,67,64,6f,65,62, 63,6c,65,64,6d,6e,69,70,6c,69,6a,64,70,6d,66,68,6c,65,67,64,65,67,6c,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC0A384C-75B2-8B2A-661D-1C938459337E}*]"jalikbblohecbmghifgm"=hex:62,61,6f,63,00,00"jalikbblohecbmghifkm"=hex:62,61,6f,63,00,00"ialhgjikmbgifdkmlf"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00"habhmomcbpkoajpa"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA9C3B16-9640-4513-4341-C4DEFEA5D4B0}*]@Allowed: (Read) (RestrictedCode)"iadhjhjhhihpjhdnle"=hex:6b,61,67,64,69,6f,69,6c,6f,6b,65,68,62,6a,6d,6b,6c,6d, 63,63,70,6c,00,00"hanfljhlobpdlchp"=hex:6b,61,67,64,6d,6f,65,6d,64,67,67,6b,70,62,6f,68,6a,61, 66,70,62,6f,00,00"dakifghc"=hex:61,62,61,69,61,63,62,66,69,61,6b,62,68,62,65,6f,6c,6d,67,65,6a, 68,6b,66,69,61,6e,67,62,68,6c,6f,62,69,00,00"dakinajg"=hex:61,61,00,69"dakibple"=hex:69,62,6a,64,6d,68,67,61,6d,65,62,62,64,6b,61,6e,66,66,65,66,66, 6e,69,6f,6f,62,62,67,6f,6e,6e,6d,6f,62,6f,70,6a,70,70,6b,61,61,6c,6e,63,62,\"dakicpfe"=hex:66,62,65,66,64,64,6a,63,65,6b,6e,67,64,70,6f,69,64,70,63,6d,61, 68,69,6c,62,6d,65,66,6e,6e,6a,65,70,6f,6e,62,6a,6e,6d,62,6f,6b,61,6a,00,62.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-04-04 17:40:31ComboFix-quarantined-files.txt 2014-04-04 12:10ComboFix2.txt 2014-04-03 12:51ComboFix3.txt 2014-04-02 12:01.Pre-Run: 49,184,899,072 bytes freePost-Run: 49,136,177,152 bytes free.- - End Of File - - CBEB09FCA1B042A1EDC2978DA5F55470A36C5E4F47E84449FF07ED3517B43A31
  11. Hi Ok done. Combofix took 2 hours to finish. Since the first when I ran it where it detected winstart.bat I cant use the shut down or restart option in start menu > any fixes for those? I use ctrl-alt-del to shut down the windows now . Here are logs from CF and MBAM : ComboFix 14-04-03.01 - R 03-04-2014 16:25:54.3.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2009.1142 [GMT 5.5:30]Running from: c:\users\R\Downloads\Programs\ComboFix.exeCommand switches used :: c:\users\R\Downloads\Programs\CFScript.txtAV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\V21.dllc:\users\R\AppData\Roaming\9961660784cc2937229a742.95731288c:\users\R\AppData\Roaming\WebcamMax-7.7.7.2.MultiLanguage.Setup.exec:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2014-03-03 to 2014-04-03 )))))))))))))))))))))))))))))))..2014-04-03 12:48 . 2014-04-03 12:48 -------- d-----w- c:\users\R\AppData\Local\temp2014-04-03 12:48 . 2014-04-03 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp2014-04-03 06:32 . 2014-04-03 07:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-04-03 06:32 . 2014-04-03 06:32 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\users\R\AppData\Local\Currach Software2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\program files\Currach Software2014-03-31 16:16 . 2014-03-31 16:16 2 --shatr- c:\windows\winstart.bat2014-03-30 06:29 . 2014-03-31 19:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2014-03-30 06:06 . 2014-03-30 14:00 -------- d-----w- c:\program files\HitmanPro2014-03-30 06:05 . 2014-03-30 06:31 -------- d-----w- c:\programdata\HitmanPro2014-03-29 13:17 . 2014-03-31 19:48 -------- d-----w- c:\users\R\AppData\Roaming\QuickScan2014-03-27 15:33 . 2014-03-27 15:33 -------- d-----w- c:\programdata\CyberLink2014-03-27 07:32 . 2014-03-27 14:32 -------- d-----w- c:\program files\softendo.com2014-03-26 16:19 . 2014-03-26 16:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\offreg.dll2014-03-26 16:17 . 2014-03-17 04:46 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\mpengine.dll2014-03-26 01:31 . 2013-09-20 05:19 18968 ----a-w- c:\windows\system32\sdnclean.exe2014-03-26 01:31 . 2014-03-27 04:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-03-26 01:30 . 2014-03-26 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\users\R\AppData\Local\SoftConstructors2014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\program files\SoftConstructors2014-03-25 08:59 . 2014-04-02 10:36 -------- d-----w- c:\program files\TimeBell2014-03-25 04:45 . 2014-04-03 06:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-25 02:34 . 2014-03-25 02:34 -------- d-----w- c:\users\R\AppData\Local\ElevatedDiagnostics2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\programdata\Malwarebytes2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-24 12:47 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-21 13:42 . 2014-03-21 18:41 -------- d-----w- c:\users\R\AppData\Roaming\Mipony2014-03-20 12:20 . 2013-11-28 00:24 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys2014-03-19 13:08 . 2014-04-03 03:33 -------- d-----w- c:\users\R\AppData\Local\CrashDumps2014-03-19 03:20 . 2013-05-22 14:33 33080 ----a-w- c:\windows\system32\SpyShelterShellExt.dll2014-03-19 03:20 . 2014-02-08 07:51 3397120 ----a-w- c:\windows\system32\Osklauncher.exe2014-03-19 03:20 . 2012-10-22 12:51 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll2014-03-19 03:20 . 2014-03-22 23:44 -------- d-----w- c:\users\R\AppData\Roaming\SpyShelter2014-03-19 03:20 . 2014-03-19 03:20 -------- d-----w- c:\program files\SpyShelter Personal Free2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\users\R\AppData\Local\Zemana2014-03-18 08:06 . 2002-11-26 09:06 10752 ----a-w- c:\windows\system32\hh.exe2014-03-18 08:06 . 2001-04-05 12:13 1009336 ----a-w- c:\windows\system32\mschrt20.ocx2014-03-18 08:06 . 2014-03-18 08:06 -------- d-----w- c:\program files\Kiran's Typing Tutor2014-03-18 06:43 . 2014-03-18 06:43 -------- d-----w- c:\program files\TypeFaster2014-03-16 04:18 . 2014-03-16 04:18 -------- d-----w- c:\program files\ESET2014-03-16 02:31 . 2014-03-16 02:31 -------- d-----w- c:\users\R\AppData\Roaming\CrystalIdea Software2014-03-16 01:57 . 2014-03-16 03:17 -------- d-----w- c:\windows\system32\wbem\REP.OLD2014-03-15 07:38 . 2014-03-15 07:38 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2014-03-15 06:51 . 2014-03-15 06:51 -------- d-----w- c:\users\R\AppData\Roaming\TuneUp Software2014-03-12 08:30 . 2014-03-12 08:30 -------- d-----w- c:\program files\Java2014-03-09 17:53 . 2014-03-29 12:21 -------- d-----w- c:\program files\PhotoInstrument2014-03-08 13:22 . 2014-03-08 13:22 -------- d-----w- c:\program files\SoftMaker FreeOffice2014-03-08 04:10 . 2014-03-08 04:45 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-03-08 04:10 . 2014-03-08 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2014-03-07 03:48 . 2014-03-24 06:58 -------- d-----w- c:\program files\Dobermann2014-03-05 07:06 . 2014-03-05 07:06 -------- d-----w- c:\program files\PF Auto-Typer...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-31 19:12 . 2013-01-13 17:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-03-31 19:12 . 2013-01-13 17:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-02-06 19:20 . 2014-02-16 02:30 33608 ----a-w- c:\windows\system32\drivers\tap0901.sys2014-01-13 01:04 . 2013-12-09 07:33 286720 ------w- c:\windows\Setup1.exe2014-01-13 01:04 . 2013-12-09 07:33 73216 ----a-w- c:\windows\ST6UNST.EXE2014-01-13 00:51 . 2014-01-13 00:51 75776 ----a-w- c:\windows\system32\temp.0012014-01-13 00:43 . 2014-01-13 00:43 75776 ----a-w- c:\windows\system32\temp.0002014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ditto"="c:\users\R\Desktop\ditto\DittoPortable\App\Ditto\Ditto.exe" [2012-11-09 1433200]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-31 3829328]"SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2014-02-13 5058912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"= 014.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"DisableThumbnails"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FileBox eXtender.lnk]backup=c:\windows\pss\FileBox eXtender.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiClipBoard.lnk]backup=c:\windows\pss\MultiClipBoard.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]backup=c:\windows\pss\Dropbox.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LetMeType.lnk]backup=c:\windows\pss\LetMeType.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QClip.lnk]backup=c:\windows\pss\QClip.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spartan.lnk]backup=c:\windows\pss\Spartan.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]2013-04-18 01:23 3377256 ----a-w- c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2013-02-18 17:43 116648 ----atw- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-11-14 11:12 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]2013-12-18 06:13 1980416 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe.R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-12-09 580232]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2013-04-02 163616]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 esgiguard;esgiguard;c:\users\R\AppData\Local\Temp\RarSFX0\esgiguard.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-12 102784]R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]R3 MFE_RR;MFE_RR;c:\users\R\AppData\Local\Temp\mfe_rr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2013-11-24 42976]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2014-02-13 358240]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-12 73216]S3 SafeIPS;SafeIPS;c:\program files\SafeIP\SafeIPs.exe [2013-06-28 3860480]S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:23 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7c259d6f70f7.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000Core.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000UA1ce482131e04cee.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-03 c:\windows\Tasks\Wise Care 365.job- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-05-31 09:08].2014-03-21 c:\windows\Tasks\Wise Turbo Checker.job- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-05-31 09:08]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htmIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download all videos by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htmIE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htmIE: Download current video by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\SafeIPs.dllTrusted Zone: parachat.com\chat..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:79,0a,1a,3d,03,c0,ce,01.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{086BE988-583B-436E-8180-AB72BBD37652}*]@Allowed: (Read) (RestrictedCode)"oajckabhnnkbideamojcnidgnkhggo"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"napcicofmiojnjfekbgjoickdocn"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"handmpidobhmphae"=hex:64,62,68,65,65,6e,6e,62,61,70,6e,6e,66,64,68,70,6c,6b, 63,62,67,6c,68,6f,6c,6d,6a,70,6c,70,6c,70,65,68,68,69,61,70,67,66,00,f5"gandmpidlbendf"=hex:6f,61,66,63,69,62,63,6d,63,6e,70,6a,67,61,66,63,63,67,6b, 6c,70,62,66,6e,65,67,6b,63,6f,69,00,70.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B0B4D0C-AD08-A6C3-446E-91D04033ADAB}*]@Allowed: (Read) (RestrictedCode)"jaonlfppjbicilcimpch"=hex:64,62,6d,6f,66,65,69,63,6a,69,6d,67,61,6d,6d,63,63, 63,6e,6f,70,65,6e,6b,61,66,6c,6d,6f,69,66,69,6c,63,65,67,68,6d,70,68,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61FBAC5B-8BE1-ED45-0FC7-1B08A7E25B50}*]@Allowed: (Read) (RestrictedCode)"iaickoceiebejphnjc"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00"hacbimogbdfjjcjp"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A090CF22-0430-F8AB-E9A1-7377EDD82557}*]"hanodfedhchcckea"=hex:61,62,61,6d,6f,6c,6a,6c,6f,70,6d,64,69,67,6b,69,6a,6c, 63,6a,64,6d,62,69,69,6f,6c,6f,63,6c,67,6d,67,6b,00,74"jamoohopkkjeomgbiedp"=hex:64,62,6b,6f,6b,6c,68,6e,6c,6a,6f,6b,67,64,6f,65,62, 63,6c,65,64,6d,6e,69,70,6c,69,6a,64,70,6d,66,68,6c,65,67,64,65,67,6c,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC0A384C-75B2-8B2A-661D-1C938459337E}*]"jalikbblohecbmghifgm"=hex:62,61,6f,63,00,00"jalikbblohecbmghifkm"=hex:62,61,6f,63,00,00"ialhgjikmbgifdkmlf"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00"habhmomcbpkoajpa"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA9C3B16-9640-4513-4341-C4DEFEA5D4B0}*]@Allowed: (Read) (RestrictedCode)"iadhjhjhhihpjhdnle"=hex:6b,61,67,64,69,6f,69,6c,6f,6b,65,68,62,6a,6d,6b,6c,6d, 63,63,70,6c,00,00"hanfljhlobpdlchp"=hex:6b,61,67,64,6d,6f,65,6d,64,67,67,6b,70,62,6f,68,6a,61, 66,70,62,6f,00,00"dakifghc"=hex:61,62,61,69,61,63,62,66,69,61,6b,62,68,62,65,6f,6c,6d,67,65,6a, 68,6b,66,69,61,6e,67,62,68,6c,6f,62,69,00,00"dakinajg"=hex:61,61,00,69"dakibple"=hex:69,62,6a,64,6d,68,67,61,6d,65,62,62,64,6b,61,6e,66,66,65,66,66, 6e,69,6f,6f,62,62,67,6f,6e,6e,6d,6f,62,6f,70,6a,70,70,6b,61,61,6c,6e,63,62,\"dakicpfe"=hex:66,62,65,66,64,64,6a,63,65,6b,6e,67,64,70,6f,69,64,70,63,6d,61, 68,69,6c,62,6d,65,66,6e,6e,6a,65,70,6f,6e,62,6a,6e,6d,62,6f,6b,61,6a,00,62.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-04-03 18:21:48ComboFix-quarantined-files.txt 2014-04-03 12:51ComboFix2.txt 2014-04-02 12:01.Pre-Run: 49,987,334,144 bytes freePost-Run: 49,710,284,800 bytes free.- - End Of File - - 8183AB7694BB078C0888EC70F8492D7DA36C5E4F47E84449FF07ED3517B43A31 Here is the MBAM log file : Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 03-04-2014Scan Time: 20:14:33Logfile: Administrator: Yes Version: 2.00.0.1000Malware Database: v2014.04.03.04Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Enabled OS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: R Scan Type: Threat ScanResult: CompletedObjects Scanned: 229753Time Elapsed: 24 min, 16 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: EnabledShuriken: EnabledPUP: DisabledPUM: Warn Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Any way to fix that start menu> shut down option?
  12. Hi I am running Malwarebytes version 1.75.0.1300 Do I need to upgrade it to version 2.0? I havent upgraded it yet because of the system restore point bug I have read about in the forums.
  13. I have no idea what that is because I didnt create it. Hitman Pro cleans malware before windows starts/ Unhack me also installs boot time scans but I have unhack me uninstalled. Other than that I have no idea what that file could be. -RVK
  14. Hi again I ran combofix but encountered a few problems like Combofix.exe downloaded from the link said It had expired and it can run in limited functionality. I downloaded the exe again bleeping computers website and again got the same message. I decided to run it anyways. I think i forgot to disbale windows defender rest all scanners were disabled. Here is the log : ComboFix 14-03-24.01 - R 02-04-2014 17:26:49.2.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2009.1090 [GMT 5.5:30]Running from: c:\users\R\Downloads\Programs\ComboFix.exeAV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.- REDUCED FUNCTIONALITY MODE -..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\ijl11.dllc:\windows\wininit.inic:\windows\wpe pro.INI..((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))..2014-04-02 11:59 . 2014-04-02 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\users\R\AppData\Local\Currach Software2014-04-01 06:10 . 2014-04-01 06:10 -------- d-----w- c:\program files\Currach Software2014-03-31 16:16 . 2014-03-31 16:16 2 --shatr- c:\windows\winstart.bat2014-03-30 06:29 . 2014-03-31 19:01 12872 ----a-w- c:\windows\system32\bootdelete.exe2014-03-30 06:06 . 2014-03-30 14:00 -------- d-----w- c:\program files\HitmanPro2014-03-30 06:05 . 2014-03-30 06:31 -------- d-----w- c:\programdata\HitmanPro2014-03-29 13:17 . 2014-03-31 19:48 -------- d-----w- c:\users\R\AppData\Roaming\QuickScan2014-03-27 15:33 . 2014-03-27 15:33 -------- d-----w- c:\programdata\CyberLink2014-03-27 07:32 . 2014-03-27 14:32 -------- d-----w- c:\program files\softendo.com2014-03-26 16:19 . 2014-03-26 16:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\offreg.dll2014-03-26 16:17 . 2014-03-17 04:46 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40F4C292-1700-4BCF-BB9F-5165E0D1A7FC}\mpengine.dll2014-03-26 01:31 . 2013-09-20 05:19 18968 ----a-w- c:\windows\system32\sdnclean.exe2014-03-26 01:31 . 2014-03-27 04:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-03-26 01:30 . 2014-03-26 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 22014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\users\R\AppData\Local\SoftConstructors2014-03-25 14:24 . 2014-03-25 14:24 -------- d-----w- c:\program files\SoftConstructors2014-03-25 08:59 . 2014-04-02 10:36 -------- d-----w- c:\program files\TimeBell2014-03-25 04:45 . 2014-03-31 15:08 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-25 02:34 . 2014-03-25 02:34 -------- d-----w- c:\users\R\AppData\Local\ElevatedDiagnostics2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\programdata\Malwarebytes2014-03-24 12:47 . 2014-03-24 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-03-24 12:47 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-21 13:42 . 2014-03-21 18:41 -------- d-----w- c:\users\R\AppData\Roaming\Mipony2014-03-20 12:20 . 2013-11-28 00:24 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys2014-03-19 13:08 . 2014-04-01 20:15 -------- d-----w- c:\users\R\AppData\Local\CrashDumps2014-03-19 03:20 . 2013-05-22 14:33 33080 ----a-w- c:\windows\system32\SpyShelterShellExt.dll2014-03-19 03:20 . 2014-02-08 07:51 3397120 ----a-w- c:\windows\system32\Osklauncher.exe2014-03-19 03:20 . 2012-10-22 12:51 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll2014-03-19 03:20 . 2014-03-22 23:44 -------- d-----w- c:\users\R\AppData\Roaming\SpyShelter2014-03-19 03:20 . 2014-03-19 03:20 -------- d-----w- c:\program files\SpyShelter Personal Free2014-03-19 02:38 . 2014-03-19 02:38 -------- d-----w- c:\users\R\AppData\Local\Zemana2014-03-18 08:06 . 2002-11-26 09:06 10752 ----a-w- c:\windows\system32\hh.exe2014-03-18 08:06 . 2001-04-05 12:13 1009336 ----a-w- c:\windows\system32\mschrt20.ocx2014-03-18 08:06 . 2014-03-18 08:06 -------- d-----w- c:\program files\Kiran's Typing Tutor2014-03-18 06:43 . 2014-03-18 06:43 -------- d-----w- c:\program files\TypeFaster2014-03-16 04:18 . 2014-03-16 04:18 -------- d-----w- c:\program files\ESET2014-03-16 02:31 . 2014-03-16 02:31 -------- d-----w- c:\users\R\AppData\Roaming\CrystalIdea Software2014-03-16 01:57 . 2014-03-16 03:17 -------- d-----w- c:\windows\system32\wbem\REP.OLD2014-03-15 07:38 . 2014-03-15 07:38 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2014-03-15 06:51 . 2014-03-15 06:51 -------- d-----w- c:\users\R\AppData\Roaming\TuneUp Software2014-03-12 08:30 . 2014-03-12 08:30 -------- d-----w- c:\program files\Java22014-03-09 17:53 . 2014-03-29 12:21 -------- d-----w- c:\program files\PhotoInstrument2014-03-08 13:22 . 2014-03-08 13:22 -------- d-----w- c:\program files\SoftMaker FreeOffice2014-03-08 04:10 . 2014-03-08 04:45 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP2014-03-08 04:10 . 2014-03-08 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2014-03-07 03:48 . 2014-03-24 06:58 -------- d-----w- c:\program files\Dobermann2014-03-05 07:06 . 2014-03-05 07:06 -------- d-----w- c:\program files\PF Auto-Typer...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-31 19:12 . 2013-01-13 17:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-03-31 19:12 . 2013-01-13 17:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-02-06 19:20 . 2014-02-16 02:30 33608 ----a-w- c:\windows\system32\drivers\tap0901.sys2014-01-13 01:04 . 2013-12-09 07:33 286720 ------w- c:\windows\Setup1.exe2014-01-13 01:04 . 2013-12-09 07:33 73216 ----a-w- c:\windows\ST6UNST.EXE2014-01-13 00:51 . 2014-01-13 00:51 75776 ----a-w- c:\windows\system32\temp.0012014-01-13 00:43 . 2014-01-13 00:43 75776 ----a-w- c:\windows\system32\temp.0002014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Ditto"="c:\users\R\Desktop\ditto\DittoPortable\App\Ditto\Ditto.exe" [2012-11-09 1433200]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-31 3829328]"SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2014-02-13 5058912].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"= 014.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"DisableThumbnails"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FileBox eXtender.lnk]backup=c:\windows\pss\FileBox eXtender.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiClipBoard.lnk]backup=c:\windows\pss\MultiClipBoard.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]backup=c:\windows\pss\Dropbox.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LetMeType.lnk]backup=c:\windows\pss\LetMeType.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QClip.lnk]backup=c:\windows\pss\QClip.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spartan.lnk]backup=c:\windows\pss\Spartan.lnk.StartupbackupExtension=.StartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]2013-04-18 01:23 3377256 ----a-w- c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2013-02-18 17:43 116648 ----atw- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2013-11-14 11:12 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]2013-12-18 06:13 1980416 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe.R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [2013-12-09 580232]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2013-04-02 163616]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 esgiguard;esgiguard;c:\users\R\AppData\Local\Temp\RarSFX0\esgiguard.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-12 102784]R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]R3 MFE_RR;MFE_RR;c:\users\R\AppData\Local\Temp\mfe_rr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2013-11-24 42976]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]S1 Spyshelter;Spyshelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [2014-02-13 358240]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-12 73216]S3 SafeIPS;SafeIPS;c:\program files\SafeIP\SafeIPs.exe [2013-06-28 3860480]S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:23 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7c259d6f70f7.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 09:31].2014-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000Core.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296529163-4271216340-3131809865-1000UA1ce482131e04cee.job- c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 17:43].2014-04-02 c:\windows\Tasks\Wise Care 365.job- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-05-31 09:08].2014-03-21 c:\windows\Tasks\Wise Turbo Checker.job- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-05-31 09:08]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htmIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download all videos by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htmIE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htmIE: Download current video by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\SafeIPs.dllTrusted Zone: parachat.com\chat.- - - - ORPHANS REMOVED - - - -.ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:79,0a,1a,3d,03,c0,ce,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,77,b0,50,eb,de,01,4e,84,05,8e,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,77,b0,50,eb,de,01,4e,84,05,8e,\.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{086BE988-583B-436E-8180-AB72BBD37652}*]@Allowed: (Read) (RestrictedCode)"oajckabhnnkbideamojcnidgnkhggo"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"napcicofmiojnjfekbgjoickdocn"=hex:69,61,6a,68,68,64,6d,62,64,6e,67,65,62,65, 70,62,64,62,00,00"handmpidobhmphae"=hex:64,62,68,65,65,6e,6e,62,61,70,6e,6e,66,64,68,70,6c,6b, 63,62,67,6c,68,6f,6c,6d,6a,70,6c,70,6c,70,65,68,68,69,61,70,67,66,00,f5"gandmpidlbendf"=hex:6f,61,66,63,69,62,63,6d,63,6e,70,6a,67,61,66,63,63,67,6b, 6c,70,62,66,6e,65,67,6b,63,6f,69,00,70.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B0B4D0C-AD08-A6C3-446E-91D04033ADAB}*]@Allowed: (Read) (RestrictedCode)"jaonlfppjbicilcimpch"=hex:64,62,6d,6f,66,65,69,63,6a,69,6d,67,61,6d,6d,63,63, 63,6e,6f,70,65,6e,6b,61,66,6c,6d,6f,69,66,69,6c,63,65,67,68,6d,70,68,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61FBAC5B-8BE1-ED45-0FC7-1B08A7E25B50}*]@Allowed: (Read) (RestrictedCode)"iaickoceiebejphnjc"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00"hacbimogbdfjjcjp"=hex:69,61,62,69,6d,6f,63,69,6d,62,6e,6b,6b,6a,6e,6e,69,62, 00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A090CF22-0430-F8AB-E9A1-7377EDD82557}*]"hanodfedhchcckea"=hex:61,62,61,6d,6f,6c,6a,6c,6f,70,6d,64,69,67,6b,69,6a,6c, 63,6a,64,6d,62,69,69,6f,6c,6f,63,6c,67,6d,67,6b,00,74"jamoohopkkjeomgbiedp"=hex:64,62,6b,6f,6b,6c,68,6e,6c,6a,6f,6b,67,64,6f,65,62, 63,6c,65,64,6d,6e,69,70,6c,69,6a,64,70,6d,66,68,6c,65,67,64,65,67,6c,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC0A384C-75B2-8B2A-661D-1C938459337E}*]"jalikbblohecbmghifgm"=hex:62,61,6f,63,00,00"jalikbblohecbmghifkm"=hex:62,61,6f,63,00,00"ialhgjikmbgifdkmlf"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00"habhmomcbpkoajpa"=hex:6b,61,6d,63,66,6b,70,69,62,62,6d,6a,63,66,6f,70,6e,6b, 63,6a,66,62,00,00.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA9C3B16-9640-4513-4341-C4DEFEA5D4B0}*]@Allowed: (Read) (RestrictedCode)"iadhjhjhhihpjhdnle"=hex:6b,61,67,64,69,6f,69,6c,6f,6b,65,68,62,6a,6d,6b,6c,6d, 63,63,70,6c,00,00"hanfljhlobpdlchp"=hex:6b,61,67,64,6d,6f,65,6d,64,67,67,6b,70,62,6f,68,6a,61, 66,70,62,6f,00,00"dakifghc"=hex:61,62,61,69,61,63,62,66,69,61,6b,62,68,62,65,6f,6c,6d,67,65,6a, 68,6b,66,69,61,6e,67,62,68,6c,6f,62,69,00,00"dakinajg"=hex:61,61,00,69"dakibple"=hex:69,62,6a,64,6d,68,67,61,6d,65,62,62,64,6b,61,6e,66,66,65,66,66, 6e,69,6f,6f,62,62,67,6f,6e,6e,6d,6f,62,6f,70,6a,70,70,6b,61,61,6c,6e,63,62,\"dakicpfe"=hex:66,62,65,66,64,64,6a,63,65,6b,6e,67,64,70,6f,69,64,70,63,6d,61, 68,69,6c,62,6d,65,66,6e,6e,6a,65,70,6f,6e,62,6a,6e,6d,62,6f,6b,61,6a,00,62.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):d2,e9,a6,f1,39,a1,3c,94,66,59,4f,ee,57,35,db,a7,91,ba,3f,64,04, 42,ff,27,6a,f8,ff,43,1b,cd,40,49,2f,77,2f,f3,36,5a,15,2e,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-296529163-4271216340-3131809865-1000_Classes\CLSID\{61d52359-b994-4890-a5a4-e4cf2609c012}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000160"Therad"=dword:0000002a"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2014-04-02 17:31:44ComboFix-quarantined-files.txt 2014-04-02 12:01.Pre-Run: 50,439,376,896 bytes freePost-Run: 50,138,677,248 bytes free.- - End Of File - - 61455C73155BFD8CAC88082028082999A36C5E4F47E84449FF07ED3517B43A31
  15. Hi Marius I am a little confused here , do I run combofix under safe mode or do I start windows normally and disable antivirus/antispyware manually to run combofix? - RVK
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.