Jump to content

lesvdavis

Members
  • Posts

    25
  • Joined

  • Last visited

Everything posted by lesvdavis

  1. I ran the security check & will update Java. Log: Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Internet Security 2014 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy TuneUp Utilities 2014 TuneUp Utilities 2014 (en-US) TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2014 Java 7 Update 45 Java version out of Date! Adobe Flash Player 13.0.0.214 Mozilla Firefox (29.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe AVG avgemc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. Thank you so much!!!!! I have run MB and AV scans and everything seems fine so far. I cannot express how greatful I am!!!!
  3. I am sorry for not responding sooner, but I was in the hospital and have just returned. I Ran FRST and the log is above. I do not have Chrome set up on this computer. Do I need to do anything about its preferences? Thank uou.
  4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02 Ran by Les at 2014-05-30 17:46:43 Run:1 Running from C:\Users\Les\Desktop\PopUp\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files\pcreg HKLM-x32\...\Run: [] => [X] SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] () 2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg C:\Users\Les\AppData\Local\Temp\Quarantine.exe Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe ***************** C:\Program Files\pcreg => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. pcregservice => Service stopped successfully. pcregservice => Service deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. C:\Users\Les\AppData\Local\Temp\Quarantine.exe => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully. C:\Windows\System32\Tasks\pcreg not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully. ==== End of Fixlog ====
  5. #3. Part 2. I am getting all sorts of weird errors when trying to post. Please let me know if you need the last 2 1/2 TDSS files and how to post them. Thank you again for your wonderful and kind assistance!
  6. #3. Part 1 10:16:06.0024 0x08b8 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03 10:16:10.0332 0x08b8 ============================================================ 10:16:10.0332 0x08b8 Current date / time: 2014/05/27 10:16:10.0332 10:16:10.0332 0x08b8 SystemInfo: 10:16:10.0332 0x08b8 10:16:10.0332 0x08b8 OS Version: 6.1.7601 ServicePack: 1.0 10:16:10.0332 0x08b8 Product type: Workstation 10:16:10.0332 0x08b8 ComputerName: LES-PC 10:16:10.0340 0x08b8 UserName: Les 10:16:10.0340 0x08b8 Windows directory: C:\Windows 10:16:10.0340 0x08b8 System windows directory: C:\Windows 10:16:10.0340 0x08b8 Running under WOW64 10:16:10.0340 0x08b8 Processor architecture: Intel x64 10:16:10.0340 0x08b8 Number of processors: 4 10:16:10.0340 0x08b8 Page size: 0x1000 10:16:10.0340 0x08b8 Boot type: Normal boot 10:16:10.0340 0x08b8 ============================================================ 10:16:10.0341 0x08b8 BG loaded 10:16:10.0469 0x08b8 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC} 10:16:10.0927 0x08b8 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:16:10.0927 0x08b8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:16:10.0927 0x08b8 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:16:10.0971 0x08b8 ============================================================ 10:16:10.0971 0x08b8 \Device\Harddisk0\DR0: 10:16:10.0971 0x08b8 MBR partitions: 10:16:10.0971 0x08b8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800 10:16:10.0972 0x08b8 \Device\Harddisk1\DR1: 10:16:11.0156 0x08b8 MBR partitions: 10:16:11.0156 0x08b8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 10:16:11.0156 0x08b8 \Device\Harddisk2\DR2: 10:16:11.0156 0x08b8 MBR partitions: 10:16:11.0156 0x08b8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800 10:16:11.0156 0x08b8 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763 10:16:11.0156 0x08b8 ============================================================ 10:16:11.0160 0x08b8 C: <-> \Device\Harddisk0\DR0\Partition1 10:16:11.0178 0x08b8 F: <-> \Device\Harddisk2\DR2\Partition2 10:16:11.0192 0x08b8 D: <-> \Device\Harddisk2\DR2\Partition1 10:16:11.0206 0x08b8 E: <-> \Device\Harddisk1\DR1\Partition1 10:16:11.0206 0x08b8 ============================================================ 10:16:11.0206 0x08b8 Initialize success 10:16:11.0206 0x08b8 ============================================================ 10:16:24.0555 0x14ec ============================================================ 10:16:24.0555 0x14ec Scan started 10:16:24.0555 0x14ec Mode: Manual; SigCheck; TDLFS; 10:16:24.0555 0x14ec ============================================================ 10:16:24.0555 0x14ec KSN ping started 10:16:38.0261 0x14ec KSN ping finished: true 10:16:38.0349 0x14ec ================ Scan system memory ======================== 10:16:38.0349 0x14ec System memory - ok 10:16:38.0349 0x14ec ================ Scan services ============================= 10:16:38.0382 0x14ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 10:16:38.0447 0x14ec 1394ohci - ok 10:16:38.0459 0x14ec [ B41D55A432DEBCB3A6D665A9ACEF42FE, BC62EDD4FBEE37015A18984527009DEB0F1B354E64BD3B73956063223A6945F6 ] 37645424 C:\Windows\system32\drivers\24676752.sys 10:16:38.0472 0x14ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 10:16:38.0487 0x14ec ACPI - ok 10:16:38.0491 0x14ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 10:16:38.0503 0x14ec AcpiPmi - ok 10:16:38.0523 0x14ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:16:38.0536 0x14ec AdobeFlashPlayerUpdateSvc - ok 10:16:38.0547 0x14ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 10:16:38.0565 0x14ec adp94xx - ok 10:16:38.0575 0x14ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 10:16:38.0590 0x14ec adpahci - ok 10:16:38.0596 0x14ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 10:16:38.0608 0x14ec adpu320 - ok 10:16:38.0614 0x14ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 10:16:38.0641 0x14ec AeLookupSvc - ok 10:16:38.0653 0x14ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys 10:16:38.0674 0x14ec AFD - ok 10:16:38.0678 0x14ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 10:16:38.0688 0x14ec agp440 - ok 10:16:38.0692 0x14ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 10:16:38.0705 0x14ec ALG - ok 10:16:38.0709 0x14ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 10:16:38.0718 0x14ec aliide - ok 10:16:38.0725 0x14ec [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 10:16:38.0744 0x14ec AMD External Events Utility - ok 10:16:38.0747 0x14ec AMD FUEL Service - ok 10:16:38.0752 0x14ec [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193, E59E79AF44878AAC09DF5DE8CEDB9088800711553C7C7E358328274C116B46F9 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys 10:16:38.0769 0x14ec amdhub30 - ok 10:16:38.0772 0x14ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 10:16:38.0781 0x14ec amdide - ok 10:16:38.0785 0x14ec [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 10:16:38.0793 0x14ec amdiox64 - ok 10:16:38.0797 0x14ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 10:16:38.0809 0x14ec AmdK8 - ok 10:16:39.0010 0x14ec [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 10:16:39.0265 0x14ec amdkmdag - ok 10:16:39.0292 0x14ec [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 10:16:39.0316 0x14ec amdkmdap - ok 10:16:39.0321 0x14ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 10:16:39.0332 0x14ec AmdPPM - ok 10:16:39.0337 0x14ec [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 10:16:39.0348 0x14ec amdsata - ok 10:16:39.0355 0x14ec [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 10:16:39.0367 0x14ec amdsbs - ok 10:16:39.0370 0x14ec [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 10:16:39.0379 0x14ec amdxata - ok 10:16:39.0386 0x14ec [ 541A6C49C792ED71FB3EFF8C815CFE60, BC8D740C980CA60C06364CB75BDA323A1604C4CFAF753FD8C44D2FF312C6C7E1 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys 10:16:39.0397 0x14ec amdxhc - ok 10:16:39.0402 0x14ec [ A1434F35B7B171CB697D74D33F7D029F, 97688D8C388066D02036DEF388AD7D8BE55DB268185CECE88128195D87422496 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys 10:16:39.0411 0x14ec amd_sata - ok 10:16:39.0414 0x14ec [ E9B5A82FA268BB2D1B012030D5F4E096, 9EBE4DD2B86EE62D5E47ED85FC6271FE66A5A564227C7C8B7A576FD54A2CFACB ] amd_xata C:\Windows\system32\drivers\amd_xata.sys 10:16:39.0422 0x14ec amd_xata - ok 10:16:39.0425 0x14ec [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 10:16:39.0433 0x14ec AODDriver4.2 - ok 10:16:39.0437 0x14ec [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 10:16:39.0463 0x14ec AppID - ok 10:16:39.0468 0x14ec [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 10:16:39.0494 0x14ec AppIDSvc - ok 10:16:39.0498 0x14ec [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 10:16:39.0511 0x14ec Appinfo - ok 10:16:39.0517 0x14ec [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 10:16:39.0531 0x14ec AppMgmt - ok 10:16:39.0536 0x14ec [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 10:16:39.0546 0x14ec arc - ok 10:16:39.0550 0x14ec [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 10:16:39.0560 0x14ec arcsas - ok 10:16:39.0571 0x14ec [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:16:39.0582 0x14ec aspnet_state - ok 10:16:39.0586 0x14ec [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 10:16:39.0612 0x14ec AsyncMac - ok 10:16:39.0615 0x14ec [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 10:16:39.0624 0x14ec atapi - ok 10:16:39.0630 0x14ec [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 10:16:39.0642 0x14ec AtiHDAudioService - ok 10:16:39.0657 0x14ec [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 10:16:39.0697 0x14ec AudioEndpointBuilder - ok 10:16:39.0711 0x14ec [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 10:16:39.0751 0x14ec AudioSrv - ok 10:16:39.0759 0x14ec [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys 10:16:39.0770 0x14ec Avgdiska - ok 10:16:39.0775 0x14ec [ CA10D51653068DB6A0ADEEDDC4946C47, 6E731B28C38ED2BA48CF4855EBBF8B548D45C8DB8ABD9521E5516227CA68072B ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys 10:16:39.0783 0x14ec Avgfwfd - ok 10:16:39.0815 0x14ec [ E578BE6020D03900A2062778B6D52226, BCE022157B696FE21D95A4C4386264BF637803B0C32BB4DB5E9D8BA166D51F9A ] avgfws C:\Program Files (x86)\AVG\AVG2014\avgfws.exe 10:16:39.0852 0x14ec avgfws - ok 10:16:39.0921 0x14ec [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe 10:16:39.0997 0x14ec AVGIDSAgent - ok 10:16:40.0011 0x14ec [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 10:16:40.0023 0x14ec AVGIDSDriver - ok 10:16:40.0029 0x14ec [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 10:16:40.0041 0x14ec AVGIDSHA - ok 10:16:40.0048 0x14ec [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 10:16:40.0060 0x14ec Avgldx64 - ok 10:16:40.0069 0x14ec [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 10:16:40.0083 0x14ec Avgloga - ok 10:16:40.0089 0x14ec [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 10:16:40.0099 0x14ec Avgmfx64 - ok 10:16:40.0102 0x14ec [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 10:16:40.0111 0x14ec Avgrkx64 - ok 10:16:40.0119 0x14ec [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 10:16:40.0132 0x14ec Avgtdia - ok 10:16:40.0140 0x14ec [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe 10:16:40.0153 0x14ec avgwd - ok 10:16:40.0159 0x14ec [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 10:16:40.0175 0x14ec AxInstSV - ok 10:16:40.0186 0x14ec [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 10:16:40.0210 0x14ec b06bdrv - ok 10:16:40.0218 0x14ec [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 10:16:40.0235 0x14ec b57nd60a - ok 10:16:40.0241 0x14ec [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 10:16:40.0253 0x14ec BDESVC - ok 10:16:40.0256 0x14ec [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 10:16:40.0282 0x14ec Beep - ok 10:16:40.0286 0x14ec BelkinAPMmonitor - ok 10:16:40.0289 0x14ec BelkinAPMRMI - ok 10:16:40.0306 0x14ec [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 10:16:40.0332 0x14ec BFE - ok 10:16:40.0350 0x14ec [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 10:16:40.0394 0x14ec BITS - ok 10:16:40.0399 0x14ec [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 10:16:40.0411 0x14ec blbdrive - ok 10:16:40.0415 0x14ec [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 10:16:40.0427 0x14ec bowser - ok 10:16:40.0431 0x14ec [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 10:16:40.0444 0x14ec BrFiltLo - ok 10:16:40.0447 0x14ec [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 10:16:40.0460 0x14ec BrFiltUp - ok 10:16:40.0465 0x14ec [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
  7. #2. 10:09:16.0677 0x1638 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03 10:09:22.0777 0x1638 ============================================================ 10:09:22.0777 0x1638 Current date / time: 2014/05/27 10:09:22.0777 10:09:22.0777 0x1638 SystemInfo: 10:09:22.0777 0x1638 10:09:22.0777 0x1638 OS Version: 6.1.7601 ServicePack: 1.0 10:09:22.0777 0x1638 Product type: Workstation 10:09:22.0777 0x1638 ComputerName: LES-PC 10:09:22.0778 0x1638 UserName: Les 10:09:22.0778 0x1638 Windows directory: C:\Windows 10:09:22.0778 0x1638 System windows directory: C:\Windows 10:09:22.0778 0x1638 Running under WOW64 10:09:22.0778 0x1638 Processor architecture: Intel x64 10:09:22.0778 0x1638 Number of processors: 4 10:09:22.0778 0x1638 Page size: 0x1000 10:09:22.0778 0x1638 Boot type: Normal boot 10:09:22.0778 0x1638 ============================================================ 10:09:22.0873 0x1638 KLMD registered as C:\Windows\system32\drivers\10903881.sys 10:09:22.0982 0x1638 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC} 10:09:23.0423 0x1638 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0423 0x1638 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0660 0x1638 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0694 0x1638 ============================================================ 10:09:23.0694 0x1638 \Device\Harddisk0\DR0: 10:09:23.0695 0x1638 MBR partitions: 10:09:23.0695 0x1638 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800 10:09:23.0695 0x1638 \Device\Harddisk1\DR1: 10:09:23.0695 0x1638 MBR partitions: 10:09:23.0695 0x1638 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 10:09:23.0696 0x1638 \Device\Harddisk2\DR2: 10:09:23.0696 0x1638 MBR partitions: 10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800 10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763 10:09:23.0696 0x1638 ============================================================ 10:09:23.0697 0x1638 C: <-> \Device\Harddisk0\DR0\Partition1 10:09:23.0722 0x1638 F: <-> \Device\Harddisk2\DR2\Partition2 10:09:23.0736 0x1638 D: <-> \Device\Harddisk2\DR2\Partition1 10:09:23.0771 0x1638 E: <-> \Device\Harddisk1\DR1\Partition1 10:09:23.0772 0x1638 ============================================================ 10:09:23.0772 0x1638 Initialize success 10:09:23.0772 0x1638 ============================================================ 10:11:43.0342 0x0534 KLMD registered as C:\Windows\system32\drivers\68159747.sys 10:11:44.0316 0x0534 Deinitialize success
  8. Will post 5 DSS logs seperately. #1. 10:09:16.0677 0x1638 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03 10:09:22.0777 0x1638 ============================================================ 10:09:22.0777 0x1638 Current date / time: 2014/05/27 10:09:22.0777 10:09:22.0777 0x1638 SystemInfo: 10:09:22.0777 0x1638 10:09:22.0777 0x1638 OS Version: 6.1.7601 ServicePack: 1.0 10:09:22.0777 0x1638 Product type: Workstation 10:09:22.0777 0x1638 ComputerName: LES-PC 10:09:22.0778 0x1638 UserName: Les 10:09:22.0778 0x1638 Windows directory: C:\Windows 10:09:22.0778 0x1638 System windows directory: C:\Windows 10:09:22.0778 0x1638 Running under WOW64 10:09:22.0778 0x1638 Processor architecture: Intel x64 10:09:22.0778 0x1638 Number of processors: 4 10:09:22.0778 0x1638 Page size: 0x1000 10:09:22.0778 0x1638 Boot type: Normal boot 10:09:22.0778 0x1638 ============================================================ 10:09:22.0873 0x1638 KLMD registered as C:\Windows\system32\drivers\10903881.sys 10:09:22.0982 0x1638 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC} 10:09:23.0423 0x1638 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0423 0x1638 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0660 0x1638 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:09:23.0694 0x1638 ============================================================ 10:09:23.0694 0x1638 \Device\Harddisk0\DR0: 10:09:23.0695 0x1638 MBR partitions: 10:09:23.0695 0x1638 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800 10:09:23.0695 0x1638 \Device\Harddisk1\DR1: 10:09:23.0695 0x1638 MBR partitions: 10:09:23.0695 0x1638 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 10:09:23.0696 0x1638 \Device\Harddisk2\DR2: 10:09:23.0696 0x1638 MBR partitions: 10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800 10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763 10:09:23.0696 0x1638 ============================================================ 10:09:23.0697 0x1638 C: <-> \Device\Harddisk0\DR0\Partition1 10:09:23.0722 0x1638 F: <-> \Device\Harddisk2\DR2\Partition2 10:09:23.0736 0x1638 D: <-> \Device\Harddisk2\DR2\Partition1 10:09:23.0771 0x1638 E: <-> \Device\Harddisk1\DR1\Partition1 10:09:23.0772 0x1638 ============================================================ 10:09:23.0772 0x1638 Initialize success 10:09:23.0772 0x1638 ============================================================ 10:11:43.0342 0x0534 KLMD registered as C:\Windows\system32\drivers\68159747.sys 10:11:44.0316 0x0534 Deinitialize success
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Les (administrator) on LES-PC on 28-05-2014 01:39:11 Running from C:\Users\Les\Desktop\PopUp Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe (MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe () C:\Program Files\pcreg\pcreg.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\ProgramData\TVersity\Media Server\MediaServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe (The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [belkinAPM] => C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe [114688 2013-03-15] (Macrovision) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262 FF Homepage: hxxp://my.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus Pop-up Addon - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-24] FF Extension: Adblock Plus - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-16] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 BelkinAPMmonitor; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [114688 2013-03-15] (Macrovision) R3 BelkinAPMRMI; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [114688 2013-03-15] (Macrovision) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] () R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software) R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] () ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-23] (GFI Software) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-04-12] (Paragon Software Group) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\63D1.tmp [6144 2011-05-12] (Sophos Plc) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-28 01:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-28 01:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-28 01:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt 2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt 2014-05-27 22:35 - 2014-05-28 01:03 - 00000000 ____D () C:\AdwCleaner 2014-05-27 22:35 - 2014-05-27 22:36 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt 2014-05-27 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt 2014-05-27 10:29 - 2014-05-27 10:34 - 00000000 ____D () C:\Qoobox 2014-05-27 10:29 - 2014-05-27 10:33 - 00000000 ____D () C:\Windows\erdnt 2014-05-27 10:29 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-05-27 10:29 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-05-27 10:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-05-27 10:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-05-27 10:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-05-27 10:29 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-05-27 10:29 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-05-27 10:29 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-05-27 09:58 - 2014-05-28 01:08 - 00000000 ____D () C:\Windows\ERUNT 2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt 2014-05-27 08:04 - 2014-05-27 08:09 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine 2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme 2014-05-27 05:20 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-05-27 05:20 - 2014-05-27 05:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2014-05-26 22:36 - 2014-05-28 01:39 - 00000000 ____D () C:\Users\Les\Desktop\PopUp 2014-05-26 19:42 - 2014-05-28 01:39 - 00000000 ____D () C:\FRST 2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-25 23:37 - 2014-05-28 01:20 - 00180030 _____ () C:\Windows\setupact.log 2014-05-25 23:37 - 2014-05-27 22:44 - 00002568 _____ () C:\Windows\PFRO.log 2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-25 09:34 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-25 09:34 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-25 09:34 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-25 09:34 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-25 09:34 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-25 09:34 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-25 09:13 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-25 09:13 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-25 09:13 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-25 09:13 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-25 09:13 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-25 09:13 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-25 09:13 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-25 09:13 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-25 09:13 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-25 09:13 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-25 09:13 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-25 09:13 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-25 09:13 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-25 09:13 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-25 09:13 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-25 09:13 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-25 09:13 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-25 09:13 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-25 09:13 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-25 09:12 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-25 09:11 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-25 09:11 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-25 09:11 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-25 04:54 - 2014-05-27 07:31 - 00000000 ____D () C:\Program Files\stinger 2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg 2014-05-25 04:38 - 2014-05-26 20:24 - 00000000 ____D () C:\Program Files\pcreg 2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\F095.tmp 2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\63D1.tmp 2014-05-25 04:20 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\390B.tmp 2014-05-25 04:19 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\C8E9.tmp 2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CA45.tmp 2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3FD2.tmp 2014-05-25 04:08 - 2014-05-25 05:51 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache 2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll 2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache 2014-05-24 10:08 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-05-24 09:22 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp 2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee 2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs 2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-09 19:23 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-05-28 01:39 - 2014-05-26 22:36 - 00000000 ____D () C:\Users\Les\Desktop\PopUp 2014-05-28 01:39 - 2014-05-26 19:42 - 00000000 ____D () C:\FRST 2014-05-28 01:38 - 2013-05-28 01:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-28 01:24 - 2013-05-26 05:01 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-28 01:24 - 2009-07-14 01:13 - 00786254 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-28 01:23 - 2013-09-23 14:00 - 01397940 _____ () C:\Windows\WindowsUpdate.log 2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-28 01:20 - 2014-05-25 23:37 - 00180030 _____ () C:\Windows\setupact.log 2014-05-28 01:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt 2014-05-28 01:08 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT 2014-05-28 01:08 - 2013-03-14 20:56 - 00000000 ____D () C:\Users\Les\Documents\Outlook Files 2014-05-28 01:03 - 2014-05-27 22:35 - 00000000 ____D () C:\AdwCleaner 2014-05-27 23:18 - 2013-03-15 05:39 - 00000000 ____D () C:\Program Files (x86)\Belkin Automatic Power Management Software 2014-05-27 22:44 - 2014-05-25 23:37 - 00002568 _____ () C:\Windows\PFRO.log 2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt 2014-05-27 22:42 - 2013-09-23 14:01 - 00000000 ____D () C:\Users\Les 2014-05-27 22:36 - 2014-05-27 22:35 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt 2014-05-27 21:37 - 2013-03-16 22:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-27 21:37 - 2013-03-16 22:19 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-27 11:43 - 2013-03-16 22:19 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-27 11:43 - 2013-03-16 22:19 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-27 11:18 - 2014-05-25 04:38 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg 2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Malwarebytes 2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-27 11:06 - 2013-03-15 16:23 - 00042739 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log 2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt 2014-05-27 10:34 - 2014-05-27 10:29 - 00000000 ____D () C:\Qoobox 2014-05-27 10:34 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-05-27 10:33 - 2014-05-27 10:29 - 00000000 ____D () C:\Windows\erdnt 2014-05-27 10:33 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-27 10:33 - 2009-07-13 22:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old 2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt 2014-05-27 08:09 - 2014-05-27 08:04 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine 2014-05-27 07:37 - 2014-05-27 05:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-05-27 07:37 - 2014-05-09 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-27 07:37 - 2014-04-26 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-27 07:37 - 2013-03-19 22:43 - 00000000 ____D () C:\Users\Les\AppData\Roaming\uTorrent 2014-05-27 07:37 - 2013-03-14 22:18 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-05-27 07:37 - 2013-03-14 02:10 - 00000000 ____D () C:\SuperChargerProfile 2014-05-27 07:37 - 2011-01-01 02:15 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-05-27 07:31 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files\stinger 2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme 2014-05-27 06:55 - 2014-03-31 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-27 06:48 - 2009-07-14 01:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-27 05:37 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2014-05-27 02:43 - 2013-06-29 18:56 - 00379038 _____ () C:\Users\Les\Desktop\- Knicks-.txt 2014-05-26 21:44 - 2013-03-15 14:52 - 00000000 ____D () C:\ProgramData\Zoom Player 2014-05-26 20:24 - 2014-05-25 04:38 - 00000000 ____D () C:\Program Files\pcreg 2014-05-26 20:20 - 2013-09-23 15:24 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-26 01:26 - 2011-01-01 02:19 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Mipony 2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-25 09:37 - 2011-01-01 01:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-25 09:18 - 2014-04-05 19:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-25 09:15 - 2014-04-05 19:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-25 06:07 - 2013-03-20 05:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-05-25 05:51 - 2014-05-25 04:08 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-05-25 05:03 - 2013-10-21 16:24 - 00000000 ____D () C:\Windows\Minidump 2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache 2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll 2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache 2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp 2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee 2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs 2014-05-22 20:55 - 2013-03-15 22:59 - 00000000 ____D () C:\Users\Les\AppData\Roaming\MediaMonkey 2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-05-14 13:18 - 2013-03-19 22:44 - 00000000 ____D () C:\Program Files (x86)\uTorrent 2014-05-14 04:38 - 2013-05-28 01:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 04:38 - 2013-03-15 16:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 04:38 - 2013-03-15 16:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-12 07:26 - 2014-05-28 01:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-28 01:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-28 01:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-10 06:51 - 2013-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-09 02:14 - 2014-05-25 09:11 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 02:11 - 2014-05-25 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-07 04:14 - 2013-03-15 16:23 - 01024098 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1 2014-05-06 23:41 - 2013-03-16 02:41 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program 2014-05-06 00:40 - 2014-05-25 09:34 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 00:17 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 23:25 - 2014-05-25 09:34 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 23:07 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 23:00 - 2014-05-25 09:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 22:10 - 2014-05-25 09:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll Some content of TEMP: ==================== C:\Users\Les\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 00:20 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02 Ran by Les at 2014-05-28 01:39:29 Running from C:\Users\Les\Desktop\PopUp Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version: - ) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies) AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - ) Belkin Automatic Power Management Software (HKLM-x32\...\Belkin Automatic Power Management Software) (Version: 2.3.0.6 - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform) CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version: - ) CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.107 - MSI) Combined Community Codec Pack 2013-03-02 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.03.02.0 - CCCP Project) CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CrystalDiskMark 3.0.2e (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World) DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft) DivX 4.0 Final Codec (HKLM-x32\...\DivXCodec) (Version: - ) DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version: - ) Easy Duplicate Finder v. 2.2.1 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version: - EasyDuplicateFinder.com) EasyBCD 2.1 (HKLM-x32\...\EasyBCD) (Version: 2.1 - NeoSmart Technologies) EvilLyrics (HKLM-x32\...\EvilLyrics) (Version: - ) <==== ATTENTION Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.8 - MSI) ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - ) FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - ) Forté Agent (HKLM-x32\...\Forte Agent) (Version: 6.00 - Forté Internet Software, Inc.) Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version: - ) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LAV Filters 0.60.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.60.1 - Hendrik Leppkes) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden MadVR (remove only) (HKLM-x32\...\MadVR) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiPony 2.1.1 (HKLM-x32\...\MiPony) (Version: 2.1.1 - ) Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPC-HC 1.6.6.6957 (3975d54) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.6.6957 - MPC-HC Team) OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version: - ) OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version: - ) OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: - ) Paragon Hard Disk Manager™ 11 Server (HKLM-x32\...\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}) (Version: 90.00.0003 - Paragon Software) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.30 - Topala Software Solutions) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2020.14 - TuneUp Software) Hidden TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.) TVersity Media Server Pro 2.4 (HKLM-x32\...\TVersity Media Server Pro) (Version: 2.4 - TVersity) Ultra Video Joiner 6.3.0103 (HKLM-x32\...\Ultra Video Joiner_is1) (Version: - Aone Software) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VueScan (HKLM\...\VueScan) (Version: - ) WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST) WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH) WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. ) Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.8.0.1101 - Xilisoft) XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version: - ) Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1746A278-1C7E-4708-811C-0AA9B191C769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software) Task: {19C0E852-3997-48DD-A0E4-16B2EB8AC627} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.) Task: {1B80D6B5-2231-4291-A25D-5E8E9027354C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {26D59E2E-423D-481B-953D-AE59107F726F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd) Task: {35DB3D34-B4C4-4DF3-9B73-004C3E9E460C} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-12] () Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION Task: {6826976B-DFFA-46F1-ACFA-E3FCBEFBB17C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {733AE50C-BE22-40BF-B25A-1AE1F259EAF6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {7F455179-CF41-40C5-80E6-B8A01874FE4A} - System32\Tasks\Sansa Dispatch => C:\Users\Les\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2013-06-20] (SanDisk Corporation) Task: {88AD309C-8007-4AD3-9740-7A4A161BE8FE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {93632E7A-3CFD-4139-825A-7030AB5B8E8B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {BE480E89-BA3E-40EE-8384-0965F88DBC6C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated) Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe Task: {D6A61A8C-A109-4E5E-A54E-B8EC780E544F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.) Task: {E1F32578-DDFC-45D5-891C-EA9124A91E72} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION Task: {FE810340-EF6D-4202-B127-6EFED12D30DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-03-24 06:50 - 2011-10-30 11:24 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2014-05-25 03:28 - 2014-05-25 03:28 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe 2013-08-29 12:08 - 2013-08-29 12:08 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2013-03-13 15:13 - 2013-03-13 15:13 - 05283624 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe 2013-03-15 05:40 - 2013-03-15 05:40 - 00045056 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jspWin.dll 2013-03-15 05:40 - 2013-03-15 05:40 - 00032768 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jusb.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00102184 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll 2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium.dll 2011-12-17 17:15 - 2011-12-17 17:15 - 00081704 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll 2011-12-17 17:15 - 2011-12-17 17:15 - 00556840 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll 2011-12-17 17:14 - 2011-12-17 17:14 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll 2011-12-17 17:15 - 2011-12-17 17:15 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll 2011-12-17 17:15 - 2011-12-17 17:15 - 00562072 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\System32\TrayIcon12.dll 2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium\berkelium.dll 2013-03-05 23:02 - 2013-03-05 23:02 - 01305102 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avcodec-52.dll 2013-03-05 23:02 - 2013-03-05 23:02 - 00096782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avutil-50.dll 2013-03-05 23:02 - 2013-03-05 23:02 - 00160782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avformat-52.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-05-09 19:23 - 2014-05-09 19:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll 2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: Futuremark SystemInfo Service => 3 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363 Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363 Exception code: 0x40000015 Fault offset: 0x0007da8a Faulting process id: 0x1170 Faulting application start time: 0xmbamservice.exe0 Faulting application path: mbamservice.exe1 Faulting module path: mbamservice.exe2 Report Id: mbamservice.exe3 System errors: ============= Microsoft Office Sessions: ========================= Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a117001cf7a3498eb1533C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exee2e5981d-e627-11e3-afa8-d43d7e90d9e5 CodeIntegrity Errors: =================================== Date: 2013-03-24 16:02:51.251 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-24 16:02:51.236 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-24 16:02:50.066 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-24 16:02:50.034 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 15822.91 MB Available physical RAM: 13367.36 MB Total Pagefile: 79112.71 MB Available Pagefile: 76525.71 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Patriot_Pyro_SE_240GB_Win7-64Pro) (Fixed) (Total:223.57 GB) (Free:166.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Toshiba_2TB_Misc_203GB) (Fixed) (Total:203.33 GB) (Free:177.15 GB) NTFS Drive e: (Seagate _2TB_Movies) (Fixed) (Total:1863.01 GB) (Free:816.01 GB) NTFS Drive f: (Toshiba_2TB_Data_1.7TB) (Fixed) (Total:1659.69 GB) (Free:593.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 4D2652EF) Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1E0C6B29) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77EA1D8F) Partition 1: (Not Active) - (Size=203 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-416948500992) - (Type=07 NTFS) ==================== End Of Log ============================
  10. # AdwCleaner v3.211 - Report created 27/05/2014 at 22:35:41 # Updated 26/05/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Les - LES-PC # Running from : C:\Users\Les\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js File Found : C:\Users\Les\daemonprocess.txt Folder Found : C:\Program Files (x86)\adawaretb Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\driver-soft Folder Found : C:\Program Files (x86)\Toolbar Cleaner Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\blekko toolbars Folder Found : C:\Users\Les\AppData\LocalLow\adawaretb Folder Found : C:\Users\Les\AppData\LocalLow\PriceGong Folder Found : C:\Users\Les\AppData\Roaming\DriverCure Folder Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb Folder Found : C:\Users\Les\Documents\Mobogenie Folder Found : C:\Users\Les\Documents\PC Speed Maximizer ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software Key Found : HKCU\Software\AppDataLow\Software\Compete Key Found : HKCU\Software\AppDataLow\Software\Lyrics_Monkey Key Found : HKCU\Software\AVG SafeGuard toolbar Key Found : HKCU\Software\IM Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar Key Found : [x64] HKCU\Software\IM Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKLM\Software\adawaretb Key Found : HKLM\Software\AVG SafeGuard toolbar Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\Software\CompeteInc Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Found : HKLM\Software\Toolbar Cleaner Key Found : HKLM\Software\Uniblue Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ] Line Found : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [4306 octets] - [27/05/2014 22:35:41] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4366 octets] ########## ----------------------------------------------------------------------------------------------------------------- # AdwCleaner v3.211 - Report created 27/05/2014 at 22:42:41 # Updated 26/05/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Les - LES-PC # Running from : C:\Users\Les\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\Program Files (x86)\adawaretb Folder Deleted : C:\Program Files (x86)\driver-soft Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\Les\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Les\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Les\AppData\Roaming\DriverCure Folder Deleted : C:\Users\Les\Documents\Mobogenie Folder Deleted : C:\Users\Les\Documents\PC Speed Maximizer Folder Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb File Deleted : C:\Users\Les\daemonprocess.txt File Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\AppDataLow\Software Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\CompeteInc Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ] Line Deleted : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [4482 octets] - [27/05/2014 22:35:41] AdwCleaner[s0].txt - [4153 octets] - [27/05/2014 22:42:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4213 octets] ##########
  11. I have completed all the instructions you gave me and am posting the logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Les on Wed 05/28/2014 at 1:08:20.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Les\AppData\Roaming\ask4expert" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Les\AppData\Roaming\mozilla\firefox\profiles\bgiwwrqg.default-1366599260262\minidumps [27 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 05/28/2014 at 1:13:21.33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. Thank you so much for your help. You are awesome! Sorry but apparently there was another RogueKiller Report, when it was first run: RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Les [Admin rights] Mode : Scan -- Date : 05/27/2014 08:09:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [bROK VAL] HKCR\[...]\command : () -> MISSING ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++ --- User --- [MBR] afa0f3335d003a6ef4cdb3b0da111803 [bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++ --- User --- [MBR] 3926a7d4c51f43dfc7df32dc7cab84c3 [bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++ --- User --- [MBR] 514eea983f47cad9d32bf62f39816a66 [bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_05272014_080941.txt >>
  13. Over and over again, AVG Internet Security Keeps on Saying "Found MalSign.SearchSafer.F77." ... "Status: Object was blocked." When you click on more information, a webpage states: "This link on d2sci4fopfy9a2.cloudfront.net is safe for browsing http://d2sci4fopfy9a2.cloudfront.net/service/service.exe" --------------------------------------------------------------------------------------------------------------------------------------------- 18:45:30.0220 0x20e8 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03 18:45:36.0041 0x20e8 ============================================================ 18:45:36.0041 0x20e8 Current date / time: 2014/05/27 18:45:36.0041 18:45:36.0041 0x20e8 SystemInfo: 18:45:36.0041 0x20e8 18:45:36.0041 0x20e8 OS Version: 6.1.7601 ServicePack: 1.0 18:45:36.0041 0x20e8 Product type: Workstation 18:45:36.0041 0x20e8 ComputerName: LES-PC 18:45:36.0041 0x20e8 UserName: Les 18:45:36.0041 0x20e8 Windows directory: C:\Windows 18:45:36.0041 0x20e8 System windows directory: C:\Windows 18:45:36.0041 0x20e8 Running under WOW64 18:45:36.0041 0x20e8 Processor architecture: Intel x64 18:45:36.0041 0x20e8 Number of processors: 4 18:45:36.0041 0x20e8 Page size: 0x1000 18:45:36.0041 0x20e8 Boot type: Normal boot 18:45:36.0041 0x20e8 ============================================================ 18:45:36.0144 0x20e8 KLMD registered as C:\Windows\system32\drivers\33619643.sys 18:45:36.0254 0x20e8 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC} 18:45:36.0721 0x20e8 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:45:36.0986 0x20e8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:45:37.0002 0x20e8 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:45:37.0033 0x20e8 ============================================================ 18:45:37.0033 0x20e8 \Device\Harddisk0\DR0: 18:45:37.0033 0x20e8 MBR partitions: 18:45:37.0033 0x20e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800 18:45:37.0033 0x20e8 \Device\Harddisk1\DR1: 18:45:37.0033 0x20e8 MBR partitions: 18:45:37.0033 0x20e8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 18:45:37.0033 0x20e8 \Device\Harddisk2\DR2: 18:45:37.0033 0x20e8 MBR partitions: 18:45:37.0033 0x20e8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800 18:45:37.0033 0x20e8 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763 18:45:37.0033 0x20e8 ============================================================ 18:45:37.0049 0x20e8 C: <-> \Device\Harddisk0\DR0\Partition1 18:45:37.0059 0x20e8 F: <-> \Device\Harddisk2\DR2\Partition2 18:45:37.0074 0x20e8 D: <-> \Device\Harddisk2\DR2\Partition1 18:45:37.0142 0x20e8 E: <-> \Device\Harddisk1\DR1\Partition1 18:45:37.0142 0x20e8 ============================================================ 18:45:37.0142 0x20e8 Initialize success 18:45:37.0142 0x20e8 ============================================================ 18:45:59.0019 0x20bc Deinitialize success --------------------------------------------------------------------------------------------------------------------------------------------------------- I had a problem with RougueKiller and it left three reports: RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Les [Admin rights] Mode : Scan -- Date : 05/27/2014 10:04:34 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [bROK VAL] HKCR\[...]\command : () -> MISSING ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++ --- User --- [MBR] afa0f3335d003a6ef4cdb3b0da111803 [bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++ --- User --- [MBR] 3926a7d4c51f43dfc7df32dc7cab84c3 [bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++ --- User --- [MBR] 514eea983f47cad9d32bf62f39816a66 [bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_05272014_100434.txt >> ------------------------------------------------------------------------------------------------------------ RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Les [Admin rights] Mode : Remove -- Date : 05/27/2014 10:05:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NOT SELECTED [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [bROK VAL] HKCR\[...]\command : () -> NOT SELECTED ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++ --- User --- [MBR] afa0f3335d003a6ef4cdb3b0da111803 [bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++ --- User --- [MBR] 3926a7d4c51f43dfc7df32dc7cab84c3 [bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++ --- User --- [MBR] 514eea983f47cad9d32bf62f39816a66 [bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_D_05272014_100537.txt >> RKreport[0]_S_05272014_100434.txt ------------------------------------------------------------------------------------------------------------------- RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Les [Admin rights] Mode : HOSTSFix -- Date : 05/27/2014 10:05:59 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com [...] ¤¤¤ Reset HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[0]_H_05272014_100559.txt >> RKreport[0]_D_05272014_100537.txt;RKreport[0]_S_05272014_100434.txt
  14. 1. I no longer am getting the popups. 2. I Uninstalled & reinstalled MBAM & the real time protection is now working! 3. MBAM came up with PUP's. What should I do with them? 4.Thank you so much!!! 5. MBAMscan log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/27/2014 Scan Time: 11:15:34 AM Logfile: MBAM.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.27.06 Rootkit Database: v2014.05.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Les Scan Type: Threat Scan Result: Completed Objects Scanned: 270057 Time Elapsed: 4 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2810094668-4147885114-852093014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lrcsmonkey@lrcsmonkey.net, C:\Program Files (x86)\Lyrics_Monkey\128.xpi, , [174b5ef8522970c6e19e4893db28d62a] Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin, , [154d85d11e5d7db9888e602ab44e639d], Files: 4 PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul, , [154d85d11e5d7db9888e602ab44e639d], PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css, , [154d85d11e5d7db9888e602ab44e639d], Physical Sectors: 0 (No malicious items detected) (end)
  15. 1. Done 2. But MAW Premium: "Your system is not fully protected." Real time protection: No protection. Fix now does not work. 3.Whats next? 4 Combofix log: ComboFix 14-05-27.02 - Les 05/27/2014 10:29:57.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.15823.13867 [GMT -4:00] Running from: c:\users\Les\Desktop\ComboFix.exe AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Les\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url c:\users\Les\Documents\~WRL0005.tmp . . ((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 ))))))))))))))))))))))))))))))) . . 2014-05-27 14:33 . 2014-05-27 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-27 14:18 . 2014-05-27 14:18 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\offreg.dll 2014-05-27 14:15 . 2014-05-27 14:15 -------- d-----w- C:\TDSSKiller_Quarantine 2014-05-27 13:58 . 2014-05-27 13:58 -------- d-----w- c:\windows\ERUNT 2014-05-27 11:28 . 2014-05-27 11:28 177680 ----a-w- c:\windows\system32\mfevtps.exe.7d45.deleteme 2014-05-27 09:20 . 2014-05-27 11:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2014-05-27 09:20 . 2014-05-27 09:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-05-27 07:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\mpengine.dll 2014-05-27 00:20 . 2014-05-27 06:25 -------- d-----w- C:\temp 2014-05-26 23:42 . 2014-05-26 23:43 -------- d-----w- C:\FRST 2014-05-26 06:45 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-05-25 13:34 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll 2014-05-25 13:34 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-05-25 13:34 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-25 13:34 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-25 13:12 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll 2014-05-25 13:11 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll 2014-05-25 13:11 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-25 08:54 . 2014-05-27 11:31 -------- d-----w- c:\program files\stinger 2014-05-25 08:38 . 2014-05-27 00:24 -------- d-----w- c:\program files\pcreg 2014-05-25 08:34 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\63D1.tmp 2014-05-25 08:34 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\F095.tmp 2014-05-25 08:20 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\390B.tmp 2014-05-25 08:19 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C8E9.tmp 2014-05-25 08:09 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\3FD2.tmp 2014-05-25 08:09 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\CA45.tmp 2014-05-25 08:08 . 2014-05-25 09:51 -------- d-----w- c:\program files (x86)\Sophos 2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atiu9pag.dll 2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\TrayIcon12.dll 2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atiuxpag.dll 2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atidxx32.dll 2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\aticfx32.dll 2014-05-24 14:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2014-05-24 13:22 . 2013-04-29 13:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2014-05-24 13:22 . 2014-05-24 13:22 -------- d-----w- c:\windows\SysWow64\DASBOOT 2014-05-24 13:09 . 2014-05-27 14:18 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-24 13:09 . 2014-05-27 11:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-05-24 13:09 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-24 13:09 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-13 18:20 . 2014-05-13 18:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2014-05-13 18:20 . 2014-05-13 18:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2014-05-13 18:06 . 2014-05-13 18:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys 2014-05-13 18:05 . 2014-05-13 18:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2014-05-13 18:05 . 2014-05-13 18:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys 2014-05-13 18:05 . 2014-05-13 18:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2014-05-13 18:04 . 2014-05-13 18:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2014-05-13 18:04 . 2014-05-13 18:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-25 13:15 . 2014-04-05 23:08 93223848 ----a-w- c:\windows\system32\MRT.exe 2014-05-14 08:38 . 2013-03-15 20:22 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-14 08:38 . 2013-03-15 20:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-05-12 11:25 . 2013-08-25 09:46 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2014-04-06 02:08 . 2014-04-06 02:08 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-04-06 02:07 . 2014-04-06 02:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-04-06 02:07 . 2014-04-06 02:07 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-04-06 02:07 . 2014-04-06 02:07 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-04-06 02:07 . 2014-04-06 02:07 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-04-06 02:07 . 2014-04-06 02:07 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-04-06 02:07 . 2014-04-06 02:07 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-04-06 02:07 . 2014-04-06 02:07 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-04-06 02:07 . 2014-04-06 02:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-04-06 02:07 . 2014-04-06 02:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-04-06 02:07 . 2014-04-06 02:07 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-04-06 02:07 . 2014-04-06 02:07 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-04-06 02:07 . 2014-04-06 02:07 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-04-06 02:07 . 2014-04-06 02:07 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-04-06 02:07 . 2014-04-06 02:07 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-04-06 02:07 . 2014-04-06 02:07 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-04-06 02:07 . 2014-04-06 02:07 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-04-06 02:07 . 2014-04-06 02:07 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-04-06 02:07 . 2014-04-06 02:07 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-04-06 02:07 . 2014-04-06 02:07 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-04-06 02:07 . 2014-04-06 02:07 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-04-06 02:07 . 2014-04-06 02:07 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-04-06 02:07 . 2014-04-06 02:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-04-06 02:07 . 2014-04-06 02:07 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-04-06 02:07 . 2014-04-06 02:07 413696 ----a-w- c:\windows\system32\html.iec 2014-04-06 02:07 . 2014-04-06 02:07 247808 ----a-w- c:\windows\system32\msls31.dll 2014-04-06 02:07 . 2014-04-06 02:07 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-04-06 02:07 . 2014-04-06 02:07 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-04-06 02:07 . 2014-04-06 02:07 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-04-06 02:07 . 2014-04-06 02:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-04-06 02:07 . 2014-04-06 02:07 81408 ----a-w- c:\windows\system32\icardie.dll 2014-04-06 02:07 . 2014-04-06 02:07 774144 ----a-w- c:\windows\system32\jscript.dll 2014-04-06 02:07 . 2014-04-06 02:07 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-04-06 02:07 . 2014-04-06 02:07 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-04-06 02:07 . 2014-04-06 02:07 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-04-06 02:07 . 2014-04-06 02:07 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-04-06 02:07 . 2014-04-06 02:07 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-04-06 02:07 . 2014-04-06 02:07 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-04-06 02:07 . 2014-04-06 02:07 235520 ----a-w- c:\windows\system32\url.dll 2014-04-06 02:07 . 2014-04-06 02:07 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-04-06 02:07 . 2014-04-06 02:07 147968 ----a-w- c:\windows\system32\occache.dll 2014-04-06 02:07 . 2014-04-06 02:07 143872 ----a-w- c:\windows\system32\wextract.exe 2014-04-06 02:07 . 2014-04-06 02:07 13824 ----a-w- c:\windows\system32\mshta.exe 2014-04-06 02:07 . 2014-04-06 02:07 135680 ----a-w- c:\windows\system32\iepeers.dll 2014-04-06 02:07 . 2014-04-06 02:07 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-04-06 02:07 . 2014-04-06 02:07 101376 ----a-w- c:\windows\system32\inseng.dll 2014-03-19 19:27 . 2014-03-19 19:27 76496 ----a-w- c:\windows\system32\drivers\dc3d.sys 2014-03-19 19:23 . 2014-03-19 19:23 50896 ----a-w- c:\windows\system32\drivers\point64.sys 2014-03-06 09:31 . 2014-04-11 17:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-03-06 08:59 . 2014-04-11 17:53 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-03-06 08:57 . 2014-04-11 17:53 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-03-06 08:57 . 2014-04-11 17:53 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-03-06 08:53 . 2014-04-11 17:53 2767360 ----a-w- c:\windows\system32\iertutil.dll 2014-03-06 08:40 . 2014-04-11 17:53 51200 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-06 08:39 . 2014-04-11 17:53 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-03-06 08:32 . 2014-04-11 17:53 574976 ----a-w- c:\windows\system32\ieui.dll 2014-03-06 08:29 . 2014-04-11 17:53 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-06 08:29 . 2014-04-11 17:53 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-03-06 08:28 . 2014-04-11 17:53 752640 ----a-w- c:\windows\system32\jscript9diag.dll 2014-03-06 08:15 . 2014-04-11 17:53 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-03-06 08:11 . 2014-04-11 17:53 5784064 ----a-w- c:\windows\system32\jscript9.dll 2014-03-06 08:09 . 2014-04-11 17:53 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2014-03-06 08:03 . 2014-04-11 17:53 586240 ----a-w- c:\windows\system32\ie4uinit.exe 2014-03-06 08:02 . 2014-04-11 17:53 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-03-06 08:02 . 2014-04-11 17:53 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-03-06 08:01 . 2014-04-11 17:53 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-03-06 07:56 . 2014-04-11 17:53 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-03-06 07:48 . 2014-04-11 17:53 195584 ----a-w- c:\windows\system32\msrating.dll 2014-03-06 07:46 . 2014-04-11 17:53 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-06 07:42 . 2014-04-11 17:53 296960 ----a-w- c:\windows\system32\dxtrans.dll 2014-03-06 07:38 . 2014-04-11 17:53 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-06 07:36 . 2014-04-11 17:53 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-03-06 07:21 . 2014-04-11 17:53 628736 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-06 07:13 . 2014-04-11 17:53 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-03-06 07:11 . 2014-04-11 17:53 2043904 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-06 06:53 . 2014-04-11 17:53 13551104 ----a-w- c:\windows\system32\ieframe.dll 2014-03-06 06:40 . 2014-04-11 17:53 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-06 06:22 . 2014-04-11 17:53 2260480 ----a-w- c:\windows\system32\wininet.dll 2014-03-06 05:58 . 2014-04-11 17:53 1400832 ----a-w- c:\windows\system32\urlmon.dll 2014-03-06 05:50 . 2014-04-11 17:53 846336 ----a-w- c:\windows\system32\ieapfltr.dll 2014-03-06 05:41 . 2014-04-11 17:53 1789440 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-04 09:44 . 2014-04-11 17:50 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-03-04 09:44 . 2014-04-11 17:50 243712 ----a-w- c:\windows\system32\wow64.dll 2014-03-04 09:44 . 2014-04-11 17:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-03-04 09:44 . 2014-04-11 17:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-03-04 09:44 . 2014-04-11 17:50 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-03-04 09:17 . 2014-04-11 17:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-03-04 09:17 . 2014-04-11 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-04 09:16 . 2014-04-11 17:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-03-04 09:16 . 2014-04-11 17:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-03-04 08:09 . 2014-04-11 17:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-03-04 08:09 . 2014-04-11 17:50 2048 ----a-w- c:\windows\SysWow64\user.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456] "BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2013-03-15 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\63D1.tmp;c:\windows\SYSNATIVE\63D1.tmp [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x] S2 BelkinAPMmonitor;BelkinAPMmonitor;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [x] S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BelkinAPMRMI;BelkinAPMRMI;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 37645424 *Deregistered* - 37645424 *Deregistered* - avgtp . Contents of the 'Scheduled Tasks' folder . 2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 08:38] . 2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19] . 2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://my.yahoo.com/?mkg=015 mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-01242760.sys SafeBoot-37645424.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\63D1.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
  16. 1. Thank you so much for your expert help! I have been strugling with this all night without sleep and many hours before. Bless you! 2. I had previously scaned and deleted all using the settings you specified in MalwareBytes 2.0.2 3. Your link RogueKiller 64 bit does not work. It says web page not found. 4. I was unable to paste the RogueKiller log in Internet Explorer but could with FireFox. 5. Please advise me how to proceed ASAP Thank you. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Les [Admin rights] Mode : Scan -- Date : 05/27/2014 08:09:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [bROK VAL] HKCR\[...]\command : () -> MISSING ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++ --- User --- [MBR] afa0f3335d003a6ef4cdb3b0da111803 [bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++ --- User --- [MBR] 3926a7d4c51f43dfc7df32dc7cab84c3 [bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++ --- User --- [MBR] 514eea983f47cad9d32bf62f39816a66 [bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_05272014_080941.txt >>
  17. Please help me as I am desperate! I have run Farbar. First.Txt, Addition.txt & Previous post.txt are included. I have disabled uTorrent and mipony will not run them during the diagnostics or assistance. Thank you so much! Les FRST.txt Addition.txt Previous posts.txt
  18. Update: Innovation-Citys.com IP 24.10.15.65 was also blocked so it is not just from one website.
  19. Thank you Spam Hunters for your reply. All the popups appear to be as a result of the same IP 192.162.19.34 under names such as Travels-Search.com, Satisfaction-Search.com, Documents-Search.com, Submissions-Search.Com, Helped-Search.com. They are all outgoing and happen even when the browser is not active. Is this indicative of an infection? And how can I stop this or block the website? Thanks again.
  20. I have the latest premium version of your program. Recently, perhaps after it upgraded, I have been getting constant (every second or two) popups saying a malicious website was blocked -- over and over again. Outbound sites including Joye-Luck.com are shown over and over again as being blocked. Why do I need to see this thousands of times - or at all? These popups so annoying that I have had to shut off malicious website blocking - even though I would prefer to have it on. Before doing that I have spent over three hours using various AV, anti-rootkit, cleaners & removal tools to try to eliminate the sources. I feel that your next revision should have a setting option to allow the protection while not showing the popups for malicious website blocking. If checked it would still display other threats. The popups are huge and distracting about 4"x4" on my 23" screen. They should be made smaller. What can be done to help? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.