lesvdavis
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by lesvdavis
-
-
I ran the security check & will update Java. Log:
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2014
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2014
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgemc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
-
Thank you so much!!!!! I have run MB and AV scans and everything seems fine so far. I cannot express how greatful I am!!!!
-
I am sorry for not responding sooner, but I was in the hospital and have just returned. I Ran FRST and the log is above. I do not have Chrome set up on this computer. Do I need to do anything about its preferences?
Thank uou.
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Les at 2014-05-30 17:46:43 Run:1
Running from C:\Users\Les\Desktop\PopUp\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\pcreg
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] ()
2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg
C:\Users\Les\AppData\Local\Temp\Quarantine.exe
Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe
Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File
Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe
*****************
C:\Program Files\pcreg => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
pcregservice => Service stopped successfully.
pcregservice => Service deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
C:\Users\Les\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.
==== End of Fixlog ====
-
#3. Part 2.
I am getting all sorts of weird errors when trying to post. Please let me know if you need the last 2 1/2 TDSS files and how to post them.
Thank you again for your wonderful and kind assistance!
-
#3. Part 1
10:16:06.0024 0x08b8 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
10:16:10.0332 0x08b8 ============================================================
10:16:10.0332 0x08b8 Current date / time: 2014/05/27 10:16:10.0332
10:16:10.0332 0x08b8 SystemInfo:
10:16:10.0332 0x08b8
10:16:10.0332 0x08b8 OS Version: 6.1.7601 ServicePack: 1.0
10:16:10.0332 0x08b8 Product type: Workstation
10:16:10.0332 0x08b8 ComputerName: LES-PC
10:16:10.0340 0x08b8 UserName: Les
10:16:10.0340 0x08b8 Windows directory: C:\Windows
10:16:10.0340 0x08b8 System windows directory: C:\Windows
10:16:10.0340 0x08b8 Running under WOW64
10:16:10.0340 0x08b8 Processor architecture: Intel x64
10:16:10.0340 0x08b8 Number of processors: 4
10:16:10.0340 0x08b8 Page size: 0x1000
10:16:10.0340 0x08b8 Boot type: Normal boot
10:16:10.0340 0x08b8 ============================================================
10:16:10.0341 0x08b8 BG loaded
10:16:10.0469 0x08b8 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
10:16:10.0927 0x08b8 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:10.0927 0x08b8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:10.0927 0x08b8 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:10.0971 0x08b8 ============================================================
10:16:10.0971 0x08b8 \Device\Harddisk0\DR0:
10:16:10.0971 0x08b8 MBR partitions:
10:16:10.0971 0x08b8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
10:16:10.0972 0x08b8 \Device\Harddisk1\DR1:
10:16:11.0156 0x08b8 MBR partitions:
10:16:11.0156 0x08b8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
10:16:11.0156 0x08b8 \Device\Harddisk2\DR2:
10:16:11.0156 0x08b8 MBR partitions:
10:16:11.0156 0x08b8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
10:16:11.0156 0x08b8 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
10:16:11.0156 0x08b8 ============================================================
10:16:11.0160 0x08b8 C: <-> \Device\Harddisk0\DR0\Partition1
10:16:11.0178 0x08b8 F: <-> \Device\Harddisk2\DR2\Partition2
10:16:11.0192 0x08b8 D: <-> \Device\Harddisk2\DR2\Partition1
10:16:11.0206 0x08b8 E: <-> \Device\Harddisk1\DR1\Partition1
10:16:11.0206 0x08b8 ============================================================
10:16:11.0206 0x08b8 Initialize success
10:16:11.0206 0x08b8 ============================================================
10:16:24.0555 0x14ec ============================================================
10:16:24.0555 0x14ec Scan started
10:16:24.0555 0x14ec Mode: Manual; SigCheck; TDLFS;
10:16:24.0555 0x14ec ============================================================
10:16:24.0555 0x14ec KSN ping started
10:16:38.0261 0x14ec KSN ping finished: true
10:16:38.0349 0x14ec ================ Scan system memory ========================
10:16:38.0349 0x14ec System memory - ok
10:16:38.0349 0x14ec ================ Scan services =============================
10:16:38.0382 0x14ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:16:38.0447 0x14ec 1394ohci - ok
10:16:38.0459 0x14ec [ B41D55A432DEBCB3A6D665A9ACEF42FE, BC62EDD4FBEE37015A18984527009DEB0F1B354E64BD3B73956063223A6945F6 ] 37645424 C:\Windows\system32\drivers\24676752.sys
10:16:38.0472 0x14ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:16:38.0487 0x14ec ACPI - ok
10:16:38.0491 0x14ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:16:38.0503 0x14ec AcpiPmi - ok
10:16:38.0523 0x14ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:38.0536 0x14ec AdobeFlashPlayerUpdateSvc - ok
10:16:38.0547 0x14ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:16:38.0565 0x14ec adp94xx - ok
10:16:38.0575 0x14ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:16:38.0590 0x14ec adpahci - ok
10:16:38.0596 0x14ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:16:38.0608 0x14ec adpu320 - ok
10:16:38.0614 0x14ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:16:38.0641 0x14ec AeLookupSvc - ok
10:16:38.0653 0x14ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
10:16:38.0674 0x14ec AFD - ok
10:16:38.0678 0x14ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:16:38.0688 0x14ec agp440 - ok
10:16:38.0692 0x14ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:16:38.0705 0x14ec ALG - ok
10:16:38.0709 0x14ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:16:38.0718 0x14ec aliide - ok
10:16:38.0725 0x14ec [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:16:38.0744 0x14ec AMD External Events Utility - ok
10:16:38.0747 0x14ec AMD FUEL Service - ok
10:16:38.0752 0x14ec [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193, E59E79AF44878AAC09DF5DE8CEDB9088800711553C7C7E358328274C116B46F9 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
10:16:38.0769 0x14ec amdhub30 - ok
10:16:38.0772 0x14ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:16:38.0781 0x14ec amdide - ok
10:16:38.0785 0x14ec [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:16:38.0793 0x14ec amdiox64 - ok
10:16:38.0797 0x14ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:16:38.0809 0x14ec AmdK8 - ok
10:16:39.0010 0x14ec [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:16:39.0265 0x14ec amdkmdag - ok
10:16:39.0292 0x14ec [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:16:39.0316 0x14ec amdkmdap - ok
10:16:39.0321 0x14ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:16:39.0332 0x14ec AmdPPM - ok
10:16:39.0337 0x14ec [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:16:39.0348 0x14ec amdsata - ok
10:16:39.0355 0x14ec [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:16:39.0367 0x14ec amdsbs - ok
10:16:39.0370 0x14ec [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:16:39.0379 0x14ec amdxata - ok
10:16:39.0386 0x14ec [ 541A6C49C792ED71FB3EFF8C815CFE60, BC8D740C980CA60C06364CB75BDA323A1604C4CFAF753FD8C44D2FF312C6C7E1 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
10:16:39.0397 0x14ec amdxhc - ok
10:16:39.0402 0x14ec [ A1434F35B7B171CB697D74D33F7D029F, 97688D8C388066D02036DEF388AD7D8BE55DB268185CECE88128195D87422496 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
10:16:39.0411 0x14ec amd_sata - ok
10:16:39.0414 0x14ec [ E9B5A82FA268BB2D1B012030D5F4E096, 9EBE4DD2B86EE62D5E47ED85FC6271FE66A5A564227C7C8B7A576FD54A2CFACB ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
10:16:39.0422 0x14ec amd_xata - ok
10:16:39.0425 0x14ec [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:16:39.0433 0x14ec AODDriver4.2 - ok
10:16:39.0437 0x14ec [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
10:16:39.0463 0x14ec AppID - ok
10:16:39.0468 0x14ec [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:16:39.0494 0x14ec AppIDSvc - ok
10:16:39.0498 0x14ec [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
10:16:39.0511 0x14ec Appinfo - ok
10:16:39.0517 0x14ec [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
10:16:39.0531 0x14ec AppMgmt - ok
10:16:39.0536 0x14ec [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
10:16:39.0546 0x14ec arc - ok
10:16:39.0550 0x14ec [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:16:39.0560 0x14ec arcsas - ok
10:16:39.0571 0x14ec [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:16:39.0582 0x14ec aspnet_state - ok
10:16:39.0586 0x14ec [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:39.0612 0x14ec AsyncMac - ok
10:16:39.0615 0x14ec [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:16:39.0624 0x14ec atapi - ok
10:16:39.0630 0x14ec [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:16:39.0642 0x14ec AtiHDAudioService - ok
10:16:39.0657 0x14ec [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:16:39.0697 0x14ec AudioEndpointBuilder - ok
10:16:39.0711 0x14ec [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:16:39.0751 0x14ec AudioSrv - ok
10:16:39.0759 0x14ec [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
10:16:39.0770 0x14ec Avgdiska - ok
10:16:39.0775 0x14ec [ CA10D51653068DB6A0ADEEDDC4946C47, 6E731B28C38ED2BA48CF4855EBBF8B548D45C8DB8ABD9521E5516227CA68072B ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:16:39.0783 0x14ec Avgfwfd - ok
10:16:39.0815 0x14ec [ E578BE6020D03900A2062778B6D52226, BCE022157B696FE21D95A4C4386264BF637803B0C32BB4DB5E9D8BA166D51F9A ] avgfws C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
10:16:39.0852 0x14ec avgfws - ok
10:16:39.0921 0x14ec [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
10:16:39.0997 0x14ec AVGIDSAgent - ok
10:16:40.0011 0x14ec [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:16:40.0023 0x14ec AVGIDSDriver - ok
10:16:40.0029 0x14ec [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
10:16:40.0041 0x14ec AVGIDSHA - ok
10:16:40.0048 0x14ec [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
10:16:40.0060 0x14ec Avgldx64 - ok
10:16:40.0069 0x14ec [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
10:16:40.0083 0x14ec Avgloga - ok
10:16:40.0089 0x14ec [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
10:16:40.0099 0x14ec Avgmfx64 - ok
10:16:40.0102 0x14ec [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
10:16:40.0111 0x14ec Avgrkx64 - ok
10:16:40.0119 0x14ec [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
10:16:40.0132 0x14ec Avgtdia - ok
10:16:40.0140 0x14ec [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
10:16:40.0153 0x14ec avgwd - ok
10:16:40.0159 0x14ec [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:16:40.0175 0x14ec AxInstSV - ok
10:16:40.0186 0x14ec [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:16:40.0210 0x14ec b06bdrv - ok
10:16:40.0218 0x14ec [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:16:40.0235 0x14ec b57nd60a - ok
10:16:40.0241 0x14ec [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
10:16:40.0253 0x14ec BDESVC - ok
10:16:40.0256 0x14ec [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:16:40.0282 0x14ec Beep - ok
10:16:40.0286 0x14ec BelkinAPMmonitor - ok
10:16:40.0289 0x14ec BelkinAPMRMI - ok
10:16:40.0306 0x14ec [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:16:40.0332 0x14ec BFE - ok
10:16:40.0350 0x14ec [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
10:16:40.0394 0x14ec BITS - ok
10:16:40.0399 0x14ec [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:16:40.0411 0x14ec blbdrive - ok
10:16:40.0415 0x14ec [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:16:40.0427 0x14ec bowser - ok
10:16:40.0431 0x14ec [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:16:40.0444 0x14ec BrFiltLo - ok
10:16:40.0447 0x14ec [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:16:40.0460 0x14ec BrFiltUp - ok
10:16:40.0465 0x14ec [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
-
Getting errors when trying to post #3. I will try again.
-
#2.
10:09:16.0677 0x1638 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
10:09:22.0777 0x1638 ============================================================
10:09:22.0777 0x1638 Current date / time: 2014/05/27 10:09:22.0777
10:09:22.0777 0x1638 SystemInfo:
10:09:22.0777 0x1638
10:09:22.0777 0x1638 OS Version: 6.1.7601 ServicePack: 1.0
10:09:22.0777 0x1638 Product type: Workstation
10:09:22.0777 0x1638 ComputerName: LES-PC
10:09:22.0778 0x1638 UserName: Les
10:09:22.0778 0x1638 Windows directory: C:\Windows
10:09:22.0778 0x1638 System windows directory: C:\Windows
10:09:22.0778 0x1638 Running under WOW64
10:09:22.0778 0x1638 Processor architecture: Intel x64
10:09:22.0778 0x1638 Number of processors: 4
10:09:22.0778 0x1638 Page size: 0x1000
10:09:22.0778 0x1638 Boot type: Normal boot
10:09:22.0778 0x1638 ============================================================
10:09:22.0873 0x1638 KLMD registered as C:\Windows\system32\drivers\10903881.sys
10:09:22.0982 0x1638 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
10:09:23.0423 0x1638 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0423 0x1638 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0660 0x1638 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0694 0x1638 ============================================================
10:09:23.0694 0x1638 \Device\Harddisk0\DR0:
10:09:23.0695 0x1638 MBR partitions:
10:09:23.0695 0x1638 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
10:09:23.0695 0x1638 \Device\Harddisk1\DR1:
10:09:23.0695 0x1638 MBR partitions:
10:09:23.0695 0x1638 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
10:09:23.0696 0x1638 \Device\Harddisk2\DR2:
10:09:23.0696 0x1638 MBR partitions:
10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
10:09:23.0696 0x1638 ============================================================
10:09:23.0697 0x1638 C: <-> \Device\Harddisk0\DR0\Partition1
10:09:23.0722 0x1638 F: <-> \Device\Harddisk2\DR2\Partition2
10:09:23.0736 0x1638 D: <-> \Device\Harddisk2\DR2\Partition1
10:09:23.0771 0x1638 E: <-> \Device\Harddisk1\DR1\Partition1
10:09:23.0772 0x1638 ============================================================
10:09:23.0772 0x1638 Initialize success
10:09:23.0772 0x1638 ============================================================
10:11:43.0342 0x0534 KLMD registered as C:\Windows\system32\drivers\68159747.sys
10:11:44.0316 0x0534 Deinitialize success
-
Will post 5 DSS logs seperately.
#1.
10:09:16.0677 0x1638 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
10:09:22.0777 0x1638 ============================================================
10:09:22.0777 0x1638 Current date / time: 2014/05/27 10:09:22.0777
10:09:22.0777 0x1638 SystemInfo:
10:09:22.0777 0x1638
10:09:22.0777 0x1638 OS Version: 6.1.7601 ServicePack: 1.0
10:09:22.0777 0x1638 Product type: Workstation
10:09:22.0777 0x1638 ComputerName: LES-PC
10:09:22.0778 0x1638 UserName: Les
10:09:22.0778 0x1638 Windows directory: C:\Windows
10:09:22.0778 0x1638 System windows directory: C:\Windows
10:09:22.0778 0x1638 Running under WOW64
10:09:22.0778 0x1638 Processor architecture: Intel x64
10:09:22.0778 0x1638 Number of processors: 4
10:09:22.0778 0x1638 Page size: 0x1000
10:09:22.0778 0x1638 Boot type: Normal boot
10:09:22.0778 0x1638 ============================================================
10:09:22.0873 0x1638 KLMD registered as C:\Windows\system32\drivers\10903881.sys
10:09:22.0982 0x1638 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
10:09:23.0423 0x1638 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0423 0x1638 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0660 0x1638 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0694 0x1638 ============================================================
10:09:23.0694 0x1638 \Device\Harddisk0\DR0:
10:09:23.0695 0x1638 MBR partitions:
10:09:23.0695 0x1638 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
10:09:23.0695 0x1638 \Device\Harddisk1\DR1:
10:09:23.0695 0x1638 MBR partitions:
10:09:23.0695 0x1638 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
10:09:23.0696 0x1638 \Device\Harddisk2\DR2:
10:09:23.0696 0x1638 MBR partitions:
10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
10:09:23.0696 0x1638 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
10:09:23.0696 0x1638 ============================================================
10:09:23.0697 0x1638 C: <-> \Device\Harddisk0\DR0\Partition1
10:09:23.0722 0x1638 F: <-> \Device\Harddisk2\DR2\Partition2
10:09:23.0736 0x1638 D: <-> \Device\Harddisk2\DR2\Partition1
10:09:23.0771 0x1638 E: <-> \Device\Harddisk1\DR1\Partition1
10:09:23.0772 0x1638 ============================================================
10:09:23.0772 0x1638 Initialize success
10:09:23.0772 0x1638 ============================================================
10:11:43.0342 0x0534 KLMD registered as C:\Windows\system32\drivers\68159747.sys
10:11:44.0316 0x0534 Deinitialize success
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Les (administrator) on LES-PC on 28-05-2014 01:39:11
Running from C:\Users\Les\Desktop\PopUp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Program Files\pcreg\pcreg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [belkinAPM] => C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe [114688 2013-03-15] (Macrovision)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-24]
FF Extension: Adblock Plus - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-16]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 BelkinAPMmonitor; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [114688 2013-03-15] (Macrovision)
R3 BelkinAPMRMI; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [114688 2013-03-15] (Macrovision)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] ()
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] ()
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-23] (GFI Software)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-04-12] (Paragon Software Group)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\63D1.tmp [6144 2011-05-12] (Sophos Plc)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 01:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 01:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt
2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt
2014-05-27 22:35 - 2014-05-28 01:03 - 00000000 ____D () C:\AdwCleaner
2014-05-27 22:35 - 2014-05-27 22:36 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt
2014-05-27 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt
2014-05-27 10:29 - 2014-05-27 10:34 - 00000000 ____D () C:\Qoobox
2014-05-27 10:29 - 2014-05-27 10:33 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:29 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 10:29 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 10:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-27 09:58 - 2014-05-28 01:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt
2014-05-27 08:04 - 2014-05-27 08:09 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine
2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 05:20 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-26 22:36 - 2014-05-28 01:39 - 00000000 ____D () C:\Users\Les\Desktop\PopUp
2014-05-26 19:42 - 2014-05-28 01:39 - 00000000 ____D () C:\FRST
2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-25 23:37 - 2014-05-28 01:20 - 00180030 _____ () C:\Windows\setupact.log
2014-05-25 23:37 - 2014-05-27 22:44 - 00002568 _____ () C:\Windows\PFRO.log
2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 09:34 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 09:34 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 09:34 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 09:34 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 09:34 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 09:34 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 09:13 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-25 09:13 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-25 09:13 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-25 09:13 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-25 09:13 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-25 09:13 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-25 09:13 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-25 09:13 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-25 09:13 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-25 09:13 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-25 09:13 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-25 09:13 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-25 09:13 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-25 09:12 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-25 09:11 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-25 09:11 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-25 09:11 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-25 04:54 - 2014-05-27 07:31 - 00000000 ____D () C:\Program Files\stinger
2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-25 04:38 - 2014-05-26 20:24 - 00000000 ____D () C:\Program Files\pcreg
2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\F095.tmp
2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\63D1.tmp
2014-05-25 04:20 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\390B.tmp
2014-05-25 04:19 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\C8E9.tmp
2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CA45.tmp
2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3FD2.tmp
2014-05-25 04:08 - 2014-05-25 05:51 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache
2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache
2014-05-24 10:08 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-05-24 09:22 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp
2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee
2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs
2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-09 19:23 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-05-28 01:39 - 2014-05-26 22:36 - 00000000 ____D () C:\Users\Les\Desktop\PopUp
2014-05-28 01:39 - 2014-05-26 19:42 - 00000000 ____D () C:\FRST
2014-05-28 01:38 - 2013-05-28 01:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 01:24 - 2013-05-26 05:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-28 01:24 - 2009-07-14 01:13 - 00786254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 01:23 - 2013-09-23 14:00 - 01397940 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-25 23:37 - 00180030 _____ () C:\Windows\setupact.log
2014-05-28 01:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt
2014-05-28 01:08 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 01:08 - 2013-03-14 20:56 - 00000000 ____D () C:\Users\Les\Documents\Outlook Files
2014-05-28 01:03 - 2014-05-27 22:35 - 00000000 ____D () C:\AdwCleaner
2014-05-27 23:18 - 2013-03-15 05:39 - 00000000 ____D () C:\Program Files (x86)\Belkin Automatic Power Management Software
2014-05-27 22:44 - 2014-05-25 23:37 - 00002568 _____ () C:\Windows\PFRO.log
2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt
2014-05-27 22:42 - 2013-09-23 14:01 - 00000000 ____D () C:\Users\Les
2014-05-27 22:36 - 2014-05-27 22:35 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt
2014-05-27 21:37 - 2013-03-16 22:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 21:37 - 2013-03-16 22:19 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 11:43 - 2013-03-16 22:19 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 11:43 - 2013-03-16 22:19 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 11:18 - 2014-05-25 04:38 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Malwarebytes
2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 11:06 - 2013-03-15 16:23 - 00042739 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt
2014-05-27 10:34 - 2014-05-27 10:29 - 00000000 ____D () C:\Qoobox
2014-05-27 10:34 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:33 - 2014-05-27 10:29 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:33 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 10:33 - 2009-07-13 22:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt
2014-05-27 08:09 - 2014-05-27 08:04 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine
2014-05-27 07:37 - 2014-05-27 05:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-27 07:37 - 2014-05-09 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-27 07:37 - 2014-04-26 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-27 07:37 - 2013-03-19 22:43 - 00000000 ____D () C:\Users\Les\AppData\Roaming\uTorrent
2014-05-27 07:37 - 2013-03-14 22:18 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-05-27 07:37 - 2013-03-14 02:10 - 00000000 ____D () C:\SuperChargerProfile
2014-05-27 07:37 - 2011-01-01 02:15 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-27 07:31 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files\stinger
2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 06:55 - 2014-03-31 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-27 06:48 - 2009-07-14 01:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 05:37 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-27 02:43 - 2013-06-29 18:56 - 00379038 _____ () C:\Users\Les\Desktop\- Knicks-.txt
2014-05-26 21:44 - 2013-03-15 14:52 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-05-26 20:24 - 2014-05-25 04:38 - 00000000 ____D () C:\Program Files\pcreg
2014-05-26 20:20 - 2013-09-23 15:24 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-26 01:26 - 2011-01-01 02:19 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Mipony
2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-25 09:37 - 2011-01-01 01:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-25 09:18 - 2014-04-05 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-25 09:15 - 2014-04-05 19:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 06:07 - 2013-03-20 05:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-25 05:51 - 2014-05-25 04:08 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-25 05:03 - 2013-10-21 16:24 - 00000000 ____D () C:\Windows\Minidump
2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache
2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache
2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp
2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee
2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs
2014-05-22 20:55 - 2013-03-15 22:59 - 00000000 ____D () C:\Users\Les\AppData\Roaming\MediaMonkey
2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-14 13:18 - 2013-03-19 22:44 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-05-14 04:38 - 2013-05-28 01:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 04:38 - 2013-03-15 16:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 04:38 - 2013-03-15 16:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 01:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 01:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 01:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 06:51 - 2013-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 02:14 - 2014-05-25 09:11 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-25 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 04:14 - 2013-03-15 16:23 - 01024098 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1
2014-05-06 23:41 - 2013-03-16 02:41 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-06 00:40 - 2014-05-25 09:34 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-25 09:34 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-25 09:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-25 09:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
Some content of TEMP:
====================
C:\Users\Les\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 00:20
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Les at 2014-05-28 01:39:29
Running from C:\Users\Les\Desktop\PopUp
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version: - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
Belkin Automatic Power Management Software (HKLM-x32\...\Belkin Automatic Power Management Software) (Version: 2.3.0.6 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version: - )
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.107 - MSI)
Combined Community Codec Pack 2013-03-02 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.03.02.0 - CCCP Project)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskMark 3.0.2e (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
DivX 4.0 Final Codec (HKLM-x32\...\DivXCodec) (Version: - )
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
Easy Duplicate Finder v. 2.2.1 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version: - EasyDuplicateFinder.com)
EasyBCD 2.1 (HKLM-x32\...\EasyBCD) (Version: 2.1 - NeoSmart Technologies)
EvilLyrics (HKLM-x32\...\EvilLyrics) (Version: - ) <==== ATTENTION
Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.8 - MSI)
ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - )
Forté Agent (HKLM-x32\...\Forte Agent) (Version: 6.00 - Forté Internet Software, Inc.)
Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version: - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAV Filters 0.60.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.60.1 - Hendrik Leppkes)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
MadVR (remove only) (HKLM-x32\...\MadVR) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiPony 2.1.1 (HKLM-x32\...\MiPony) (Version: 2.1.1 - )
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.6.6957 - MPC-HC Team)
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version: - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version: - )
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: - )
Paragon Hard Disk Manager™ 11 Server (HKLM-x32\...\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}) (Version: 90.00.0003 - Paragon Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.30 - Topala Software Solutions)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2020.14 - TuneUp Software) Hidden
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server Pro 2.4 (HKLM-x32\...\TVersity Media Server Pro) (Version: 2.4 - TVersity)
Ultra Video Joiner 6.3.0103 (HKLM-x32\...\Ultra Video Joiner_is1) (Version: - Aone Software)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VueScan (HKLM\...\VueScan) (Version: - )
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.8.0.1101 - Xilisoft)
XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version: - )
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-13 22:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1746A278-1C7E-4708-811C-0AA9B191C769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software)
Task: {19C0E852-3997-48DD-A0E4-16B2EB8AC627} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)
Task: {1B80D6B5-2231-4291-A25D-5E8E9027354C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {26D59E2E-423D-481B-953D-AE59107F726F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {35DB3D34-B4C4-4DF3-9B73-004C3E9E460C} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-12] ()
Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION
Task: {6826976B-DFFA-46F1-ACFA-E3FCBEFBB17C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {733AE50C-BE22-40BF-B25A-1AE1F259EAF6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7F455179-CF41-40C5-80E6-B8A01874FE4A} - System32\Tasks\Sansa Dispatch => C:\Users\Les\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2013-06-20] (SanDisk Corporation)
Task: {88AD309C-8007-4AD3-9740-7A4A161BE8FE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {93632E7A-3CFD-4139-825A-7030AB5B8E8B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {BE480E89-BA3E-40EE-8384-0965F88DBC6C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {D6A61A8C-A109-4E5E-A54E-B8EC780E544F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)
Task: {E1F32578-DDFC-45D5-891C-EA9124A91E72} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {FE810340-EF6D-4202-B127-6EFED12D30DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-24 06:50 - 2011-10-30 11:24 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-25 03:28 - 2014-05-25 03:28 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2013-08-29 12:08 - 2013-08-29 12:08 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-03-13 15:13 - 2013-03-13 15:13 - 05283624 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
2013-03-15 05:40 - 2013-03-15 05:40 - 00045056 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jspWin.dll
2013-03-15 05:40 - 2013-03-15 05:40 - 00032768 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jusb.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00102184 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll
2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium.dll
2011-12-17 17:15 - 2011-12-17 17:15 - 00081704 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll
2011-12-17 17:15 - 2011-12-17 17:15 - 00556840 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2011-12-17 17:14 - 2011-12-17 17:14 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2011-12-17 17:15 - 2011-12-17 17:15 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-12-17 17:15 - 2011-12-17 17:15 - 00562072 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\System32\TrayIcon12.dll
2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium\berkelium.dll
2013-03-05 23:02 - 2013-03-05 23:02 - 01305102 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avcodec-52.dll
2013-03-05 23:02 - 2013-03-05 23:02 - 00096782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avutil-50.dll
2013-03-05 23:02 - 2013-03-05 23:02 - 00160782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avformat-52.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-09 19:23 - 2014-05-09 19:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator
Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator
Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x1170
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator
Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator
Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a117001cf7a3498eb1533C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exee2e5981d-e627-11e3-afa8-d43d7e90d9e5
CodeIntegrity Errors:
===================================
Date: 2013-03-24 16:02:51.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 16:02:51.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 16:02:50.066
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 16:02:50.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 15822.91 MB
Available physical RAM: 13367.36 MB
Total Pagefile: 79112.71 MB
Available Pagefile: 76525.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Patriot_Pyro_SE_240GB_Win7-64Pro) (Fixed) (Total:223.57 GB) (Free:166.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Toshiba_2TB_Misc_203GB) (Fixed) (Total:203.33 GB) (Free:177.15 GB) NTFS
Drive e: (Seagate _2TB_Movies) (Fixed) (Total:1863.01 GB) (Free:816.01 GB) NTFS
Drive f: (Toshiba_2TB_Data_1.7TB) (Fixed) (Total:1659.69 GB) (Free:593.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 4D2652EF)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1E0C6B29)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77EA1D8F)
Partition 1: (Not Active) - (Size=203 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-416948500992) - (Type=07 NTFS)
==================== End Of Log ============================
-
# AdwCleaner v3.211 - Report created 27/05/2014 at 22:35:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Les - LES-PC
# Running from : C:\Users\Les\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js
File Found : C:\Users\Les\daemonprocess.txt
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\driver-soft
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\Les\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Les\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Les\AppData\Roaming\DriverCure
Folder Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb
Folder Found : C:\Users\Les\Documents\Mobogenie
Folder Found : C:\Users\Les\Documents\PC Speed Maximizer
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ]
Line Found : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4306 octets] - [27/05/2014 22:35:41]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4366 octets] ##########
-----------------------------------------------------------------------------------------------------------------
# AdwCleaner v3.211 - Report created 27/05/2014 at 22:42:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Les - LES-PC
# Running from : C:\Users\Les\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Les\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Les\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Les\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Les\Documents\Mobogenie
Folder Deleted : C:\Users\Les\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb
File Deleted : C:\Users\Les\daemonprocess.txt
File Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ]
Line Deleted : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4482 octets] - [27/05/2014 22:35:41]
AdwCleaner[s0].txt - [4153 octets] - [27/05/2014 22:42:41]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4213 octets] ##########
-
I have completed all the instructions you gave me and am posting the logs:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Les on Wed 05/28/2014 at 1:08:20.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Les\AppData\Roaming\ask4expert"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Les\AppData\Roaming\mozilla\firefox\profiles\bgiwwrqg.default-1366599260262\minidumps [27 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/28/2014 at 1:13:21.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
I have posted 5 TDSS Logs that I do not see here.
-
Thank you so much for your help. You are awesome!
Sorry but apparently there was another RogueKiller Report, when it was first run:
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 08:09:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command : () -> MISSING
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_S_05272014_080941.txt >>
-
Over and over again, AVG Internet Security Keeps on Saying "Found MalSign.SearchSafer.F77."
... "Status: Object was blocked."
When you click on more information, a webpage states:
"This link on d2sci4fopfy9a2.cloudfront.net is safe for browsing
http://d2sci4fopfy9a2.cloudfront.net/service/service.exe"
---------------------------------------------------------------------------------------------------------------------------------------------
18:45:30.0220 0x20e8 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
18:45:36.0041 0x20e8 ============================================================
18:45:36.0041 0x20e8 Current date / time: 2014/05/27 18:45:36.0041
18:45:36.0041 0x20e8 SystemInfo:
18:45:36.0041 0x20e8
18:45:36.0041 0x20e8 OS Version: 6.1.7601 ServicePack: 1.0
18:45:36.0041 0x20e8 Product type: Workstation
18:45:36.0041 0x20e8 ComputerName: LES-PC
18:45:36.0041 0x20e8 UserName: Les
18:45:36.0041 0x20e8 Windows directory: C:\Windows
18:45:36.0041 0x20e8 System windows directory: C:\Windows
18:45:36.0041 0x20e8 Running under WOW64
18:45:36.0041 0x20e8 Processor architecture: Intel x64
18:45:36.0041 0x20e8 Number of processors: 4
18:45:36.0041 0x20e8 Page size: 0x1000
18:45:36.0041 0x20e8 Boot type: Normal boot
18:45:36.0041 0x20e8 ============================================================
18:45:36.0144 0x20e8 KLMD registered as C:\Windows\system32\drivers\33619643.sys
18:45:36.0254 0x20e8 System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
18:45:36.0721 0x20e8 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:36.0986 0x20e8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:37.0002 0x20e8 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:37.0033 0x20e8 ============================================================
18:45:37.0033 0x20e8 \Device\Harddisk0\DR0:
18:45:37.0033 0x20e8 MBR partitions:
18:45:37.0033 0x20e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
18:45:37.0033 0x20e8 \Device\Harddisk1\DR1:
18:45:37.0033 0x20e8 MBR partitions:
18:45:37.0033 0x20e8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:45:37.0033 0x20e8 \Device\Harddisk2\DR2:
18:45:37.0033 0x20e8 MBR partitions:
18:45:37.0033 0x20e8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
18:45:37.0033 0x20e8 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
18:45:37.0033 0x20e8 ============================================================
18:45:37.0049 0x20e8 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:37.0059 0x20e8 F: <-> \Device\Harddisk2\DR2\Partition2
18:45:37.0074 0x20e8 D: <-> \Device\Harddisk2\DR2\Partition1
18:45:37.0142 0x20e8 E: <-> \Device\Harddisk1\DR1\Partition1
18:45:37.0142 0x20e8 ============================================================
18:45:37.0142 0x20e8 Initialize success
18:45:37.0142 0x20e8 ============================================================
18:45:59.0019 0x20bc Deinitialize success---------------------------------------------------------------------------------------------------------------------------------------------------------
I had a problem with RougueKiller and it left three reports:
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 10:04:34
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command : () -> MISSING
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_S_05272014_100434.txt >>
------------------------------------------------------------------------------------------------------------
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Remove -- Date : 05/27/2014 10:05:37
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[bROK VAL] HKCR\[...]\command : () -> NOT SELECTED
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_D_05272014_100537.txt >>
RKreport[0]_S_05272014_100434.txt
-------------------------------------------------------------------------------------------------------------------
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : HOSTSFix -- Date : 05/27/2014 10:05:59
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]
¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[0]_H_05272014_100559.txt >>
RKreport[0]_D_05272014_100537.txt;RKreport[0]_S_05272014_100434.txt
-
1. I no longer am getting the popups.
2. I Uninstalled & reinstalled MBAM & the real time protection is now working!
3. MBAM came up with PUP's. What should I do with them?
4.Thank you so much!!!
5. MBAMscan log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/27/2014
Scan Time: 11:15:34 AM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.05.27.06
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Les
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270057
Time Elapsed: 4 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2810094668-4147885114-852093014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lrcsmonkey@lrcsmonkey.net, C:\Program Files (x86)\Lyrics_Monkey\128.xpi, , [174b5ef8522970c6e19e4893db28d62a]
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin, , [154d85d11e5d7db9888e602ab44e639d],
Files: 4
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css, , [154d85d11e5d7db9888e602ab44e639d],
Physical Sectors: 0
(No malicious items detected)
(end) -
1. Done
2. But MAW Premium: "Your system is not fully protected." Real time protection: No protection. Fix now does not work.
3.Whats next?
4 Combofix log:
ComboFix 14-05-27.02 - Les 05/27/2014 10:29:57.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.15823.13867 [GMT -4:00]
Running from: c:\users\Les\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Les\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url
c:\users\Les\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-04-27 to 2014-05-27 )))))))))))))))))))))))))))))))
.
.
2014-05-27 14:33 . 2014-05-27 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-27 14:18 . 2014-05-27 14:18 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\offreg.dll
2014-05-27 14:15 . 2014-05-27 14:15 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-27 13:58 . 2014-05-27 13:58 -------- d-----w- c:\windows\ERUNT
2014-05-27 11:28 . 2014-05-27 11:28 177680 ----a-w- c:\windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 09:20 . 2014-05-27 11:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-05-27 09:20 . 2014-05-27 09:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-27 07:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\mpengine.dll
2014-05-27 00:20 . 2014-05-27 06:25 -------- d-----w- C:\temp
2014-05-26 23:42 . 2014-05-26 23:43 -------- d-----w- C:\FRST
2014-05-26 06:45 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-25 13:34 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-25 13:34 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-25 13:34 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-25 13:34 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-25 13:12 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-25 13:11 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-25 13:11 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-25 08:54 . 2014-05-27 11:31 -------- d-----w- c:\program files\stinger
2014-05-25 08:38 . 2014-05-27 00:24 -------- d-----w- c:\program files\pcreg
2014-05-25 08:34 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\63D1.tmp
2014-05-25 08:34 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\F095.tmp
2014-05-25 08:20 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\390B.tmp
2014-05-25 08:19 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C8E9.tmp
2014-05-25 08:09 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\3FD2.tmp
2014-05-25 08:09 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\CA45.tmp
2014-05-25 08:08 . 2014-05-25 09:51 -------- d-----w- c:\program files (x86)\Sophos
2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atiu9pag.dll
2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\TrayIcon12.dll
2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atiuxpag.dll
2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\atidxx32.dll
2014-05-24 14:19 . 2014-05-24 14:19 0 ----a-w- c:\windows\system32\aticfx32.dll
2014-05-24 14:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-05-24 13:22 . 2013-04-29 13:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-05-24 13:22 . 2014-05-24 13:22 -------- d-----w- c:\windows\SysWow64\DASBOOT
2014-05-24 13:09 . 2014-05-27 14:18 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-24 13:09 . 2014-05-27 11:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-24 13:09 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-24 13:09 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-13 18:20 . 2014-05-13 18:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 18:20 . 2014-05-13 18:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 18:06 . 2014-05-13 18:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 18:05 . 2014-05-13 18:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 18:05 . 2014-05-13 18:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 18:05 . 2014-05-13 18:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 18:04 . 2014-05-13 18:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 18:04 . 2014-05-13 18:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 13:15 . 2014-04-05 23:08 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 08:38 . 2013-03-15 20:22 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:38 . 2013-03-15 20:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25 . 2013-08-25 09:46 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-06 02:08 . 2014-04-06 02:08 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-04-06 02:07 . 2014-04-06 02:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-06 02:07 . 2014-04-06 02:07 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-04-06 02:07 . 2014-04-06 02:07 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-04-06 02:07 . 2014-04-06 02:07 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-04-06 02:07 . 2014-04-06 02:07 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-04-06 02:07 . 2014-04-06 02:07 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-06 02:07 . 2014-04-06 02:07 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-04-06 02:07 . 2014-04-06 02:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-04-06 02:07 . 2014-04-06 02:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-04-06 02:07 . 2014-04-06 02:07 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-04-06 02:07 . 2014-04-06 02:07 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-04-06 02:07 . 2014-04-06 02:07 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-04-06 02:07 . 2014-04-06 02:07 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-04-06 02:07 . 2014-04-06 02:07 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-04-06 02:07 . 2014-04-06 02:07 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-04-06 02:07 . 2014-04-06 02:07 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-04-06 02:07 . 2014-04-06 02:07 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-04-06 02:07 . 2014-04-06 02:07 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-04-06 02:07 . 2014-04-06 02:07 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-04-06 02:07 . 2014-04-06 02:07 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-04-06 02:07 . 2014-04-06 02:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-04-06 02:07 . 2014-04-06 02:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-04-06 02:07 . 2014-04-06 02:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-04-06 02:07 . 2014-04-06 02:07 413696 ----a-w- c:\windows\system32\html.iec
2014-04-06 02:07 . 2014-04-06 02:07 247808 ----a-w- c:\windows\system32\msls31.dll
2014-04-06 02:07 . 2014-04-06 02:07 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-04-06 02:07 . 2014-04-06 02:07 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-04-06 02:07 . 2014-04-06 02:07 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-04-06 02:07 . 2014-04-06 02:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-04-06 02:07 . 2014-04-06 02:07 81408 ----a-w- c:\windows\system32\icardie.dll
2014-04-06 02:07 . 2014-04-06 02:07 774144 ----a-w- c:\windows\system32\jscript.dll
2014-04-06 02:07 . 2014-04-06 02:07 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-04-06 02:07 . 2014-04-06 02:07 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-04-06 02:07 . 2014-04-06 02:07 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-04-06 02:07 . 2014-04-06 02:07 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-04-06 02:07 . 2014-04-06 02:07 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-04-06 02:07 . 2014-04-06 02:07 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-04-06 02:07 . 2014-04-06 02:07 235520 ----a-w- c:\windows\system32\url.dll
2014-04-06 02:07 . 2014-04-06 02:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-04-06 02:07 . 2014-04-06 02:07 147968 ----a-w- c:\windows\system32\occache.dll
2014-04-06 02:07 . 2014-04-06 02:07 143872 ----a-w- c:\windows\system32\wextract.exe
2014-04-06 02:07 . 2014-04-06 02:07 13824 ----a-w- c:\windows\system32\mshta.exe
2014-04-06 02:07 . 2014-04-06 02:07 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-04-06 02:07 . 2014-04-06 02:07 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-04-06 02:07 . 2014-04-06 02:07 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-19 19:27 . 2014-03-19 19:27 76496 ----a-w- c:\windows\system32\drivers\dc3d.sys
2014-03-19 19:23 . 2014-03-19 19:23 50896 ----a-w- c:\windows\system32\drivers\point64.sys
2014-03-06 09:31 . 2014-04-11 17:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 17:53 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 17:53 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 17:53 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 17:53 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 17:53 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 17:53 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 17:53 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 17:53 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 17:53 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 17:53 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 17:53 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 17:53 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 17:53 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 17:53 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 17:53 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 17:53 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 17:53 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 17:53 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 17:53 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 17:53 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 17:53 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 17:53 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 17:53 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 17:53 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 17:53 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 17:53 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 17:53 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 17:53 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 17:53 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 17:53 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 17:53 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 17:53 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-11 17:50 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-11 17:50 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-11 17:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-11 17:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-11 17:50 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-11 17:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-11 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-11 17:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-11 17:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-11 17:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-11 17:50 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2013-03-15 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\63D1.tmp;c:\windows\SYSNATIVE\63D1.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BelkinAPMmonitor;BelkinAPMmonitor;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BelkinAPMRMI;BelkinAPMRMI;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37645424
*Deregistered* - 37645424
*Deregistered* - avgtp
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 08:38]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://my.yahoo.com/?mkg=015
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-01242760.sys
SafeBoot-37645424.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\63D1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx" -
1. Thank you so much for your expert help! I have been strugling with this all night without sleep and many hours before. Bless you!
2. I had previously scaned and deleted all using the settings you specified in MalwareBytes 2.0.2
3. Your link RogueKiller 64 bit does not work. It says web page not found.
4. I was unable to paste the RogueKiller log in Internet Explorer but could with FireFox.
5. Please advise me how to proceed ASAP
Thank you.
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 08:09:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command : () -> MISSING
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_S_05272014_080941.txt >>
-
Please help me as I am desperate!
I have run Farbar.
First.Txt, Addition.txt & Previous post.txt are included.
I have disabled uTorrent and mipony will not run them during the diagnostics or assistance.
Thank you so much!
Les
-
Update: Innovation-Citys.com IP 24.10.15.65 was also blocked so it is not just from one website.
-
Thank you Spam Hunters for your reply. All the popups appear to be as a result of the same IP 192.162.19.34 under names such as Travels-Search.com, Satisfaction-Search.com, Documents-Search.com, Submissions-Search.Com, Helped-Search.com. They are all outgoing and happen even when the browser is not active.
Is this indicative of an infection?
And how can I stop this or block the website?
Thanks again.
-
I have the latest premium version of your program. Recently, perhaps after it upgraded, I have been getting constant (every second or two) popups saying a malicious website was blocked -- over and over again.
Outbound sites including Joye-Luck.com are shown over and over again as being blocked. Why do I need to see this thousands of times - or at all?
These popups so annoying that I have had to shut off malicious website blocking - even though I would prefer to have it on.
Before doing that I have spent over three hours using various AV, anti-rootkit, cleaners & removal tools to try to eliminate the sources.
I feel that your next revision should have a setting option to allow the protection while not showing the popups for malicious website blocking.
If checked it would still display other threats.
The popups are huge and distracting about 4"x4" on my 23" screen. They should be made smaller.
What can be done to help?
Thank you.
I'm infected with Constant Blocked Malicious Website Popups!
in Resolved Malware Removal Logs
Posted
Drive C:/ is an SSD.