Jump to content

thunder834

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Done, I've said it already, but thanks a tonne, it has been a great learning experience. Keep up what you do, it is a much needed and effective service. Let me know if anything else is needed. Once more, I owe you one.
  2. The system is running sluggishly, but I can only assume that it is the i3 processor and lack of care that it is slow. All signs of anything harmful is gone. I would like to know if I am clear to run adware cleaner and do a general clean up of the pc, or if you would reccomend any other steps. Thanks again. ComboFix 14-06-10.01 - BRIAN 11/06/2014 18:42:10.1.4 - x64Running from: c:\users\BRIAN\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\system..((((((((((((((((((((((((( Files Created from 2014-05-11 to 2014-06-11 )))))))))))))))))))))))))))))))..2014-06-11 05:47 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-06-11 05:46 . 2014-06-11 05:47 -------- d-----w- C:\AdwCleaner2014-06-10 22:10 . 2014-06-11 05:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-06-10 22:10 . 2014-06-10 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-06-10 22:10 . 2014-06-10 22:10 -------- d-----w- c:\programdata\Malwarebytes2014-06-10 22:10 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-06-10 22:10 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-06-10 22:10 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-06-10 22:09 . 2014-06-10 22:09 -------- d-----w- c:\users\BRIAN\AppData\Local\Programs2014-06-06 02:50 . 2014-06-10 05:20 -------- d-----w- C:\FRST2014-05-24 01:15 . 2014-05-24 01:16 -------- d-----w- c:\program files (x86)\AddThis Toolbar2014-05-23 23:31 . 2014-05-23 23:31 -------- d-----w- c:\programdata\Oracle2014-05-23 23:31 . 2014-05-23 23:31 -------- d-----w- c:\program files (x86)\Common Files\Java2014-05-23 23:31 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-23 17:53 . 2013-11-22 15:07 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-05-19 10:27 . 2012-04-01 09:24 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-19 10:27 . 2011-10-08 19:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-18 02:45 . 2011-02-09 19:49 93223848 ----a-w- c:\windows\system32\MRT.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files (x86)\AddThis Toolbar\Helper.dll" [2014-05-24 361472].[HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}][HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1][HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}][HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]2014-05-24 01:16 1624576 ----a-w- c:\program files (x86)\AddThis Toolbar\Toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files (x86)\AddThis Toolbar\Toolbar.dll" [2014-05-24 1624576].[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}][HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}][HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-09 39408]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdfsfltr]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Trufos]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 HP1319EWS;HP1319EWS;c:\windows\system32\Drivers\HP1319EWS.sys;c:\windows\SYSNATIVE\Drivers\HP1319EWS.sys [x]R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\Drivers\HP1319FAX.sys;c:\windows\SYSNATIVE\Drivers\HP1319FAX.sys [x]R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [x]R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]R4 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]R4 ServicepointService;ServicepointService;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [x]R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]R4 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\SysWOW64\drivers\AVGIDSEH.sys;c:\windows\SysWOW64\drivers\AVGIDSEH.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-25 01:37 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:27].2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 17:43].2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 17:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m3910&r=17360211d706p0415v1i5w4721u793mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m3910&r=17360211d706p0415v1i5w4721u793mLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 216.104.98.222 216.104.96.22.- - - - ORPHANS REMOVED - - - -.BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dllToolbar-Locked - (no file)Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dllSafeBoot-scanBHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dllToolbar-Locked - (no file)Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2618832000-1614312418-3965872917-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2618832000-1614312418-3965872917-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.**************************************************************************.Completion time: 2014-06-11 18:57:17 - machine was rebootedComboFix-quarantined-files.txt 2014-06-11 22:57.Pre-Run: 877,313,306,624 bytes freePost-Run: 882,056,433,664 bytes free.- - End Of File - - CF91E5AA0FA1A8C18C36BA69038A2F30
  3. I am able to reply for the questions, but will run combofix when I can monitor it after work. Again, thanks for the assistance. I am doing this for a computer illiterate person who runs a business and, as none of my own fixes worked, it's appreciated. The Interpol rogue is gone and I do not observe any signs of it. After shutting off the computer via start menu, the computer installed 150 new files. The computer remained clean. I have some prior experience with combofix and will follow all steps, posting another reply in several hours with the results. I will also relay all relevant information to the owner of the computer. Thanks.
  4. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/06/2014 Scan Time: 6:12:20 PM Logfile: ScanLog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.10.08 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: BRIAN Scan Type: Custom Scan Result: Completed Objects Scanned: 613653 Time Elapsed: 6 hr, 33 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 136 PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ShopAtHome.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ShopAtHome.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SearchProviderManager.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SearchProviderManager, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SearchProviderManager, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SearchProviderManager.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DC4F1329-2852-42D3-83F1-ED8DF06E3EC7}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ComObject.DeskbarEnabler.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ComObject.DeskbarEnabler, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ComObject.DeskbarEnabler, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ComObject.DeskbarEnabler.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{03E4029F-C6AE-4EA3-90D0-B5486E6E7B27}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{24A03F91-74C3-4F6B-9B90-AFCBB66550F2}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77D7FD01-77CB-4DF4-B734-8964873C4864}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03E4029F-C6AE-4EA3-90D0-B5486E6E7B27}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{24A03F91-74C3-4F6B-9B90-AFCBB66550F2}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77D7FD01-77CB-4DF4-B734-8964873C4864}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.ShopAtHome.3, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.IEToolbar, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.IEToolbar.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.ShopAtHome.3, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], Trojan.Vundo, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [6f430e657b00b18552c978f4cf33d62a], Trojan.Vundo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [6f430e657b00b18552c978f4cf33d62a], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}, Quarantined, [268cf47f8af1fc3a1f0caacace34a858], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E5D4A0-EB88-496F-86FB-98245CC7E2BF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37077AAC-4B01-4F6C-BC26-BA1749F82E6C}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{598C6DDE-F8F9-40F8-A285-D046EBCAC0C7}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{613AF196-98A9-47EA-B023-C482A35809A6}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{754C9F4B-EE14-4091-ADDD-7B86143B8A78}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8356EB36-940E-4D90-B333-1C4B6CD9D6A5}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8EBC7B5B-3382-41F2-BE35-8EFCB1391F1A}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{983C8B61-9671-4455-B0CA-1F3EE75A7FD3}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A098BA94-2F87-4F4F-9062-185ED50DCDB4}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A09DA3F5-AD91-4D71-A5B9-C1CD1AFAE277}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ADEE9C4F-57F7-4B98-8FB6-6998B87E66CF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF7C3D1C-67F5-4CDA-9FD7-B9194FF00067}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C4FA00B4-4C70-47B4-B81A-D5B7A2119A88}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DD0074D1-BA7D-4169-856D-BFBE6C3D6E52}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE8A03FE-E65F-4EA2-92B4-42FFAE92FEEC}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F98AABFC-EC60-465B-BFC2-AE281A1FE08D}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7AD4FE-7792-4906-8FCE-9367D1BF3C30}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E5D4A0-EB88-496F-86FB-98245CC7E2BF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37077AAC-4B01-4F6C-BC26-BA1749F82E6C}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{598C6DDE-F8F9-40F8-A285-D046EBCAC0C7}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{613AF196-98A9-47EA-B023-C482A35809A6}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{754C9F4B-EE14-4091-ADDD-7B86143B8A78}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8356EB36-940E-4D90-B333-1C4B6CD9D6A5}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8EBC7B5B-3382-41F2-BE35-8EFCB1391F1A}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{983C8B61-9671-4455-B0CA-1F3EE75A7FD3}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A098BA94-2F87-4F4F-9062-185ED50DCDB4}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A09DA3F5-AD91-4D71-A5B9-C1CD1AFAE277}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ADEE9C4F-57F7-4B98-8FB6-6998B87E66CF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AF7C3D1C-67F5-4CDA-9FD7-B9194FF00067}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C4FA00B4-4C70-47B4-B81A-D5B7A2119A88}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DD0074D1-BA7D-4169-856D-BFBE6C3D6E52}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE8A03FE-E65F-4EA2-92B4-42FFAE92FEEC}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F98AABFC-EC60-465B-BFC2-AE281A1FE08D}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7AD4FE-7792-4906-8FCE-9367D1BF3C30}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [2d85fc770378ab8b6d045111da27d12f], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopAtHome.com Toolbar, Quarantined, [dcd6f083720972c4531f0b5723de37c9], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{76481128-CCDC-4073-8F65-B06F23B138FC}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EDB980C4-AAC0-41A8-A406-2FB4D196B0D8}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EDB980C4-AAC0-41A8-A406-2FB4D196B0D8}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{76481128-CCDC-4073-8F65-B06F23B138FC}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ShopAtHome.com, Quarantined, [ebc73b3808735adc01f42b898b77ca36], PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [c2f00271c8b35bdbaf46d4dfc141a55b], Registry Values: 2 PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [cfe3e68d067586b00858d16c14ee15eb], Registry Data: 0 (No malicious items detected) Folders: 8 PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts, Quarantined, [4d6579fafb802610b3843163b34f1ae6], PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr, Quarantined, [4d6579fafb802610b3843163b34f1ae6], PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr\1.bin, Quarantined, [4d6579fafb802610b3843163b34f1ae6], PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome, Quarantined, [4d6579fafb802610b3843163b34f1ae6], Files: 53 PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], Trojan.FakeMS.SVSGen, C:\Users\BRIAN\AppData\Local\Temp\wst.dll, Quarantined, [981a92e11a61c96d3567ea82a35e2fd1], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe, Quarantined, [2c862d4632490f27c5ada7bbb74a669a], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C108646402_D1_R1048162.exe, Quarantined, [7f33a0d35d1ea29477fb352dd130ab55], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\HttpHandle302.dll, Quarantined, [842e2f440378f73fb4bd96cc41c03ac6], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe, Quarantined, [1b97a7cc5427013595dc75edd8298977], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll, Quarantined, [2d85fc770378ab8b6d045111da27d12f], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe, Quarantined, [06ac79fa1467a09686eb6ef4d52cdf21], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe, Quarantined, [8b27492a5922a393ec85bea4f01115eb], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAHPlugin.dll, Quarantined, [7a38f3806a1192a492df431f34cd08f8], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe, Quarantined, [dcd6f083720972c4531f0b5723de37c9], Trojan.FakeMS.SVSGen, C:\FRST\Quarantine\C\ProgramData\9056597ABA2EC027A08021CC59397722\ejrshjz8.cpp.xBAD, Quarantined, [258d78fb2f4cd2645c4091db1ee3ab55], Trojan.FakeMS, C:\FRST\Quarantine\C\ProgramData\9056597ABA2EC027A08021CC59397722\9056597ABA2EC027A08021CC59397722\8zjhsrje.dot, Quarantined, [f8ba2350fb807fb7c7e3ff784bb6e719], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\install.log, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\alert.html, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\autoupdate-config.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\basis.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\Exec.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\logo.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\merchants.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postinstallurl.txt, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postuninstallurl.txt, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\prefs.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\uninst.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-restaurant.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\basis.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ClearHist.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\icons.bmp, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\logo.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\minus.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\plus.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\Prefs.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-alert.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-clearsearch.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-comment.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-contests.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freecoupons.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freesamples.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-go.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-grocerycoupons.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-information.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-mysah.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-options.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-wishlist.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAH_favicon.ico, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbCommonUtils.dll, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbHelper2.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_externalsearch.js, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_showhidetoolbar.js, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Homepage.url, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Uninstall.lnk, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], Physical Sectors: 0 (No malicious items detected) (end)
  5. Edit: Contents of FRST.txt mentioned in orginal post. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by SYSTEM on MININT-E90OBL0 on 05-06-2014 18:51:03 Running from L:\ Platform: Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-15] (APN) HKLM-x32\...\Run: [shopAtHomeWatcher] => C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [128656 2014-01-14] (ShopAtHome.com) HKLM-x32\...\Run: [shopAtHomeUpdater] => C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [201872 2014-01-14] (ShopAtHome.com) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\BRIAN\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-09] (Google Inc.) HKU\BRIAN\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.) HKU\BRIAN\...\Policies\Explorer: [HideSCAHealth] 1 HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] () HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] () Startup: C:\Users\BRIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk ShortcutTarget: explorer.lnk -> C:\ProgramData\9056597ABA2EC027A08021CC59397722\ejrshjz8.cpp (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-15] (APN LLC.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-04-23] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.) S4 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1487624 2009-06-08] (Raxco Software, Inc.) S4 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1481992 2009-06-08] (Raxco Software, Inc.) S4 RadialpointIDSAgent; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [5832712 2009-11-02] (AVG Technologies CZ, s.r.o.) S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () S4 ServicepointService; C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [689464 2011-01-06] (Radialpoint Inc.) S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] () S2 Winmgmt; C:\ProgramData\9056597ABA2EC027A08021CC59397722\8zjhsrje.dot [333052 2014-06-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S4 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-12-13] (BitDefender) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.) S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.) S3 RadialpointIDSDriver; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [132616 2009-11-02] (AVG Technologies ) S0 RadialpointIDSEH; C:\Windows\SysWow64\drivers\AVGIDSEH.sys [27144 2009-11-02] (AVG Technologies ) S3 RadialpointIDSFilter; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [35848 2009-11-02] (AVG Technologies ) S3 RPPKT; C:\Windows\System32\DRIVERS\rp_pkt64.sys [59136 2012-07-21] (Radialpoint, Inc.) S2 RPSKT; C:\Windows\System32\DRIVERS\rp_skt64.sys [71456 2012-07-21] (Radialpoint Inc.) S1 StarOpen; No ImagePath S4 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2011-12-13] (BitDefender S.R.L.) S2 Radialpoint Security Services; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 18:50 - 2014-06-05 18:51 - 00000000 ____D () C:\FRST 2014-06-04 13:43 - 2014-06-04 13:44 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4068-F.txt 2014-06-03 16:04 - 2014-06-03 16:04 - 00000356 _____ () C:\ProgramData\RUNDLL32.EXE-3240-F.txt 2014-06-03 15:58 - 2014-06-03 16:02 - 00002498 _____ () C:\ProgramData\RUNDLL32.EXE-3028-F.txt 2014-06-03 14:37 - 2014-06-03 15:48 - 00031177 _____ () C:\ProgramData\RUNDLL32.EXE-2896-F.txt 2014-06-03 10:32 - 2014-06-03 11:06 - 00018652 _____ () C:\ProgramData\RUNDLL32.EXE-3084-F.txt 2014-06-03 10:28 - 2014-06-03 10:31 - 00001280 _____ () C:\ProgramData\RUNDLL32.EXE-4352-F.txt 2014-06-03 10:27 - 2014-06-03 10:28 - 00000966 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt 2014-06-03 05:59 - 2014-06-03 08:35 - 00023666 _____ () C:\ProgramData\RUNDLL32.EXE-3040-F.txt 2014-06-03 01:08 - 2014-06-03 01:36 - 00015647 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt 2014-06-02 18:04 - 2014-06-02 18:23 - 00010771 _____ () C:\ProgramData\RUNDLL32.EXE-3376-F.txt 2014-06-02 16:25 - 2014-06-02 16:57 - 00018098 _____ () C:\ProgramData\RUNDLL32.EXE-3136-F.txt 2014-06-02 12:34 - 2014-06-02 12:39 - 00003446 _____ () C:\ProgramData\RUNDLL32.EXE-3696-F.txt 2014-06-02 11:34 - 2014-06-02 11:54 - 00009962 _____ () C:\ProgramData\RUNDLL32.EXE-3808-F.txt 2014-06-02 11:02 - 2014-06-02 11:05 - 00002091 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt 2014-06-02 10:39 - 2014-06-02 10:59 - 00011169 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt 2014-06-02 10:36 - 2014-06-02 10:38 - 00001000 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt 2014-06-02 10:09 - 2014-06-02 10:36 - 00015363 _____ () C:\ProgramData\RUNDLL32.EXE-3604-F.txt 2014-06-02 10:07 - 2014-06-02 10:09 - 00001143 _____ () C:\ProgramData\RUNDLL32.EXE-2992-F.txt 2014-06-02 08:15 - 2014-06-02 08:39 - 00014030 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt 2014-06-02 07:34 - 2014-06-02 07:35 - 00000981 _____ () C:\ProgramData\RUNDLL32.EXE-3764-F.txt 2014-06-02 07:28 - 2014-06-02 07:33 - 00002954 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt 2014-06-02 06:27 - 2014-06-02 06:30 - 00002299 _____ () C:\ProgramData\RUNDLL32.EXE-2928-F.txt 2014-06-02 05:19 - 2014-06-02 06:12 - 00017099 _____ () C:\ProgramData\RUNDLL32.EXE-2204-F.txt 2014-06-02 04:25 - 2014-06-02 04:52 - 00015351 _____ () C:\ProgramData\RUNDLL32.EXE-2668-F.txt 2014-06-02 01:13 - 2014-06-02 03:37 - 00022354 _____ () C:\ProgramData\RUNDLL32.EXE-3232-F.txt 2014-06-01 23:57 - 2014-06-02 00:30 - 00018757 _____ () C:\ProgramData\RUNDLL32.EXE-3076-F.txt 2014-06-01 18:47 - 2014-06-01 18:58 - 00006143 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt 2014-06-01 18:14 - 2014-06-01 18:25 - 00006268 _____ () C:\ProgramData\RUNDLL32.EXE-2676-F.txt 2014-06-01 17:45 - 2014-06-01 17:46 - 00000775 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt 2014-06-01 17:42 - 2014-06-01 17:42 - 00000242 _____ () C:\ProgramData\RUNDLL32.EXE-4308-F.txt 2014-06-01 17:33 - 2014-06-01 17:42 - 00005190 _____ () C:\ProgramData\RUNDLL32.EXE-4188-F.txt 2014-06-01 17:25 - 2014-06-01 17:30 - 00002952 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt 2014-06-01 17:17 - 2014-06-01 17:23 - 00003647 _____ () C:\ProgramData\RUNDLL32.EXE-4232-F.txt 2014-06-01 17:11 - 2014-06-01 17:13 - 00001437 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt 2014-06-01 17:08 - 2014-06-01 17:09 - 00000290 _____ () C:\ProgramData\RUNDLL32.EXE-4472-F.txt 2014-06-01 17:04 - 2014-06-01 17:08 - 00002197 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt 2014-06-01 16:26 - 2014-06-01 17:01 - 00012485 _____ () C:\ProgramData\RUNDLL32.EXE-3120-F.txt 2014-06-01 16:18 - 2014-06-01 16:24 - 00003156 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt 2014-06-01 16:15 - 2014-06-03 05:25 - 00052593 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt 2014-06-01 16:04 - 2014-06-01 16:10 - 00003551 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt 2014-06-01 16:01 - 2014-06-02 10:01 - 00013220 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt 2014-06-01 15:58 - 2014-06-01 15:59 - 00000717 _____ () C:\ProgramData\RUNDLL32.EXE-5768-F.txt 2014-06-01 15:57 - 2014-06-01 15:57 - 00000482 _____ () C:\ProgramData\RUNDLL32.EXE-3116-F.txt 2014-06-01 15:54 - 2014-06-01 15:56 - 00001372 _____ () C:\ProgramData\RUNDLL32.EXE-4364-F.txt 2014-06-01 15:46 - 2014-06-01 15:54 - 00000000 ____D () C:\ProgramData\9056597ABA2EC027A08021CC59397722 2014-05-29 07:13 - 2014-05-29 07:13 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini 2014-05-29 07:13 - 2014-05-29 07:13 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\ShopAtHome 2014-05-29 07:09 - 2014-05-29 07:09 - 00010337 _____ () C:\Users\BRIAN\Documents\BARRELL OF GOODIES 2013.xlsx 2014-05-28 06:56 - 2014-05-28 06:56 - 13316096 _____ () C:\Users\BRIAN\CALVARY GOSPEL CHURCH DEC 2013 (Backup 28 May 2014 10 56 AM)CALVARY.QBB 2014-05-27 10:33 - 2014-05-27 12:47 - 00011375 _____ () C:\Users\BRIAN\Documents\SPUD BUGGY 2013.xlsx 2014-05-26 06:37 - 2014-05-26 08:38 - 00013919 _____ () C:\Users\BRIAN\Documents\CURLING CLUB SALES MARCH 2014.xlsx 2014-05-23 17:15 - 2014-05-23 17:16 - 00000000 ____D () C:\Program Files (x86)\AddThis Toolbar 2014-05-23 16:31 - 2014-05-23 16:31 - 00000134 _____ () C:\Users\BRIAN\Desktop\Internet Explorer Troubleshooting.url 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\APN 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-05-23 15:31 - 2014-05-23 15:31 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-23 15:31 - 2014-04-14 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-23 15:31 - 2014-04-14 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-23 15:31 - 2014-04-14 16:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-23 15:31 - 2014-04-14 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-23 15:30 - 2014-05-23 15:31 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log ==================== One Month Modified Files and Folders ======= 2014-06-05 18:51 - 2014-06-05 18:50 - 00000000 ____D () C:\FRST 2014-06-05 13:59 - 2010-09-16 12:13 - 02096842 _____ () C:\Windows\WindowsUpdate.log 2014-06-05 13:59 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-05 13:59 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-05 13:55 - 2011-02-09 09:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-05 13:53 - 2009-07-13 20:51 - 00153979 _____ () C:\Windows\setupact.log 2014-06-05 13:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-04 13:44 - 2014-06-04 13:43 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4068-F.txt 2014-06-04 13:43 - 2011-02-09 09:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-04 13:43 - 2011-02-09 09:09 - 00000000 ____D () C:\Users\BRIAN\AppData\Local\Temp 2014-06-04 13:42 - 2009-07-13 21:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-03 16:04 - 2014-06-03 16:04 - 00000356 _____ () C:\ProgramData\RUNDLL32.EXE-3240-F.txt 2014-06-03 16:02 - 2014-06-03 15:58 - 00002498 _____ () C:\ProgramData\RUNDLL32.EXE-3028-F.txt 2014-06-03 15:56 - 2013-11-15 02:39 - 01707364 _____ () C:\Windows\IE11_main.log 2014-06-03 15:48 - 2014-06-03 14:37 - 00031177 _____ () C:\ProgramData\RUNDLL32.EXE-2896-F.txt 2014-06-03 15:42 - 2012-04-01 01:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-03 15:37 - 2014-01-13 07:15 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\Skype 2014-06-03 14:54 - 2013-07-03 07:36 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-06-03 11:06 - 2014-06-03 10:32 - 00018652 _____ () C:\ProgramData\RUNDLL32.EXE-3084-F.txt 2014-06-03 10:31 - 2014-06-03 10:28 - 00001280 _____ () C:\ProgramData\RUNDLL32.EXE-4352-F.txt 2014-06-03 10:28 - 2014-06-03 10:27 - 00000966 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt 2014-06-03 08:35 - 2014-06-03 05:59 - 00023666 _____ () C:\ProgramData\RUNDLL32.EXE-3040-F.txt 2014-06-03 05:25 - 2014-06-01 16:15 - 00052593 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt 2014-06-03 01:36 - 2014-06-03 01:08 - 00015647 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt 2014-06-02 18:23 - 2014-06-02 18:04 - 00010771 _____ () C:\ProgramData\RUNDLL32.EXE-3376-F.txt 2014-06-02 16:57 - 2014-06-02 16:25 - 00018098 _____ () C:\ProgramData\RUNDLL32.EXE-3136-F.txt 2014-06-02 12:39 - 2014-06-02 12:34 - 00003446 _____ () C:\ProgramData\RUNDLL32.EXE-3696-F.txt 2014-06-02 11:54 - 2014-06-02 11:34 - 00009962 _____ () C:\ProgramData\RUNDLL32.EXE-3808-F.txt 2014-06-02 11:05 - 2014-06-02 11:02 - 00002091 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt 2014-06-02 10:59 - 2014-06-02 10:39 - 00011169 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt 2014-06-02 10:38 - 2014-06-02 10:36 - 00001000 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt 2014-06-02 10:36 - 2014-06-02 10:09 - 00015363 _____ () C:\ProgramData\RUNDLL32.EXE-3604-F.txt 2014-06-02 10:09 - 2014-06-02 10:07 - 00001143 _____ () C:\ProgramData\RUNDLL32.EXE-2992-F.txt 2014-06-02 10:01 - 2014-06-01 16:01 - 00013220 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt 2014-06-02 08:39 - 2014-06-02 08:15 - 00014030 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt 2014-06-02 07:35 - 2014-06-02 07:34 - 00000981 _____ () C:\ProgramData\RUNDLL32.EXE-3764-F.txt 2014-06-02 07:33 - 2014-06-02 07:28 - 00002954 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt 2014-06-02 06:30 - 2014-06-02 06:27 - 00002299 _____ () C:\ProgramData\RUNDLL32.EXE-2928-F.txt 2014-06-02 06:12 - 2014-06-02 05:19 - 00017099 _____ () C:\ProgramData\RUNDLL32.EXE-2204-F.txt 2014-06-02 04:52 - 2014-06-02 04:25 - 00015351 _____ () C:\ProgramData\RUNDLL32.EXE-2668-F.txt 2014-06-02 03:37 - 2014-06-02 01:13 - 00022354 _____ () C:\ProgramData\RUNDLL32.EXE-3232-F.txt 2014-06-02 00:30 - 2014-06-01 23:57 - 00018757 _____ () C:\ProgramData\RUNDLL32.EXE-3076-F.txt 2014-06-01 18:58 - 2014-06-01 18:47 - 00006143 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt 2014-06-01 18:25 - 2014-06-01 18:14 - 00006268 _____ () C:\ProgramData\RUNDLL32.EXE-2676-F.txt 2014-06-01 17:46 - 2014-06-01 17:45 - 00000775 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt 2014-06-01 17:42 - 2014-06-01 17:42 - 00000242 _____ () C:\ProgramData\RUNDLL32.EXE-4308-F.txt 2014-06-01 17:42 - 2014-06-01 17:33 - 00005190 _____ () C:\ProgramData\RUNDLL32.EXE-4188-F.txt 2014-06-01 17:30 - 2014-06-01 17:25 - 00002952 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt 2014-06-01 17:23 - 2014-06-01 17:17 - 00003647 _____ () C:\ProgramData\RUNDLL32.EXE-4232-F.txt 2014-06-01 17:13 - 2014-06-01 17:11 - 00001437 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt 2014-06-01 17:09 - 2014-06-01 17:08 - 00000290 _____ () C:\ProgramData\RUNDLL32.EXE-4472-F.txt 2014-06-01 17:08 - 2014-06-01 17:04 - 00002197 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt 2014-06-01 17:01 - 2014-06-01 16:26 - 00012485 _____ () C:\ProgramData\RUNDLL32.EXE-3120-F.txt 2014-06-01 16:24 - 2014-06-01 16:18 - 00003156 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt 2014-06-01 16:10 - 2014-06-01 16:04 - 00003551 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt 2014-06-01 15:59 - 2014-06-01 15:58 - 00000717 _____ () C:\ProgramData\RUNDLL32.EXE-5768-F.txt 2014-06-01 15:57 - 2014-06-01 15:57 - 00000482 _____ () C:\ProgramData\RUNDLL32.EXE-3116-F.txt 2014-06-01 15:56 - 2014-06-01 15:54 - 00001372 _____ () C:\ProgramData\RUNDLL32.EXE-4364-F.txt 2014-06-01 15:54 - 2014-06-01 15:46 - 00000000 ____D () C:\ProgramData\9056597ABA2EC027A08021CC59397722 2014-06-01 03:40 - 2014-01-19 03:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-01 03:40 - 2010-09-16 12:09 - 00223458 _____ () C:\Windows\PFRO.log 2014-05-31 16:38 - 2014-01-19 02:41 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-31 16:38 - 2014-01-19 02:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-05-29 07:26 - 2011-02-10 08:40 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\SoftGrid Client 2014-05-29 07:13 - 2014-05-29 07:13 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini 2014-05-29 07:13 - 2014-05-29 07:13 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\ShopAtHome 2014-05-29 07:09 - 2014-05-29 07:09 - 00010337 _____ () C:\Users\BRIAN\Documents\BARRELL OF GOODIES 2013.xlsx 2014-05-28 06:56 - 2014-05-28 06:56 - 13316096 _____ () C:\Users\BRIAN\CALVARY GOSPEL CHURCH DEC 2013 (Backup 28 May 2014 10 56 AM)CALVARY.QBB 2014-05-28 06:56 - 2011-02-09 09:09 - 00000000 ____D () C:\users\BRIAN 2014-05-28 04:47 - 2009-07-13 21:13 - 00796684 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-05-27 12:47 - 2014-05-27 10:33 - 00011375 _____ () C:\Users\BRIAN\Documents\SPUD BUGGY 2013.xlsx 2014-05-27 09:21 - 2014-02-07 11:55 - 00013259 _____ () C:\Users\BRIAN\Documents\D & D FABRICATORS 2014 PAYROLL.xlsx 2014-05-26 08:38 - 2014-05-26 06:37 - 00013919 _____ () C:\Users\BRIAN\Documents\CURLING CLUB SALES MARCH 2014.xlsx 2014-05-24 17:43 - 2012-09-05 16:51 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-23 17:16 - 2014-05-23 17:15 - 00000000 ____D () C:\Program Files (x86)\AddThis Toolbar 2014-05-23 16:44 - 2014-02-14 03:12 - 310684512 _____ () C:\Users\BRIAN\Downloads\TXPT1212013.exe 2014-05-23 16:44 - 2014-02-12 12:21 - 309930848 _____ () C:\Users\BRIAN\Downloads\TXPT1202013.exe 2014-05-23 16:31 - 2014-05-23 16:31 - 00000134 _____ () C:\Users\BRIAN\Desktop\Internet Explorer Troubleshooting.url 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\APN 2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-05-23 15:31 - 2014-05-23 15:31 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-23 15:31 - 2014-05-23 15:30 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-23 15:31 - 2013-04-24 15:06 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-23 09:58 - 2013-11-22 06:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-05-23 07:58 - 2013-07-03 07:24 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-05-19 02:27 - 2012-04-01 01:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-19 02:27 - 2012-04-01 01:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-19 02:27 - 2011-10-08 11:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-17 18:47 - 2013-08-02 03:51 - 00000000 ____D () C:\Windows\System32\MRT 2014-05-17 18:45 - 2011-02-09 11:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-05-09 12:50 - 2011-02-09 09:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 12:50 - 2011-02-09 09:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 09:55 - 2011-02-15 07:53 - 00000000 ____D () C:\Users\BRIAN\Desktop\2009 clients Some content of TEMP: ==================== C:\Users\BRIAN\AppData\Local\Temp\APNSetup.exe C:\Users\BRIAN\AppData\Local\Temp\ApnStub.exe C:\Users\BRIAN\AppData\Local\Temp\contentDATs.exe C:\Users\BRIAN\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\BRIAN\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\BRIAN\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\BRIAN\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\BRIAN\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\BRIAN\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\BRIAN\AppData\Local\Temp\OfficeSetup.exe C:\Users\BRIAN\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\BRIAN\AppData\Local\Temp\setup.exe C:\Users\BRIAN\AppData\Local\Temp\wst.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-05-31 18:47:59 Restore point made on: 2014-06-01 03:47:53 Restore point made on: 2014-06-01 09:07:57 Restore point made on: 2014-06-01 15:16:16 Restore point made on: 2014-06-01 18:26:28 Restore point made on: 2014-06-01 18:58:39 Restore point made on: 2014-06-02 00:07:55 Restore point made on: 2014-06-02 00:31:13 Restore point made on: 2014-06-02 03:37:55 Restore point made on: 2014-06-02 04:53:17 Restore point made on: 2014-06-02 05:30:58 Restore point made on: 2014-06-02 06:13:11 Restore point made on: 2014-06-02 08:39:33 Restore point made on: 2014-06-02 10:32:34 Restore point made on: 2014-06-02 11:54:53 Restore point made on: 2014-06-02 16:37:04 Restore point made on: 2014-06-02 16:58:12 Restore point made on: 2014-06-02 18:23:37 Restore point made on: 2014-06-03 01:20:10 Restore point made on: 2014-06-03 01:37:12 Restore point made on: 2014-06-03 07:21:52 Restore point made on: 2014-06-03 14:47:33 Restore point made on: 2014-06-03 15:49:27 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3959.07 MB Available physical RAM: 3175.83 MB Total Pagefile: 3957.22 MB Available Pagefile: 3177.68 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:910.41 GB) (Free:812.01 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:21 GB) (Free:9.78 GB) NTFS Drive l: (RESCUE) (Removable) (Total:1.95 GB) (Free:1.91 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 54A10AB5) Partition 1: (Not Active) - (Size=21 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=910 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 2 GB) (Disk ID: 7EB63169) Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS) LastRegBack: 2014-06-02 04:47 ==================== End Of Log ============================
  6. Posting this because I have run out of options. Would appreciate any help given as I am doing this for another person and am really pressed for time. Again, thanks in advance. Desktop running windows 7 home premium was infected with a Canadian localized Interpol Ransomware. I tried to boot from a usb with Kickstart Hitman Pro and from a DVD with Kaspersky Rescue - none of these methods worked.Trying to boot from a usb by editing both the boot order (f12) and the boot order in the bios resulted in a black screen prompting me to select the type of generic usb I wished to boot from, an indicator that it was not recognising the usb. As a side note, I will mention that I tested the usb before hand on a seperate pc and was successful.I will also mention that booting with safemode in any fashion results in a forced restart back to regular windows.After searching around, I came across this topic: https://forums.malwarebytes.org/index.php?showtopic=130366 and attempted the method first reccomended by MrCharlie using Farbar recovery. I went into advanced options and scanned the system, obtaining the text file FRST.txt. The usb I used is currently still in the problem computer (which is still running with the FRST.txt document open after the scan) and, as every situation like this is unique, I decided to post this before continuing with any other steps. My question now is, do I press the Fix button on the Farbar Recovery Software (to the right of the scan button), or do I shut down the computer, remove the usb, and recover FRST.txt and post it here before continuing. As I mentioned, I am pressed for time. Thanks again in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.