Jump to content

cistern_eve

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by cistern_eve

  1. cistern_eve
    The log zoek-results would not attach, so I pasted it belwo. I have not encountered any redirects. Are there further steps? Thank you so much for your help. Regards, CE ********* Zoek.exe v5.0.0.0 Updated 22-06-2014 Tool run by Administrator on Mon 06/23/2014 at 10:21:26.17. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\jane_delgavio\Desktop\zoek\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6/23/2014 10:22:58 AM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 13 Plugin Adobe Reader 9.5.1 AVG 2014 Creative Lettering Super Combo Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition HL-5450DN Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft .NET Framework 4.5.1 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 - English Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Publisher 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Display Control Panel NVIDIA Graphics Driver 311.06 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components PVSonyDll Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition ShadowExplorer 0.9 Spybot - Search & Destroy Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Users\jane_delgavio\Desktop\zoek\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default\prefs.js: Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com/"); user_pref("browser.search.defaultenginename", "AVG Secure Search"); user_pref("keyword.URL", "http://isearch.avg.com/search?cid={23FDFCCA-3451-4469-A12D-CBC6ECC85656}&mid=1d1c52cb094647d6a5ddd1695e681824-e9207e168e288ad9e4a0a9107cbbf0a8057b8f44〈=en&ds=AVG&pr=fr&d=2012-10-03 09:25:49&pid=avg&sg=0&v=15.2.0.5&sap=ku&q="); Added to C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140623_1034_.backup ProfilePath: C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default user.js not found ---- Lines isearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- FireFox user.js and prefs.js backups ---- prefs_20140623_1034_.backup ==== Deleting Files \ Folders ====================== C:\Users\Administrator\Searches deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8190 MB CPU Info: AMD Athlon II X4 635 Processor CPU Speed: 2964.3 MHz Sound Card: Speakers (2- High Definition Au | Digital Audio (S/PDIF) (2- High | Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC | Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (F: | ) F: HL-DT-STDVDRAM GH22NS40 Ports: COM1 LPT1 Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 256.0GB | D: 127.9GB | E: 81.8GB | G: 232.8GB | Q: 0.0MB Hard Disks - Free: C: 192.8GB | D: 127.8GB | E: 81.7GB | G: 218.7GB | Q: 0.0MB Manufacturer *: Award Software International, Inc. BIOS Info: AT/AT COMPATIBLE | 05/14/10 | GBT - 42302e31 Time Zone: Eastern Standard Time Motherboard *: Gigabyte Technology Co., Ltd. GA-770T-USB3 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Anti-Spyware: AVG Internet Security 2014 disabled (Outdated) Firewall: AVG Internet Security 2014 disabled Default Browser: Firefox 15.0.1 Internet Explorer Version: 11.0.9600.17126 Mozilla Firefox version: 15.0.1 (x86 en-US) Adobe Reader version: 9.5.1.283 Flash Player version: 13.0.0.214 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ADMINI~1\AppData\Local\Temp ==== 2014-06-22 08:36:57 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-06-15 16:35:55 BB9BADED14F0963498855AC28446CED5 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-15 16:35:55 7E27FB6AB8976897A530FB30F5FF7691 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-06-15 16:35:55 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-06-15 16:35:54 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-06-15 16:35:54 C1F5812F355D0C9495C1B2E7165DA2AF 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-15 16:35:54 8DF06ACA017949D37C38B6A0EF747D4E 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-06-15 16:35:54 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-06-15 16:35:54 017B99D09904DCA35D5F66AD79084B5F 368128 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-06-15 16:35:53 E0EA58834CD19FDFCD1BC37B22E1D3D8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-06-15 16:35:53 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-06-15 16:35:53 D36574C287D0764C95AC777DFF367715 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-06-15 16:35:53 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-06-15 16:35:53 9EAAB4305536829D6B7D9C3A47E92861 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-06-15 16:35:53 814E0D53EF020BD93097F26B53B573F0 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-06-15 16:35:53 5B5815477A53ED92B89955FFE7EDCB2E 242688 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-06-15 16:35:52 688227D38A6FF6403B293D0C50B454B9 11725312 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-06-15 16:35:52 4D3074AA172DCFD5D56BE764B671085A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-06-15 16:35:51 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-15 16:35:51 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-06-15 16:35:51 771CDBC3D62437D6DB070820BB1EDCCF 1790976 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-06-15 16:35:51 22D7FFA4B94916F18EB1F1D107B86839 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-06-15 16:35:51 0AC4E3C93D49E37D5B008ED99092115C 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-15 16:35:51 09771ABC896D2A88370F3AB8BADC242E 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-06-15 16:35:50 EB960643DC62832C88272573204B6DBA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-06-15 16:33:51 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2014-06-15 16:33:46 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2014-06-15 16:33:46 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-06-15 16:33:46 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2014-06-15 16:33:46 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-19 14:49:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe 2014-06-15 16:35:54 DA7AAB5D4E5F7160E906C0D2EB9A2B9F 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-06-15 16:35:54 3ED5C9055F7A635399FC12892F565287 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-06-15 16:35:53 DFD834E89B819B5ECE8E251C56B5A3CE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-06-15 16:35:53 D5C446B14DC667B7B9FBB30EA1701D92 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-06-15 16:35:53 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-06-15 16:35:53 867DD52B23D3B0390B88F3D7AD1E600C 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-06-15 16:35:53 3A1AB9DE852F2BC1ECE6403BDD01B9F0 1398272 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-06-15 16:35:53 12BA419E27DBC5DBF9262C8A885FA361 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-06-15 16:35:52 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-06-15 16:35:52 B34D3F303769E65CE7EFBD4E6FB62B25 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-06-15 16:35:51 3FC3828E8820D1C93DBFBAD4BE456D85 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-06-15 16:35:51 063EF4239479F52DAF9F4849B0B304F1 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-06-15 16:35:50 CE6109C73C3A04CC2B8C6110B0F0FEF9 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-06-15 16:35:50 CB8A91074AE1B5051E240B50A328DCF5 295424 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-06-15 16:35:50 B2C037F50A02D6C057B1E0791BBF41A5 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-06-15 16:35:50 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-06-15 16:35:50 2DBB9127794BC30BC31D26FA088F8BAB 13522944 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-06-15 16:35:49 CC603EF96BA456D4BCD9FF849ED07A2A 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-06-15 16:35:49 AB3FA3D9B1F1D0571CBC43D1487CCD6F 5782528 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-06-15 16:35:49 A4A58E3171C03A1145D1C3EC488D1B4F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-06-15 16:35:49 9013D5BBE1B6D3A060F54B4B5BB2C3A3 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-06-15 16:35:49 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-06-15 16:35:49 6B9925F498D4E91FB57576CC3776D428 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-06-15 16:35:49 40BFD9D6EC8E174145F012246CA73CCD 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-06-15 16:35:49 2F474D40626B0C694400589F3FBB9AA9 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-06-15 16:35:48 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-06-15 16:35:48 8E3C6008250A904C06943BCEA585E344 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-06-15 16:35:48 56803B20D168C1B740D12CE0BE4588F5 23414784 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-06-15 16:33:51 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 801280 ----a-w- C:\Windows\Sysnative\usp10.dll 2014-06-15 16:33:46 ECA6AC33BD9E441F7B47D173D715D268 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-06-15 16:33:46 3408DD8081DC22858AE2E6ABD2594C02 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2014-06-15 16:33:46 0E3A7EC2B9590EA7767BBB1823630DEA 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2014-06-15 16:33:46 0465A8CFDDB4FFDB569802A70B9443D5 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-06-15 16:28:39 84A13AB118F433898B5ABA36E8D7CA91 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-06-15 16:28:39 2C053C9B2A8249F1F9B38ED1AE455771 506368 ----a-w- C:\Windows\Sysnative\aepdu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-06-19 13:26:24 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-06-19 13:26:11 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-06-19 13:26:11 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-06-19 13:26:11 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-06-15 16:33:50 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-15 16:33:50 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2014-06-19 14:49:22 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-06-19 02:20:48 -------- d-----w- C:\PROGRA~2\ShadowExplorer ======= ===== ====== C:\Users\Administrator\AppData\Roaming ====== 2014-06-20 15:13:35 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs 2014-06-19 13:25:38 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs 2014-06-19 02:21:11 -------- d-----w- C:\Users\jane_delgavio\AppData\Roaming\www.shadowexplorer.com ====== C:\Users\Administrator ====== 2014-06-22 08:33:50 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\jane_delgavio\Downloads\JRT.exe 2014-06-22 08:19:27 42F24559E8C472F6FF745BB7C5465FB2 1333465 ----a-w- C:\Users\jane_delgavio\Downloads\AdwCleaner.exe 2014-06-21 14:56:04 87E1CC81E9497B23CA40DAA7F8ACCFB6 1070592 ----a-w- C:\Users\jane_delgavio\Downloads\FRST.exe 2014-06-21 14:55:32 6FD62863663B5DAF6C30657A2D4688E2 2083328 ----a-w- C:\Users\jane_delgavio\Downloads\FRST64.exe 2014-06-19 02:20:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer 2014-06-18 18:20:28 C5824694D02D0149B0E92784BF0AE0E4 516424 ----a-w- C:\Users\jane_delgavio\Desktop\sbav_10_sfx.exe 2014-06-18 18:20:14 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\jane_delgavio\Desktop\ShadowExplorer-0.9-setup.exe 2014-06-18 18:20:11 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\jane_delgavio\Desktop\y9gyj6tq.exe ====== C: exe-files == 2014-06-22 08:36:57 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-06-22 08:33:50 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\jane_delgavio\Downloads\JRT.exe 2014-06-22 08:19:27 42F24559E8C472F6FF745BB7C5465FB2 1333465 ----a-w- C:\Users\jane_delgavio\Downloads\AdwCleaner.exe 2014-06-21 14:56:04 87E1CC81E9497B23CA40DAA7F8ACCFB6 1070592 ----a-w- C:\Users\jane_delgavio\Downloads\FRST.exe 2014-06-21 14:55:32 6FD62863663B5DAF6C30657A2D4688E2 2083328 ----a-w- C:\Users\jane_delgavio\Downloads\FRST64.exe 2014-06-19 14:49:13 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\System32\sdnclean64.exe 2014-06-19 02:20:50 D9A4EA4D6F3C3B619AB008B146168543 884224 ----a-w- C:\Program Files (x86)\ShadowExplorer\ShadowExplorer.exe 2014-06-19 02:20:48 48C3BA4FCF8C3521C85F4560B59EBD05 961370 ----a-w- C:\Program Files (x86)\ShadowExplorer\unins000.exe 2014-06-19 02:20:48 02DED435FCAA1C02959051AF636E154A 9216 ----a-w- C:\Program Files (x86)\ShadowExplorer\sesvc.exe 2014-06-18 18:20:28 C5824694D02D0149B0E92784BF0AE0E4 516424 ----a-w- C:\Users\jane_delgavio\Desktop\sbav_10_sfx.exe 2014-06-18 18:20:14 5AB2EB3CA32416D1C0ADF696579E6924 969845 ----a-w- C:\Users\jane_delgavio\Desktop\ShadowExplorer-0.9-setup.exe 2014-06-18 18:20:11 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\jane_delgavio\Desktop\y9gyj6tq.exe === C: other files == 2014-06-22 08:36:57 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\TDL4.bat 2014-06-22 08:36:57 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\medfos.bat 2014-06-22 08:36:57 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\modules.bat 2014-06-22 08:36:57 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\searchlnk.bat 2014-06-22 08:36:57 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\firefox.bat 2014-06-22 08:36:57 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\ev_clear.bat 2014-06-22 08:36:57 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\runvalues.bat 2014-06-22 08:36:57 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\delorphans.bat 2014-06-22 08:36:57 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\get.bat 2014-06-22 08:36:57 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\prelim.bat 2014-06-22 08:36:57 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\chrome.bat 2014-06-22 08:36:57 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\misc.bat 2014-06-22 08:36:57 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\ask.bat 2014-06-22 08:36:57 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\iexplore.bat 2014-06-22 08:36:57 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\JRT.bat 2014-06-22 08:36:57 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\FWPolicy.bat 2014-06-22 08:36:57 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Administrator\AppData\Local\Temp\jrt\delfolders.bat 2014-06-19 13:26:24 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-19 13:26:11 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-19 13:26:11 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-19 13:26:11 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2990107124-1154940266-691022547-500\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_JUNE2013_TB"="C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe /PROMPT /CMPID=JUNE2013_TB" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ACSTRAY"="C:\WINACS\ACSTRAY.EXE" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_JUNE2013_TB"="C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe /PROMPT /CMPID=JUNE2013_TB" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MSPCLOCK"="rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}" "MSPQM"="rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}" "MSKSSRV"="rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}" "MSTEE.CxTransform"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install" "MSTEE.Splitter"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install" "WDM_DRMKAUD"="rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install" "*WerKernelReporting"="%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq" ==== Startup Folders ====================== 2011-12-06 14:16:21 1279 ----a-w- C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Village Advent Calendar.lnk 2012-03-20 14:05:02 1292 ----a-w- C:\Users\jane_delgavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/14/2014 10:47 AM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\a9velr47.default - Undetermined - C:\ProgramData\AVG Secure Search\12.2.5.32 - Undetermined - C:\ProgramData\AVG Secure Search\12.2.5.34\ ProfilePath: C:\Users\JANE_D~1\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default - Ghostery - C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\firefox@ghostery.com - Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL - Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL - Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL - Undetermined - %ProfilePath%\extensions\DECRYPT_INSTRUCTION.URL - Ghostery - %ProfilePath%\extensions\firefox@ghostery.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\jane_delgavio\AppData\Roaming\Mozilla\Firefox\Profiles\wf3nqhm9.default\extensions\firefox@ghostery.com deleted ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== HijackThis Entries ====================== C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [ACSTRAY] C:\WINACS\ACSTRAY.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - S-1-5-21-2990107124-1154940266-691022547-1001 Startup: Jacquie Lawson Village Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe (User 'jane_delgavio') O4 - S-1-5-21-2990107124-1154940266-691022547-1001 Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'jane_delgavio') O4 - S-1-5-21-2990107124-1154940266-691022547-1001 User Startup: Jacquie Lawson Village Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson Village Advent Calendar\Jacquie Lawson Village Advent Calendar.exe (User 'jane_delgavio') O4 - S-1-5-21-2990107124-1154940266-691022547-1001 User Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'jane_delgavio') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files (x86)\ShadowExplorer\sesvc.exe O23 - Service: Application Virtualization Client (sftlist) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe O23 - Service: Application Virtualization Service Agent (sftvsa) - Unknown owner - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Sysinternals Autoruns Log ====================== HKLM\System\CurrentControlSet\Services AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. Adobe Systems Incorporated 13.0.0.214 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 4/24/2014 10:24 PM AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe AVG Security Toolbar 7.7.26.1 c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe 7/26/2011 3:57 AM avgfws "C:\Program Files (x86)\AVG\AVG2014\avgfws.exe" AVG Firewall Service AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgfws.exe 5/13/2014 8:19 AM AVGIDSAgent "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" Provides Identity Protection Against Cyber Crime. AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgidsagent.exe 5/13/2014 8:22 AM avgwd "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" AVG Watchdog Service AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgwdsvc.exe 5/13/2014 8:15 AM BrYNSvc "C:\Program Files (x86)\Browny02\BrYNSvc.exe" BrYNCSvc Brother Industries, Ltd. 1.2.3.0 c:\program files (x86)\browny02\brynsvc.exe 5/11/2011 7:33 PM MBAMScheduler "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" Malwarebytes Anti-Malware scheduler Malwarebytes Corporation 3.0.2.0 c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe 3/31/2014 4:23 PM MBAMService "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" Malwarebytes Anti-Malware service Malwarebytes Corporation 3.0.2.0 c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe 3/6/2014 3:58 PM MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled. Mozilla Foundation 15.0.1.4631 c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe 9/5/2012 8:05 PM nvsvc "C:\Windows\system32\nvvsvc.exe" Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation 8.17.13.1106 c:\windows\system32\nvvsvc.exe 1/18/2013 10:37 AM nvUpdatusService "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server. NVIDIA Corporation 1.11.3.0 c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe 1/18/2013 9:00 AM SDScannerService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" Offers malware scanning services to Spybot-S&D modules Safer-Networking Ltd. 2.3.39.217 c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe 4/25/2014 8:12 AM SDUpdateService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" Downloads Spybot updates and installs them. Safer-Networking Ltd. 2.3.39.77 c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe 4/25/2014 8:12 AM SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Integrates Spybot into the Windows Security Center. Safer-Networking Ltd. 2.3.39.2 c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe 4/25/2014 8:12 AM sesvc "C:\Program Files (x86)\ShadowExplorer\sesvc.exe" Provides access to vssadmin. www.shadowexplorer.com 0.9.462.0 c:\program files (x86)\shadowexplorer\sesvc.exe 1/2/2013 12:49 PM sftlist "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" Streams and manages applications. c:\program files (x86)\microsoft application virtualization client\sftlist.exe 4/24/2010 1:10 AM sftvsa "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" Monitors global service events and launches virtual services. c:\program files (x86)\microsoft application virtualization client\sftvsa.exe 4/24/2010 1:10 AM Stereo Service "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" Provides system support for NVIDIA Stereoscopic 3D driver NVIDIA Corporation 7.17.13.1106 c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe 1/18/2013 9:51 AM HKLM\System\CurrentControlSet\Services adp94xx \SystemRoot\system32\DRIVERS\adp94xx.sys Adaptec Windows SAS/SATA Storport Driver Adaptec, Inc. 1.6.6.4 c:\windows\system32\drivers\adp94xx.sys 12/5/2008 7:54 PM adpahci \SystemRoot\system32\DRIVERS\adpahci.sys Adaptec Windows SATA Storport Driver Adaptec, Inc. 1.6.6.1 c:\windows\system32\drivers\adpahci.sys 5/1/2007 1:30 PM adpu320 \SystemRoot\system32\DRIVERS\adpu320.sys Adaptec StorPort Ultra320 SCSI Driver (X64) Adaptec, Inc. 7.2.0.0 c:\windows\system32\drivers\adpu320.sys 2/27/2007 8:04 PM aliide \SystemRoot\system32\drivers\aliide.sys ALi mini IDE Driver Acer Laboratories Inc. 1.2.0.0 c:\windows\system32\drivers\aliide.sys 7/13/2009 7:19 PM amdsata \SystemRoot\system32\drivers\amdsata.sys AHCI 1.2 Device Driver Advanced Micro Devices 1.1.2.5 c:\windows\system32\drivers\amdsata.sys 3/18/2010 8:45 PM amdsbs \SystemRoot\system32\DRIVERS\amdsbs.sys AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform AMD Technologies Inc. 3.6.1540.127 c:\windows\system32\drivers\amdsbs.sys 3/20/2009 2:36 PM amdxata system32\drivers\amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.2.5 c:\windows\system32\drivers\amdxata.sys 3/19/2010 12:18 PM arc \SystemRoot\system32\DRIVERS\arc.sys Adaptec RAID Storport Driver Adaptec, Inc. 5.2.0.10384 c:\windows\system32\drivers\arc.sys 5/24/2007 5:27 PM arcsas \SystemRoot\system32\DRIVERS\arcsas.sys Adaptec SAS RAID WS03 Driver Adaptec, Inc. 5.2.0.16119 c:\windows\system32\drivers\arcsas.sys 1/14/2009 3:27 PM Avgdiska system32\DRIVERS\avgdiska.sys AVG File Vault Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgdiska.sys 5/13/2014 8:05 AM Avgfwfd system32\DRIVERS\avgfwd6a.sys AVG network filter driver AVG Technologies CZ, s.r.o. 14.0.0.4143 c:\windows\system32\drivers\avgfwd6a.sys 9/26/2013 3:44 AM AVGIDSDriver system32\DRIVERS\avgidsdrivera.sys AVG Technologies IDS Application Activity Monitor Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgidsdrivera.sys 5/13/2014 8:04 AM AVGIDSHA system32\DRIVERS\avgidsha.sys AVG Technologies IDS Application Activity Monitor Helper Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgidsha.sys 5/13/2014 8:05 AM Avgldx64 system32\DRIVERS\avgldx64.sys AVG AVI Loader Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgldx64.sys 5/13/2014 8:20 AM Avgloga system32\DRIVERS\avgloga.sys AVG Logging Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgloga.sys 5/13/2014 8:06 AM Avgmfx64 system32\DRIVERS\avgmfx64.sys AVG Resident Shield Minifilter Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgmfx64.sys 5/13/2014 8:05 AM Avgrkx64 system32\DRIVERS\avgrkx64.sys AVG Anti-Rootkit Driver AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgrkx64.sys 5/13/2014 8:04 AM Avgtdia system32\DRIVERS\avgtdia.sys AVG Network connection watcher AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\windows\system32\drivers\avgtdia.sys 5/13/2014 8:20 AM avgtp \??\C:\Windows\system32\drivers\avgtpx64.sys AVG Technologies 18.0.5.3 c:\windows\system32\drivers\avgtpx64.sys 3/12/2014 6:48 AM b06bdrv \SystemRoot\system32\DRIVERS\bxvbda.sys Broadcom NetXtreme II GigE VBD Broadcom Corporation 4.8.2.0 c:\windows\system32\drivers\bxvbda.sys 2/13/2009 6:18 PM b57nd60a system32\DRIVERS\b57nd60a.sys Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver. Broadcom Corporation 10.100.4.0 c:\windows\system32\drivers\b57nd60a.sys 4/26/2009 7:14 AM BrFiltLo \SystemRoot\system32\DRIVERS\BrFiltLo.sys Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. 1.10.0.2 c:\windows\system32\drivers\brfiltlo.sys 8/6/2006 9:51 PM BrFiltUp \SystemRoot\system32\DRIVERS\BrFiltUp.sys Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. 1.4.0.1 c:\windows\system32\drivers\brfiltup.sys 8/6/2006 9:51 PM Brserid \SystemRoot\System32\Drivers\Brserid.sys Brotehr Serial I/F Driver (WDM) Brother Industries Ltd. 1.0.1.6 c:\windows\system32\drivers\brserid.sys 8/6/2006 9:51 PM BrSerWdm \SystemRoot\System32\Drivers\BrSerWdm.sys Brother Serial driver (WDM version) Brother Industries Ltd. 1.0.0.20 c:\windows\system32\drivers\brserwdm.sys 8/6/2006 9:51 PM BrUsbMdm \SystemRoot\System32\Drivers\BrUsbMdm.sys Brother USB MDM Driver Brother Industries Ltd. 1.0.0.12 c:\windows\system32\drivers\brusbmdm.sys 8/6/2006 9:51 PM BrUsbSer \SystemRoot\System32\Drivers\BrUsbSer.sys Brother USB Serial Driver Brother Industries Ltd. 1.0.1.3 c:\windows\system32\drivers\brusbser.sys 8/9/2006 8:11 AM cmdide \SystemRoot\system32\drivers\cmdide.sys CMD PCI IDE Bus Driver CMD Technology, Inc. 2.0.7.0 c:\windows\system32\drivers\cmdide.sys 7/13/2009 7:19 PM ebdrv \SystemRoot\system32\DRIVERS\evbda.sys Broadcom NetXtreme II 10 GigE VBD Broadcom Corporation 4.8.13.0 c:\windows\system32\drivers\evbda.sys 12/31/2008 12:29 PM elxstor \SystemRoot\system32\DRIVERS\elxstor.sys Storport Miniport Driver for LightPulse HBAs Emulex 7.2.10.211 c:\windows\system32\drivers\elxstor.sys 2/3/2009 6:52 PM hcw85cir \SystemRoot\system32\drivers\hcw85cir.sys Hauppauge WinTV 885 Consumer IR Driver for eHome Hauppauge Computer Works, Inc. 1.31.27127.0 c:\windows\system32\drivers\hcw85cir.sys 5/11/2009 4:26 AM HpSAMD \SystemRoot\system32\drivers\HpSAMD.sys Smart Array SAS/SATA Controller Media Driver Hewlett-Packard Company 6.12.6.64 c:\windows\system32\drivers\hpsamd.sys 4/20/2010 2:32 PM iaStorV \SystemRoot\system32\drivers\iaStorV.sys Intel Matrix Storage Manager driver - x64 Intel Corporation 8.6.2.1014 c:\windows\system32\drivers\iastorv.sys 6/10/2010 8:46 PM iirsp \SystemRoot\system32\DRIVERS\iirsp.sys Intel/ICP Raid Storport Driver Intel Corp./ICP vortex GmbH 5.4.22.0 c:\windows\system32\drivers\iirsp.sys 12/13/2005 5:47 PM LSI_FC \SystemRoot\system32\DRIVERS\lsi_fc.sys LSI Fusion-MPT FC Driver (StorPort) LSI Corporation 1.28.3.52 c:\windows\system32\drivers\lsi_fc.sys 12/9/2008 6:46 PM LSI_SAS \SystemRoot\system32\DRIVERS\lsi_sas.sys LSI Fusion-MPT SAS Driver (StorPort) LSI Corporation 1.28.3.52 c:\windows\system32\drivers\lsi_sas.sys 5/18/2009 8:20 PM LSI_SAS2 \SystemRoot\system32\DRIVERS\lsi_sas2.sys LSI SAS Gen2 Driver (StorPort) LSI Corporation 2.0.2.71 c:\windows\system32\drivers\lsi_sas2.sys 5/18/2009 8:31 PM LSI_SCSI \SystemRoot\system32\DRIVERS\lsi_scsi.sys LSI Fusion-MPT SCSI Driver (StorPort) LSI Corporation 1.28.3.67 c:\windows\system32\drivers\lsi_scsi.sys 4/16/2009 6:13 PM MBAMProtector \??\C:\Windows\system32\drivers\mbam.sys Malwarebytes Anti-Malware Malwarebytes Corporation 0.1.13.0 c:\windows\system32\drivers\mbam.sys 10/30/2013 12:11 PM MBAMSwissArmy \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys Malwarebytes Anti-Malware Malwarebytes Corporation 0.1.7.0 c:\windows\system32\drivers\mbamswissarmy.sys 3/20/2014 6:12 PM MBAMWebAccessControl \??\C:\Windows\system32\drivers\mwac.sys Malwarebytes Web Access Control Malwarebytes Corporation 1.0.1.0 c:\windows\system32\drivers\mwac.sys 3/4/2014 5:47 PM megasas \SystemRoot\system32\DRIVERS\megasas.sys MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64 LSI Corporation 4.5.1.64 c:\windows\system32\drivers\megasas.sys 5/18/2009 9:09 PM MegaSR \SystemRoot\system32\DRIVERS\MegaSR.sys LSI MegaRAID Software RAID Driver LSI Corporation, Inc. 13.5.409.2009 c:\windows\system32\drivers\megasr.sys 5/18/2009 9:25 PM nfrd960 \SystemRoot\system32\DRIVERS\nfrd960.sys IBM ServeRAID Controller Driver IBM Corporation 7.10.0.0 c:\windows\system32\drivers\nfrd960.sys 6/6/2006 5:11 PM nvlddmkm system32\DRIVERS\nvlddmkm.sys NVIDIA Windows Kernel Mode Driver, Version 311.06 NVIDIA Corporation 9.18.13.1106 c:\windows\system32\drivers\nvlddmkm.sys 1/18/2013 9:22 AM nvraid \SystemRoot\system32\drivers\nvraid.sys NVIDIAr nForce RAID Driver NVIDIA Corporation 10.6.0.18 c:\windows\system32\drivers\nvraid.sys 3/19/2010 4:59 PM nvstor \SystemRoot\system32\drivers\nvstor.sys NVIDIAr nForce Sata Performance Driver NVIDIA Corporation 10.6.0.18 c:\windows\system32\drivers\nvstor.sys 3/19/2010 4:45 PM ql2300 \SystemRoot\system32\DRIVERS\ql2300.sys QLogic Fibre Channel Stor Miniport Driver QLogic Corporation 9.1.8.6 c:\windows\system32\drivers\ql2300.sys 1/22/2009 7:05 PM ql40xx \SystemRoot\system32\DRIVERS\ql40xx.sys QLogic iSCSI Storport Miniport Driver QLogic Corporation 2.1.3.20 c:\windows\system32\drivers\ql40xx.sys 5/18/2009 9:18 PM RTL8023x64 system32\DRIVERS\Rtnic64.sys Realtek 10/100 X64 Driver Realtek Semiconductor Corporation 6.109.530.2008 c:\windows\system32\drivers\rtnic64.sys 5/30/2008 11:12 AM RTL8167 system32\DRIVERS\Rt64win7.sys Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver Realtek Corporation 7.2.1125.2008 c:\windows\system32\drivers\rt64win7.sys 2/26/2009 5:04 AM secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 9/13/2006 9:18 AM SiSRaid2 \SystemRoot\system32\DRIVERS\SiSRaid2.sys SiS RAID Stor Miniport Driver Silicon Integrated Systems Corp. 5.1.1039.2600 c:\windows\system32\drivers\sisraid2.sys 9/24/2008 2:28 PM SiSRaid4 \SystemRoot\system32\DRIVERS\sisraid4.sys SiS AHCI Stor-Miniport Driver Silicon Integrated Systems 5.1.1039.3600 c:\windows\system32\drivers\sisraid4.sys 10/1/2008 5:56 PM stexstor \SystemRoot\system32\DRIVERS\stexstor.sys Promise SuperTrak EX Series Driver for Windows Promise Technology 5.0.1.1 c:\windows\system32\drivers\stexstor.sys 2/17/2009 7:03 PM viaide \SystemRoot\system32\drivers\viaide.sys VIA Generic PCI IDE Bus Driver VIA Technologies, Inc. 6.0.6000.170 c:\windows\system32\drivers\viaide.sys 7/13/2009 7:19 PM vsmraid \SystemRoot\system32\DRIVERS\vsmraid.sys VIA RAID DRIVER FOR AMD-X86-64 VIA Technologies Inc.,Ltd 6.0.6000.6210 c:\windows\system32\drivers\vsmraid.sys 1/30/2009 9:18 PM HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors RICOH Language Monitor2 rc4mon64.dll RICOH BIDI Language Monitor RICOH CO.,Ltd. 4.0.5.1 c:\windows\system32\rc4mon64.dll 5/10/2007 9:43 PM HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ACSTRAY C:\WINACS\ACSTRAY.EXE 10.0.0.1 c:\winacs\acstray.exe 6/19/1992 6:22 PM Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" Adobe Acrobat SpeedLauncher Adobe Systems Incorporated 9.5.1.283 c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe 3/27/2012 8:40 AM Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.5.7.0 c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 1/3/2012 3:36 AM BrStsMon00 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN Status Monitor Application Brother Industries, Ltd. 1.2.25.0 c:\program files (x86)\browny02\brother\brstmonw.exe 10/17/2011 8:01 PM AVG_UI "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY AVG User Interface AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgui.exe 5/13/2014 8:17 AM SDTray "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" Spybot - Search & Destroy tray access Safer-Networking Ltd. 2.3.39.129 c:\program files (x86)\spybot - search & destroy 2\sdtray.exe 4/25/2014 8:14 AM HKLM\SOFTWARE\Classes\Protocols\Handler linkscanner HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} File not found: C:\Program Files (x86)\AVG\AVG2012\avgppa.dll HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Internet Explorer C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache File not found: C:\Windows\system32\ie4uinit.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run AVG-Secure-Search-Update_JUNE2013_TB "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found: C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe Task Scheduler \Adobe Flash Player Updater "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" Adober Flashr Player Update Service 13.0 r0 Adobe Systems Incorporated 13.0.0.214 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 4/24/2014 10:24 PM \Microsoft\Windows\NetTrace\GatherNetworkInfo "%windir%\system32\gatherNetworkInfo.vbs" c:\windows\system32\gathernetworkinfo.vbs 6/10/2009 4:36 PM \Safer-Networking\Spybot - Search and Destroy\Check for updates "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background Update Safer-Networking Ltd. 2.3.39.94 c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe 4/25/2014 8:14 AM \Safer-Networking\Spybot - Search and Destroy\Refresh immunization "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose Pro-active browser protection Safer-Networking Ltd. 2.3.39.130 c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe 4/25/2014 8:13 AM \Safer-Networking\Spybot - Search and Destroy\Scan the system "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose Malware Scanner Safer-Networking Ltd. 2.3.39.181 c:\program files (x86)\spybot - search & destroy 2\sdscan.exe 4/25/2014 8:13 AM HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Link Helper HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 9.5.1.283 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll 3/26/2012 11:38 AM HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Link Helper HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 9.5.1.283 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll 3/26/2012 11:38 AM HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgsea.dll 5/13/2014 8:20 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 12/31/1969 8:00 PM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 12/31/1969 8:00 PM HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgse.dll 5/13/2014 8:13 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.114 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 4/25/2014 8:11 AM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.114 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 4/25/2014 8:11 AM HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers NvCplDesktopContext HKCR\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} NVIDIA Display Shell Extension NVIDIA Corporation 1.2.0.1 c:\windows\system32\nvshext.dll 1/18/2013 10:38 AM HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 9.5.1.283 c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll 3/26/2012 11:52 AM HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgsea.dll 5/13/2014 8:20 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 12/31/1969 8:00 PM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 12/31/1969 8:00 PM HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers AVG Shell Extension HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} AVG Shell Extension AVG Technologies CZ, s.r.o. 14.0.0.4592 c:\program files (x86)\avg\avg2014\avgse.dll 5/13/2014 8:13 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.114 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 4/25/2014 8:11 AM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.3.39.114 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 4/25/2014 8:11 AM HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\system32\l3codeca.acm 7/13/2009 9:28 PM HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\SysWOW64\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\syswow64\l3codeca.acm 7/13/2009 9:06 PM vidc.cvid iccvid.dll Cinepakr Codec Radius Inc. 1.10.0.13 c:\windows\syswow64\iccvid.dll 11/20/2010 7:59 AM ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\jane_delgavio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\jane_delgavio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\a9velr47.default\Cache emptied successfully C:\Users\jane_delgavio\AppData\Local\Mozilla\Firefox\Profiles\wf3nqhm9.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=485 folders=54 3808111 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\jane_delgavio\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot
  2. cistern_eve
    Dear kevinf80, Thank you! I ran zoek.exe and no longer get redirects. For some reason, I cannot attach the log. I will keep trying, but I get an "internal server error" whenever I attempt to post it or post the pasted contents here. Thank you very much, CE
  3. cistern_eve
    Dear kevinf80, Thanks! I was not able to get RogueKiller to run, so I skipped that step. I have attached the logs for the three steps you requested in your post (adcleaner, JRT, and malwarebytes). I am still getting redirects in webbrowsers. Specifically, pages such as google will have 302 Moved messages. If you look at the source code for the page within the browser, it is blank. Certain websites are blocked in this fashion-- I always get the 302 Moved message "the document has moved here" Thank you again for your help, -CE AdwCleanerS0.txt mbam_log2.txt JRT.txt
  4. cistern_eve
    Dear kevinf80, Thank you! I ran FRST with the fixlist.txt and have attached Fixlog.txt. Then, I ran Malwarebytes. I have attached the log after the Malwarebytes scan as mbam_log. Malwarebytes found no threats. When I attempted to download RogueKiller, the download was blocked by browser redirects. I will try downloading to a different machine and then installing this program from a CD. The crypto screens did not appear on boot and were deleted by FRST. The browser problems have remained. Thank you again, -CE Fixlog.txt mbam_log.txt
  5. cistern_eve
    Thank you, Kevinf80! I have attached the files requested. For some reason, the redirects were not happening today when I booted the computer, so I just posted from the computer itself, without the USB step that you included. Thanks again, -CE Addition.txt FRST.txt
  6. cistern_eve
    Hello, I am attemping to clear off a windows 7 computer that was hit by something that bills itself as cryptowall. I've read the instructions here: https://forums.malwa...?hl=+cryptowall Everything looks as described in that post. However, running mbam-setup.exe , updating, and scanning does not result in any "threats" found. Also, running offline/bootdisc AVG scans, GMER, and spybot result in no hits, either. However, on boot the machine still brings up the cryptowall instructions, the dns seems fishy when you view ipconfig /dnsdisplay in DOS (many websites, IPs don't seem typical for the named sites when you use a WHOIS search, etc.), and when using a webbrowser, there are redirects. Also, when it reboots, there are occasionally windows updates (don't power off your computer until, etc.), even when the ethernet cable has been disconnected (there would be no opportunity to download an update from windows). I note these instructions: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ However, I cannot reach this forum from the infected computer due to redirects, I don't want to put a flashdrive in the infected computer, and CD burning seems to fail, so pasting the output of Farbar is not as simple as suggested (I can download it to a different computer, burn it, and put it on, though). I could take some pictures of the text with my phone or retype it, but it's a lot of text to do in that fashion. Any advice would be appreciated. Thank you to 1PW ( https://forums.malwarebytes.org/index.php?/user/17252-1pw/ ) for pointing me in the right direction vis a vis where to post this. -CE Note that I began this topic in the wrong forum. It was originally posted here: https://forums.malwarebytes.org/index.php?/topic/151102-cryptowall-dns-problem/
  7. cistern_eve
    Hello, I am attemping to clear off a windows 7 computer that was hit by something that bills itself as cryptowall. I've read the instructions here: https://forums.malwarebytes.org/index.php?/topic/150193-removal-instructions-for-cryptowall/?hl=%2Bcryptowall Everything looks as described in that post. However, running mbam-setup.exe , updating, and scanning does not result in any "threats" found. Also, running offline/bootdisc AVG scans, GMER, and spybot result in no hits, either. However, on boot the machine still brings up the cryptowall instructions, the dns seems fishy when you view ipconfig /dnsdisplay in DOS, and when using a webbrowser, there are redirects. Any advice would be appreciated. -CE
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.