a97virago

Honorary Members

View Profile See their activity

Posts
24
Joined
September 28, 2014
Last visited
October 16, 2014

Reputation

0 Neutral

PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Again, I'm very sorry for the delay. I have requested access to the computer for this weekend. If I don't have it by Saturday morning, you have every right to consider this issue closed. You've been very helpful already, and I hate taking up more of your time and attention.
- October 16, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

I just got word that I'll be able to get the computer this weekend. I'll run a FRST log for you as soon as I get it. Also, do you want me to run the Combofixa and systemlook steps, before or after the FRST. Or should I hold off on running those steps until I hear back after the FRST?
- October 7, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

No problem
- October 6, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

It is being used. That's why it is hard for me to get time on it. The processor usage is down to a normal level. And not that much critical is being done on it. There is a problem with one program (LPi Express) that can't send data out on port 82, but I'm not really sure what is stopping that, I'm investigating it, concurrently.
- October 6, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

I'm really trying to get time on the computer. Please bear with me. Sorry this is taking so long to get back to.
- October 6, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Again, sorry this is taking so long. As it is a work computer, the time I have on it is very limited.
- October 1, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

I don't have access to the computer at the moment. As soon as I do, will run these steps and get back to you. I want to take this moment, though, to thank you for helping me. I can see this is a drawn out process and I wouldn't have been able to accomplish it as completely without your help. So, thank you so much!
- September 29, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Windows is also calling for several (140) updates. I don't know if I could do these or would it interfere with the ongoing process. I'll wait until I hear from you.
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014 Ran by Sacred Heart at 2014-09-28 13:05:26 Running from C:\Users\Sacred Heart\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft) Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: - Driver-Soft Inc.) Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP) IDS Client (HKLM-x32\...\{01218E3C-86E4-4D70-A36F-69CD41B78DBC}) (Version: 3.2.1.4466 - IDS LLC) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab) Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) LPi Express HTD 5.3 (HKLM-x32\...\LPi Express HTD) (Version: 5.3 - Liturgical Publications Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 7.5 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0.0.233 - Corel Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-09-2014 12:49:32 Windows Update 28-09-2014 15:58:55 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-28 10:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C386C0E-A445-47DA-901A-393EB6C2D382} - System32\Tasks\{297F2293-13B0-4FE3-9198-BB8A93BE8460} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {3F39A9C4-19EB-4085-866A-319B46C3831C} - System32\Tasks\{9C20487D-2C01-4F9E-974B-09089469BCF8} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {57C34F52-F55D-46A9-BBEC-7FE5497E2771} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {5E579732-3AE5-4CCE-98D9-C8936BB00502} - System32\Tasks\{153E2278-86B5-49E0-AE94-8AF4E54E5B22} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: {766E07AE-1135-40DF-846A-958749F829BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7CC6BFF0-97EA-4DC0-AED0-97DB14A902ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8F7B41E9-2C26-4938-A4EE-F3BA6442CF6B} - System32\Tasks\{B3E80174-7A15-479A-8CC6-BE56E35E091D} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {AD5CF118-9EB3-4AB5-8CBA-2302A1EA732B} - System32\Tasks\{F66C47B5-EAA0-485C-8591-A65C09773112} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {B3670107-77A8-46F9-BDD5-6573E06A504B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {C105B06E-52C7-4CFA-862C-2A85C608D415} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {C534DDA7-E6AF-4B97-9A5C-9FF71930D354} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {CE83A9E3-F3FE-4B66-A10B-BC53E06A8BF4} - System32\Tasks\{1B1556A2-E352-4B56-8363-A1F352A73E81} => Chrome.exe Task: {CF34E322-8BD7-48BB-BD6C-675495149C5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30] (Adobe Systems Incorporated) Task: {F1422699-57D0-4C49-B113-955A814AC852} - System32\Tasks\{2D3E9920-B639-4DE1-AE6E-AE6A472279CA} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL 2012-08-28 14:22 - 2011-04-29 23:14 - 00083752 _____ () C:\Windows\system32\PuzzlePort64.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-24 10:19 - 2010-04-28 11:49 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Sacred Heart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^xwizard.lnk => C:\Windows\pss\xwizard.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Driver Genius => MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: xwizard => "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" MSCONFIG\startupreg: {f55de818-9e4d-43d0-0b46-54c71f088e85} => "C:\ProgramData\Microsoft\{f55de818-9e4d-43d0-0b46-54c71f088e85}\{f55de818-9e4d-43d0-0b46-54c71f088e85}.exe" MSCONFIG\startupreg: .tluafed => ========================= Accounts: ========================== Administrator (S-1-5-21-639415932-1215857684-1316868989-500 - Administrator - Disabled) Guest (S-1-5-21-639415932-1215857684-1316868989-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-639415932-1215857684-1316868989-1006 - Limited - Enabled) Sacred Heart (S-1-5-21-639415932-1215857684-1316868989-1003 - Administrator - Enabled) => C:\Users\Sacred Heart ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2014 00:57:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x5e0 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 11:46:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x760 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x710 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062c3523 Faulting process id: 0x994 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009263523 Faulting process id: 0x870 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000008a83523 Faulting process id: 0x64c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000087d3523 Faulting process id: 0x878 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000050c3523 Faulting process id: 0xaec Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009883523 Faulting process id: 0xe00 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062d3523 Faulting process id: 0x72c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 System errors: ============= Error: (09/28/2014 01:00:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 00:59:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 00:57:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 11:47:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 11:47:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 11:46:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 10:56:03 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/28/2014 10:22:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 10:21:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (09/28/2014 00:57:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c15e001cfdb3378ea577aC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll97f3ce26-4730-11e4-95af-a180eb7df2ed Error: (09/28/2014 11:46:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c176001cfdb17fa7f70a9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll95f9f02e-4726-11e4-a196-90a0a8ee43eb Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c171001cfdb1081caacc9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllac48dd2a-470a-11e4-bafd-e7a61a1ba403 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062c352399401cfdb12c6a5c40eC:\Windows\explorer.exeunknown4322818f-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000926352387001cfdb12aebdab23C:\Windows\explorer.exeunknown01b7cda3-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000008a8352364c01cfdb1246672c35C:\Windows\Explorer.EXEunknownbd28fdcc-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000087d352387801cfdb120b482a89C:\Windows\Explorer.EXEunknown8176d469-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000050c3523aec01cfdb11cfa42258C:\Windows\Explorer.EXEunknown466d3f20-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000009883523e0001cfdb1193ba8589C:\Windows\Explorer.EXEunknown0a94d8a8-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062d352372c01cfdb1157db4911C:\Windows\Explorer.EXEunknownced875fe-4704-11e4-bafd-a6300096e01c CodeIntegrity Errors: =================================== Date: 2014-09-28 10:21:16.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-28 10:21:16.332 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD Graphics Percentage of memory in use: 34% Total physical RAM: 3570.79 MB Available physical RAM: 2324.95 MB Total Pagefile: 7139.75 MB Available Pagefile: 5665.13 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:864.46 GB) NTFS Drive e: (TravelDrive) (Removable) (Total:1.91 GB) (Free:0.73 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58CFF908) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 19048354) Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E) ==================== End Of Log ============================
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Here is the new FRST scan after removing autokms Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 13:05:00Running from C:\Users\Sacred Heart\DesktopLoaded Profile: Sacred Heart (Available profiles: Sacred Heart)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) C:\Windows\System32\HPSIsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.)HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated)HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ruFF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12]FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ruFF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] ()S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] ()S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X]S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:54 - 2014-09-28 10:54 - 00025396 _____ () C:\Users\Sacred Heart\Desktop\FRST201409281056.txt2014-09-28 10:53 - 2014-09-28 13:03 - 00039260 _____ () C:\Users\Sacred Heart\Desktop\Addition.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00013189 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00000000 ____D () C:\FRST2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-09-28 08:49 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-09-28 08:49 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe2014-09-28 07:54 - 2014-09-28 13:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-27 21:23 - 2014-09-28 12:59 - 00001872 _____ () C:\Windows\setupact.log2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7}2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA%2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 13:04 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-28 13:03 - 2012-08-22 15:54 - 01057297 _____ () C:\Windows\WindowsUpdate.log2014-09-28 12:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-28 12:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-28 11:46 - 2012-07-31 03:17 - 00266026 _____ () C:\Windows\PFRO.log2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-15 09:06 - 2012-07-30 18:59 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp42014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete:====================C:\Users\Sacred Heart\acrobat.exeC:\Users\Sacred Heart\chrome935539.exeC:\Users\Sacred Heart\ctfmon132343.exeC:\Users\Sacred Heart\flashplayer560745.exeC:\Users\Sacred Heart\googleupdate.exeC:\Users\Sacred Heart\googleupdate27226.exeC:\Users\Sacred Heart\msconfig464447.exeC:\Users\Sacred Heart\mstsc524057.exeC:\Users\Sacred Heart\rundll3238542.exeC:\Users\Sacred Heart\rundll32826958.exeC:\Users\Sacred Heart\spoolsv35736.exeC:\Users\Sacred Heart\vlcplayer.exeC:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 11:17 ==================== End Of Log ============================
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

To be on the safe side, I've removed it.
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

The brief research I just did, seems to indicate that it's some sort of Office crack, but I'm "reasonably" sure that the installation of Office on this computer is legitimate. This is a business computer that I've been brought in to clean up.
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

I have no idea what that is.
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014 Ran by Sacred Heart at 2014-09-28 10:53:38 Running from C:\Users\Sacred Heart\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft) Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: - Driver-Soft Inc.) Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP) IDS Client (HKLM-x32\...\{01218E3C-86E4-4D70-A36F-69CD41B78DBC}) (Version: 3.2.1.4466 - IDS LLC) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab) Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) LPi Express HTD 5.3 (HKLM-x32\...\LPi Express HTD) (Version: 5.3 - Liturgical Publications Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 7.5 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0.0.233 - Corel Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-09-2014 12:49:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-28 10:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C386C0E-A445-47DA-901A-393EB6C2D382} - System32\Tasks\{297F2293-13B0-4FE3-9198-BB8A93BE8460} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {3F39A9C4-19EB-4085-866A-319B46C3831C} - System32\Tasks\{9C20487D-2C01-4F9E-974B-09089469BCF8} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {57C34F52-F55D-46A9-BBEC-7FE5497E2771} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {5E579732-3AE5-4CCE-98D9-C8936BB00502} - System32\Tasks\{153E2278-86B5-49E0-AE94-8AF4E54E5B22} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: {70B14C0D-C1D5-4F0C-A0AA-4312FA676299} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-31] () Task: {766E07AE-1135-40DF-846A-958749F829BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7CC6BFF0-97EA-4DC0-AED0-97DB14A902ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8F7B41E9-2C26-4938-A4EE-F3BA6442CF6B} - System32\Tasks\{B3E80174-7A15-479A-8CC6-BE56E35E091D} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {AD5CF118-9EB3-4AB5-8CBA-2302A1EA732B} - System32\Tasks\{F66C47B5-EAA0-485C-8591-A65C09773112} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {B3670107-77A8-46F9-BDD5-6573E06A504B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {C105B06E-52C7-4CFA-862C-2A85C608D415} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {C534DDA7-E6AF-4B97-9A5C-9FF71930D354} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {CE83A9E3-F3FE-4B66-A10B-BC53E06A8BF4} - System32\Tasks\{1B1556A2-E352-4B56-8363-A1F352A73E81} => Chrome.exe Task: {CF34E322-8BD7-48BB-BD6C-675495149C5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30] (Adobe Systems Incorporated) Task: {F1422699-57D0-4C49-B113-955A814AC852} - System32\Tasks\{2D3E9920-B639-4DE1-AE6E-AE6A472279CA} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-24 10:20 - 2010-03-31 11:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL 2012-08-28 14:22 - 2011-04-29 23:14 - 00083752 _____ () C:\Windows\system32\PuzzlePort64.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-24 10:19 - 2010-04-28 11:49 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Sacred Heart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^xwizard.lnk => C:\Windows\pss\xwizard.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Driver Genius => MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: xwizard => "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" MSCONFIG\startupreg: {f55de818-9e4d-43d0-0b46-54c71f088e85} => "C:\ProgramData\Microsoft\{f55de818-9e4d-43d0-0b46-54c71f088e85}\{f55de818-9e4d-43d0-0b46-54c71f088e85}.exe" MSCONFIG\startupreg: .tluafed => ========================= Accounts: ========================== Administrator (S-1-5-21-639415932-1215857684-1316868989-500 - Administrator - Disabled) Guest (S-1-5-21-639415932-1215857684-1316868989-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-639415932-1215857684-1316868989-1006 - Limited - Enabled) Sacred Heart (S-1-5-21-639415932-1215857684-1316868989-1003 - Administrator - Enabled) => C:\Users\Sacred Heart ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x710 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062c3523 Faulting process id: 0x994 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009263523 Faulting process id: 0x870 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000008a83523 Faulting process id: 0x64c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000087d3523 Faulting process id: 0x878 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000050c3523 Faulting process id: 0xaec Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009883523 Faulting process id: 0xe00 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062d3523 Faulting process id: 0x72c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000007d83523 Faulting process id: 0xc70 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process id: 0xbc0 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 System errors: ============= Error: (09/28/2014 10:22:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 10:21:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 08:32:54 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/28/2014 08:31:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 08:30:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: %%1290 Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Base Filtering Engine service failed to start due to the following error: %%1290 Error: (09/28/2014 08:25:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Center service failed to start due to the following error: %%1314 Microsoft Office Sessions: ========================= Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c171001cfdb1081caacc9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllac48dd2a-470a-11e4-bafd-e7a61a1ba403 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062c352399401cfdb12c6a5c40eC:\Windows\explorer.exeunknown4322818f-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000926352387001cfdb12aebdab23C:\Windows\explorer.exeunknown01b7cda3-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000008a8352364c01cfdb1246672c35C:\Windows\Explorer.EXEunknownbd28fdcc-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000087d352387801cfdb120b482a89C:\Windows\Explorer.EXEunknown8176d469-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000050c3523aec01cfdb11cfa42258C:\Windows\Explorer.EXEunknown466d3f20-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000009883523e0001cfdb1193ba8589C:\Windows\Explorer.EXEunknown0a94d8a8-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062d352372c01cfdb1157db4911C:\Windows\Explorer.EXEunknownced875fe-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000007d83523c7001cfdb111c0a06bbC:\Windows\Explorer.EXEunknown92f21566-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000041d0000000000000000bc001cfdb10e04e57d7C:\Windows\Explorer.EXEunknown5723346f-4704-11e4-bafd-a6300096e01c CodeIntegrity Errors: =================================== Date: 2014-09-28 10:21:16.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-28 10:21:16.332 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD Graphics Percentage of memory in use: 71% Total physical RAM: 3570.79 MB Available physical RAM: 1006.53 MB Total Pagefile: 7139.75 MB Available Pagefile: 5610.53 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:867.21 GB) NTFS Drive e: (WINTOUSB) (Removable) (Total:14.89 GB) (Free:13.76 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58CFF908) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00005053) Partition 1: (Active) - (Size=14.9 GB) - (Type=0C) ==================== End Of Log ============================
- September 28, 2014
- 37 replies
PeeacMem-A virus removal

a97virago replied to a97virago's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014 Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 10:52:48 Running from C:\Users\Sacred Heart\Desktop Loaded Profile: Sacred Heart (Available profiles: Sacred Heart) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl" HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated) HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12] FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed] S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO) R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed] S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed] S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.) R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] () U3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:52 - 2014-09-28 10:53 - 00013039 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt 2014-09-28 10:52 - 2014-09-28 10:52 - 00000000 ____D () C:\FRST 2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt 2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox 2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt 2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt 2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe 2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe 2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe 2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe 2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe 2014-09-28 07:54 - 2014-09-28 08:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-27 21:23 - 2014-09-28 08:30 - 00000964 _____ () C:\Windows\setupact.log 2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT 2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe 2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT 2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat 2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore 2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7} 2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge 2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls 2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls 2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos 2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk 2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜 2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx 2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe 2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss 2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif 2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA% 2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls 2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw 2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif 2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart 2014-09-28 10:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-28 08:50 - 2012-08-22 15:54 - 01897940 _____ () C:\Windows\WindowsUpdate.log 2014-09-28 08:35 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-28 08:31 - 2012-07-31 15:00 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-09-28 08:30 - 2012-07-31 03:17 - 00265226 _____ () C:\Windows\PFRO.log 2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther 2014-09-28 08:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps 2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google 2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google 2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans 2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins 2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources 2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games 2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD 2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe 2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD 2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c 2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer 2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver 2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword 2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI 2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD 2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx 2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini 2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh 2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-05 12:03 - 2012-07-31 15:00 - 00000000 ____D () C:\Windows\AutoKMS 2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple 2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp4 2014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps 2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps 2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete: ==================== C:\Users\Sacred Heart\acrobat.exe C:\Users\Sacred Heart\chrome935539.exe C:\Users\Sacred Heart\ctfmon132343.exe C:\Users\Sacred Heart\flashplayer560745.exe C:\Users\Sacred Heart\googleupdate.exe C:\Users\Sacred Heart\googleupdate27226.exe C:\Users\Sacred Heart\msconfig464447.exe C:\Users\Sacred Heart\mstsc524057.exe C:\Users\Sacred Heart\rundll3238542.exe C:\Users\Sacred Heart\rundll32826958.exe C:\Users\Sacred Heart\spoolsv35736.exe C:\Users\Sacred Heart\vlcplayer.exe C:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-03 11:52 ==================== End Of Log ============================
- September 28, 2014
- 37 replies

Sign In

a97virago

Posts

Joined

Last visited

Reputation

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

PeeacMem-A virus removal

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information