[After rebooting, my computer is stuck on the welcome page]

Hello ekvin

 

I've done everything mentioned before and thankfully everything in my pc runs ok now. So  i guess it's ok to close the thread. 

 

 

Thanks so much for helping me with all this. You are a life saver=)

 

Thanks again and have  a good day!

[After rebooting, my computer is stuck on the welcome page]

Security Check Log:

 

 Results of screen317's Security Check version 0.99.97  

 Windows 7  x64 (UAC is enabled)  

 Out of date service pack!! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Java 8 Update 31  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

  Adobe Flash Player 11.3.300.257 Flash Player out of Date!  

 Adobe Reader XI  

 Mozilla Firefox 27.0.1 Firefox out of Date!  

 Google Chrome (40.0.2214.111) 

 Google Chrome (40.0.2214.115) 

````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

 

 

 

So far there's no problem with my pc. everything runs smoothly now. 

[After rebooting, my computer is stuck on the welcome page]

OTM log:

 

All processes killed

========== FILES ==========

c:\users\user\downloads\compressed\222_onet\onet\Onet 2 folder moved successfully.

c:\users\user\downloads\compressed\222_onet\onet folder moved successfully.

c:\users\user\downloads\compressed\222_onet folder moved successfully.

c:\users\user\downloads\programs\5x86-S-drp.exe moved successfully.

c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp (1).exe moved successfully.

c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp.exe moved successfully.

c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp (1).exe moved successfully.

c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp.exe moved successfully.

c:\users\user\downloads\programs\BitTorrent(1).exe moved successfully.

c:\users\user\downloads\programs\BitTorrent.exe moved successfully.

c:\users\user\downloads\programs\cbsidlm-tr1_13-Atheros_AR5005G_Wireless_Network_Adapter-SEO-150076.exe moved successfully.

c:\users\user\downloads\programs\uTorrent.exe moved successfully.

c:\programdata\application data\microsoft\security\client\temp\tmp86DF.exe moved successfully.

c:\programdata\application data\microsoft\security\client\temp\tmpDEBC.exe moved successfully.

File/Folder c:\programdata\microsoft\security\client\temp\tmp86df.exe not found.

File/Folder c:\programdata\microsoft\security\client\temp\tmpdebc.exe not found.

c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_net moved successfully.

c:\users\user\appdata\roaming\uTorrent\share folder moved successfully.

c:\users\user\appdata\roaming\uTorrent\dlimagecache folder moved successfully.

c:\users\user\appdata\roaming\uTorrent\apps folder moved successfully.

c:\users\user\appdata\roaming\uTorrent folder moved successfully.

DllUnregisterServer procedure not found in c:\program files (x86)\avira\antivir desktop\apnic.dll

File move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: user

->Temp folder emptied: 5064377 bytes

->Temporary Internet Files folder emptied: 910251 bytes

->Java cache emptied: 1656879 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 10367314 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 17.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 03022015_181838

 

Files moved on Reboot...

File move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.

File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.

C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.

C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWB9MPN2\desktop.ini not found!

File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMJFG8NC\desktop.ini not found!

File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQHACCEQ\desktop.ini not found!

File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J79ESJZM\desktop.ini not found!

 

Registry entries deleted on Reboot...

[After rebooting, my computer is stuck on the welcome page]

hello, 

 

 

here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015

Ran by user at 2015-03-02 08:31:15 Run:4

Running from C:\Users\user\Downloads

Loaded Profiles: user &  (Available profiles: user)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll

C:\Users\user\AppData\Local\YlPack\lxsyicur.dll

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION

C:\Users\user\AppData\Local\Edstion\MMNotes.dll 

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

C:\Users\user\AppData\Local\Temp\APNSetup.exe

C:\Users\user\AppData\Local\Temp\avgnt.exe

C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe

cmd: C:\ComboFix.txt

EmptyTemp:

end

 

 

 

*****************

 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully.

"C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully.

"C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.

C:\Users\user\AppData\Local\YlPack => Moved successfully.

C:\Users\user\AppData\Local\Edstion => Moved successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.

 

=========  C:\ComboFix.txt =========

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 148.5 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 08:33:26 ====

[After rebooting, my computer is stuck on the welcome page]

 from herdprotect:

Saved date:   2/3/2015 12:30:08 PM

Files detected: 72

Files scanned: 8,406

Processes scanned: 46

Modules scanned: 668

ASEPs scanned: 454

Downloads scanned: 0

Deep analysis: 95/40

---------------------------------------------------------------------------------

 

Files

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\wordweb\wweb32.exe

Publisher:

Signer: WordWeb Software

MD5: 0e44ae22235bcc723c96e05e82f5cb5a

SHA-1: d379d4481bc9ccf24438982777158b89257413c8

Created: 21/7/2013 10:14:47 PM

Detections: 1

Determination: Ignore detections (false positive)

- NANO AntiVirus as Trojan.Win32.Induc.brmeva (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\yes\connect\gctwimaxserviced.exe

Publisher: GCT Semiconductor, Inc.

MD5: 093a9a9457baa6bd7499894d85d414b8

SHA-1: 3cbacbdce036ba7f09b2acb3380e9ec9af4f2cc1

Created: 23/6/2014 2:54:20 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.Laneul (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\gom.exe

Publisher: Gretech Corp.

Signer: GRETECH

MD5: ffb69e8d12bbe543ad0ba77d1397d4c3

SHA-1: b2611d2ca10ae1aca482afe7d112cf6f9634b8b9

Created: 12/4/2012 3:27:54 PM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.Handler.GRETECH.D (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\videolan\vlc\vlc.exe

Publisher: VideoLAN Team

MD5: 2f3d2879502b17a1ed42bb2dfdda7c9c

SHA-1: 0ceacf308e8e77d5f8df61652a757308b8ed3c6b

Created: 13/12/2005 3:54:30 AM

Detections: 1

Determination: Ignore detections (false positive)

- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\local\temp\quarantine.exe

Publisher:

MD5: 2f7e1544e68be8cd088eda54d67ccaf5

SHA-1: fd6a8c6440e9e37882db263faec9323079a8b09f

Created: 8/11/2014 4:33:34 PM

Detections: 1

Determination: Ignore detections (false positive)

- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\local\temp\jrt\nircmd.dat

Publisher: NirSoft

MD5: 466a42aea0abdf4c6b610f0f5e61cfa2

SHA-1: 7e7998642babcb567ff7845cfaf4f3636ce209f7

Created: 2/3/2015 8:44:44 AM

Detections: 1

Determination: Ignore detections (false positive)

- ViRobot as RiskTool.Nircmd.43520

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\frst64.exe

Publisher: Farbar

MD5: da1fc7abb4846ff12dc76de6ce24f60f

SHA-1: 42156fa338811881ed7b53723bb898b17cfaea1a

Created: 28/2/2015 9:03:21 PM

Detections: 1

Determination: Ignore detections (false positive)

- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\compressed\222_onet\onet\onet.exe

Publisher: CHEN PROGRAM STUDY

MD5: 37d35831be38fb62c4d848f35a41335d

SHA-1: 5f2a10e6d2e5e6150fba34a5c2960ba069e94feb

Created: 14/1/2014 9:08:15 PM

Detections: 3

Determination: Inconclusive

- K7 AntiVirus as Riskware  (Undefined)

- F-Prot as W32/MalwareF.EBIU (Undefined)

- Commtouch SDK as W32/Risk.YQBM-3858 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\compressed\222_onet\onet\onet 2\onet%202.exe

Publisher: CHEN PROGRAM STUDY

MD5: a8c54d6fe324eecfe508e4f054914fd4

SHA-1: 2a210219b2f2b2f17b6e71e10173afdc19559b06

Created: 14/1/2014 9:08:26 PM

Detections: 8

Determination: UndefinedMalware

- Bkav FE as W32.Cloddd1.Trojan (Undefined)

- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)

- Norman as Smalltroj.YAGC (Undefined)

- Agnitum Outpost as Trojan.Agent (Undefined)

- Zillya! Antivirus as Trojan.Genome.Win32.52230 (Undefined)

- Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)

- Rising Antivirus as PE:Trojan.Win32.Generic.14B3EC13!347335699 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\frst-olderversion\frst64.exe

Publisher: Farbar

MD5: b81464104336b16a9bc6b2874b16a9c5

SHA-1: 97b8f97728990ebe7a4c266941910c8344b7f0c0

Created: 28/2/2015 9:03:21 PM

Detections: 1

Determination: Ignore detections (false positive)

- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\5x86-s-drp.exe

Publisher: Kuzyakov Artur

MD5: ec1cb112a5d5a152663222ab391c5700

SHA-1: 9b9442957c412792f69d73d125c2bdb4552f2967

Created: 12/7/2013 11:20:55 PM

Detections: 9

Determination: Adware

- Malwarebytes as PUP.Optional.Babylon.A (Adware)

- K7 Gateway Antivirus as Unwanted-Program  (Adware)

- K7 AntiVirus as Unwanted-Program  (Adware)

- avast! as Win32:PUP-gen [PUP] (Adware)

- Sophos as Generic PUA IA (Undefined)

- Dr.Web as Adware.Babylon.15 (Adware)

- Antiy Labs AVL as GrayWare[AdWare:not-a-virus]/Win32.MegaSearch (Adware)

- ESET NOD32 as Win32/OpenCandy (variant) (Adware)

- Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\adwcleaner.exe

Publisher:

MD5: 4db5909d450ae68cc11dc865b9b84f71

SHA-1: 4e6d1ad4baa129b9a310c211ef511618dd8741ea

Created: 2/3/2015 8:23:55 AM

Detections: 1

Determination: Ignore detections (false positive)

- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp (1).exe

Publisher: Kuzyakov Artur

MD5: 5339f48d5f0910d80898f573823098e3

SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfa

Created: 12/7/2013 11:10:43 PM

Detections: 4

Determination: Adware

- avast! as Win32:PUP-gen [PUP] (Adware)

- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)

- ESET NOD32 as Win32/OpenCandy (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp.exe

Publisher: Kuzyakov Artur

MD5: 5339f48d5f0910d80898f573823098e3

SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfa

Created: 12/7/2013 10:52:25 PM

Detections: 4

Determination: Adware

- avast! as Win32:PUP-gen [PUP] (Adware)

- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)

- ESET NOD32 as Win32/OpenCandy (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp (1).exe

Publisher: Kuzyakov Artur

MD5: e0c0ea3ab12405966f22c9d067c6c54c

SHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332bab

Created: 12/7/2013 11:10:55 PM

Detections: 4

Determination: Adware

- avast! as Win32:PUP-gen [PUP] (Adware)

- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)

- ESET NOD32 as Win32/OpenCandy (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp.exe

Publisher: Kuzyakov Artur

MD5: e0c0ea3ab12405966f22c9d067c6c54c

SHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332bab

Created: 12/7/2013 10:42:30 PM

Detections: 4

Determination: Adware

- avast! as Win32:PUP-gen [PUP] (Adware)

- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)

- ESET NOD32 as Win32/OpenCandy (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\bittorrent(1).exe

Publisher: BitTorrent Inc.

Signer: BitTorrent Inc

MD5: e650003c472935d7f5b01cf67490669c

SHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987b

Created: 9/8/2013 12:47:56 AM

Detections: 2

Determination: Ignore detections (false positive)

- VIPRE Antivirus as Conduit (Undefined)

- Bkav FE as W32.Clod998.Trojan (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\bittorrent.exe

Publisher: BitTorrent Inc.

Signer: BitTorrent Inc

MD5: e650003c472935d7f5b01cf67490669c

SHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987b

Created: 8/8/2013 11:27:27 PM

Detections: 2

Determination: Ignore detections (false positive)

- VIPRE Antivirus as Conduit (Undefined)

- Bkav FE as W32.Clod998.Trojan (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\cbsidlm-tr1_13-atheros_ar5005g_wireless_network_adapter-seo-150076.exe

Publisher:

Signer: CBS Interactive

MD5: d39160ab60a14e420ebda3c478fdf381

SHA-1: 8a893fe3c1376f3c1b0f67a9514cbe621b717d98

Created: 12/7/2013 10:17:59 PM

Detections: 9

Determination: Adware

- Reason Heuristics as Bundler.PPI.CBSInteractive.l (Undefined)

- NANO AntiVirus as Trojan.Win32.Downware.crgjbr (Adware)

- Dr.Web as Adware.Downware.398 (Adware)

- VIPRE Antivirus as WebInstall (Undefined)

- ESET NOD32 as Win32/DownloadAdmin (Undefined)

- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

- herdProtect (fuzzy) as a variant of 713ef952ac6a358c8abfa39550aa98592ec79d47

- Trend Micro House Call as TROJ_GEN.F47V0807 (Undefined)

- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\combofix.exe

Publisher: Swearware

MD5: 6f4e489fc0471fc87da8da187c6b8f8c

SHA-1: 1fbca8ec4f88b127bb5c91e4608be555a466593b

Created: 26/2/2015 11:25:46 PM

Detections: 5

Determination: Ignore detections (false positive)

- K7 Gateway Antivirus as Riskware  (Undefined)

- K7 AntiVirus as Riskware  (Undefined)

- Sophos as NirCmd

- Jiangmin as Trojan/JmGenGeneric.boe (Undefined)

- Rising Antivirus as PE:Trojan.Win32.Generic.15632D02!358821122 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\driveridentifier_setup.exe

Publisher: DriverIdentifier                                            

MD5: acee21f17796436688b8c79672b5f11b

SHA-1: 3eb3ad88ea496298e8d60d4ae7d5618d83ed17d9

Created: 12/7/2013 10:34:47 PM

Detections: 1

Determination: Ignore detections (false positive)

- Trend Micro House Call as TROJ_GEN.F47V0724 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\jrt.exe

Publisher:

MD5: af6e966d1f38287ef4d33b246ccc3a33

SHA-1: 2a8dc8c652cee1691b165428c6fc14080f9176b5

Created: 2/3/2015 8:24:39 AM

Detections: 1

Determination: Ignore detections (false positive)

- Qihoo 360 Security as virus.bat.danger.m (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\rainmeter-2.5.exe

Publisher:

Signer: Rainmeter

MD5: 05ffdc4640d44ea53b197e1432e045c3

SHA-1: 4ac74707099e3f55e398bd60d9a735eb7c691e79

Created: 30/3/2013 9:27:49 PM

Detections: 1

Determination: Ignore detections (false positive)

- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\downloads\programs\utorrent.exe

Publisher: BitTorrent Inc.

Signer: BitTorrent Inc

MD5: 42a6b5ef0b934efc529d0ee31e62c08e

SHA-1: 784baeeff866c62e427754a299703a76262f06ad

Created: 27/3/2013 9:50:19 PM

Detections: 24

Determination: Adware

- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)

- McAfee as Artemis!C769093B2C7E (Undefined)

- Malwarebytes as Trojan.FakeTor (Undefined)

- Norman as Troj_Generic.NUGRV (Undefined)

- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)

- avast! as Win32:Sality (Undefined)

- Bitdefender as Trojan.Generic.9795664 (Undefined)

- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)

- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)

- Comodo Security as UnclassifiedMalware (Undefined)

- F-Secure as Trojan.Generic.9795664 (Undefined)

- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)

- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)

- G Data as Trojan.Generic.9795664 (Undefined)

- IKARUS anti.virus as Virus.Win32.Sality (Undefined)

- Fortinet FortiGate as Riskware/Torrent (Undefined)

- ESET NOD32 as Win32/Bunndle (variant) (Undefined)

- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)

- Vba32 AntiVirus as Adware.iBryte (Adware)

- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)

- Bkav FE as W32.Clodc5c.Trojan (Undefined)

- K7 Gateway Antivirus as Riskware  (Undefined)

- K7 AntiVirus as Riskware (Undefined)

- Jiangmin as Trojan/Agent.ivsh (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\desktop\plants vs. zombies\bass.dll

Publisher: Un4seen Developments

MD5: 6731f160e001bb85ba930574b8d42776

SHA-1: aa2b48c55d9350be1ccf1dce921c33100e627378

Created: 6/8/2014 11:42:55 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.CDB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\desktop\plants vs. zombies\plantsvszombies.exe

Publisher:

Signer: PopCap Games

MD5: 3c8876147c84735ca540dda5be3c6451

SHA-1: bf5c51304b1bade29ba4988cc96bf9c35780793c

Created: 6/8/2014 11:42:57 PM

Detections: 2

Determination: Ignore detections (false positive)

- The Hacker as Trojan/Cosmu.adrs (Undefined)

- ViRobot as Trojan.Win32.A.ShipUp.1885896 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\grep.exe

Publisher:

MD5: 9e05a9c264c8a908a8e79450fcbff047

SHA-1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4

Created: 26/2/2015 11:32:13 PM

Detections: 1

Determination: Ignore detections (false positive)

- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

 

---------------------------------------------------------------------------------

 

File path: c:\windows\mbr.exe

Publisher:

MD5: 0277c027a26428db64ef4f64f52bb4fd

SHA-1: 2f16becf7898ac2f5bdca9f80810c66143500e3e

Created: 26/2/2015 11:32:13 PM

Detections: 1

Determination: Ignore detections (false positive)

- Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\pev.exe

Publisher:

MD5: f042ee4c8d66248d9b86dcf52abae416

SHA-1: 4cd785c7c3e40c42e3d126086d986c4d4d940bb2

Created: 26/2/2015 11:32:13 PM

Detections: 2

Determination: Ignore detections (false positive)

- Bkav FE as HW32.CDB (Undefined)

- XVirus List as Win.Detected (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\zip.exe

Publisher:

MD5: 5e832f4faf5f481f2eaf3b3a48f603b8

SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d

Created: 26/2/2015 11:32:13 PM

Detections: 2

Determination: Ignore detections (false positive)

- Bkav FE as W32.Clod7f4.Trojan (Undefined)

- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

 

---------------------------------------------------------------------------------

 

File path: c:\windows\syswow64\iscsicpl.dll

Publisher: Microsoft Corporation

MD5: f945adcef203e6104aec8ec9c337cfd0

SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a

Created: 14/7/2009 7:46:13 AM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoA (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\syswow64\networkmap.dll

Publisher: Microsoft Corporation

MD5: f9e79fa16bac237b5e635f9fcc2a377c

SHA-1: ddfcae2db65bfea608a4f6f6d33bfe588bc0b84e

Created: 14/7/2009 7:53:28 AM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoA (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\syswow64\odbcconf.dll

Publisher: Microsoft Corporation

MD5: 8e0e2f752987838cde7c8c413ce5c104

SHA-1: 3aaf5c229e6e42e43c9d29a9c4519f16d6230b11

Created: 14/7/2009 8:12:07 AM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.CDB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\windows\syswow64\srvany.exe

Publisher:

MD5: 4635935fc972c582632bf45c26bfcb0e

SHA-1: 7c5329229042535fe56e74f1f246c6da8cea3be8

Created: 9/3/2013 9:18:30 PM

Detections: 1

Determination: Ignore detections (false positive)

- CMC Antivirus as Malware.Win32.Generic!O (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\application data\microsoft\security\client\securityhelper.dll

Publisher:

MD5: a35a93d40230e742ecce9a8a66b4c6c9

SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8

Created: 22/2/2015 4:20:53 AM

Detections: 1

Determination: Inconclusive

- ESET NOD32 as Win64/Sathurbot (variant) (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\application data\microsoft\security\client\temp\tmp86df.exe

Publisher:

MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6c

SHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36

Created: 28/2/2015 6:17:32 PM

Detections: 25

Determination: UndefinedMalware

- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)

- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)

- Malwarebytes as Trojan.Agent.ED (Undefined)

- K7 Gateway Antivirus as Trojan  (Undefined)

- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)

- Norman as ZBot.NLWN (Undefined)

- avast! as Win32:Dropper-gen [Drp] (Undefined)

- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)

- Bitdefender as Trojan.GenericKD.2191619 (Undefined)

- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)

- F-Secure as Trojan.GenericKD.2191619 (Undefined)

- Dr.Web as Trojan.Emotet.62 (Undefined)

- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)

- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)

- Avira AntiVirus as TR/Crypt.Xpack.156344

- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)

- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)

- G Data as Trojan.GenericKD.2191619 (Undefined)

- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)

- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)

- ESET NOD32 as Win32/Boaxxe.BR (Undefined)

- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)

- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)

- AVG as Inject2 (Undefined)

- Panda Antivirus as Trj/Genetic.gen (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\application data\microsoft\security\client\temp\tmpdebc.exe

Publisher: The Eraser Project Out of Stock

Signer: ChengDu AoMei Tech Co., Ltd

MD5: a94e088375d00f1a30d10136e53dedf4

SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687

Created: 26/2/2015 6:15:13 PM

Detections: 2

Determination: Inconclusive

- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)

- AhnLab V3 Security as Trojan/Win32.MDA (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\microsoft\security\client\securityhelper.dll

Publisher:

MD5: a35a93d40230e742ecce9a8a66b4c6c9

SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8

Created: 22/2/2015 4:20:53 AM

Detections: 1

Determination: Inconclusive

- ESET NOD32 as Win64/Sathurbot (variant) (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\microsoft\security\client\temp\tmp86df.exe

Publisher:

MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6c

SHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36

Created: 28/2/2015 6:17:32 PM

Detections: 25

Determination: UndefinedMalware

- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)

- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)

- Malwarebytes as Trojan.Agent.ED (Undefined)

- K7 Gateway Antivirus as Trojan  (Undefined)

- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)

- Norman as ZBot.NLWN (Undefined)

- avast! as Win32:Dropper-gen [Drp] (Undefined)

- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)

- Bitdefender as Trojan.GenericKD.2191619 (Undefined)

- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)

- F-Secure as Trojan.GenericKD.2191619 (Undefined)

- Dr.Web as Trojan.Emotet.62 (Undefined)

- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)

- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)

- Avira AntiVirus as TR/Crypt.Xpack.156344

- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)

- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)

- G Data as Trojan.GenericKD.2191619 (Undefined)

- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)

- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)

- ESET NOD32 as Win32/Boaxxe.BR (Undefined)

- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)

- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)

- AVG as Inject2 (Undefined)

- Panda Antivirus as Trj/Genetic.gen (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\programdata\microsoft\security\client\temp\tmpdebc.exe

Publisher: The Eraser Project Out of Stock

Signer: ChengDu AoMei Tech Co., Ltd

MD5: a94e088375d00f1a30d10136e53dedf4

SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687

Created: 26/2/2015 6:15:13 PM

Detections: 2

Determination: Inconclusive

- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)

- AhnLab V3 Security as Trojan/Win32.MDA (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_net

Publisher:

MD5: af91c4d8b0efc5ff6a0c695c84a72bb1

SHA-1: d1581434b4f798f0cb56ba83a60e95759b03c27d

Created: 10/9/2014 7:55:34 PM

Detections: 9

Determination: Adware

- Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)

- Lavasoft Ad-Aware as Trojan.Downloader.JRBL (Undefined)

- avast! as Win32:GenMalicious-HQJ [Trj] (Undefined)

- Emsisoft Anti-Malware as Trojan.Downloader.JRBL (Undefined)

- F-Secure as Trojan.Downloader.JRBL (Undefined)

- Kaspersky as not-a-virus:AdWare.Win32.MultiPlug (Adware)

- Norman as Trojan.Downloader.JRBL (Undefined)

- AVG as Adware Generic5.BLZQ (Adware)

- Sophos as PUA 'MultiPlug' (of type Adware) (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\roaming\rainmeter\addons\path2ini\path2ini.exe

Publisher:

MD5: a8aed0ca674f91fbd199e862bbba4d4d

SHA-1: 03af1583280285287df53d942eea80889ed6ef16

Created: 30/3/2013 9:42:28 PM

Detections: 1

Determination: Ignore detections (false positive)

- SUPERAntiSpyware as Trojan.Agent/Gen-Kazy (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\roaming\rainmeter\addons\rainrgb\rainrgb.exe

Publisher:

MD5: 10d943829d77cccc694ff22ac880d9b6

SHA-1: c8fe0b226f98acaacd25ea678514707e71e64302

Created: 30/3/2013 9:42:28 PM

Detections: 1

Determination: Ignore detections (false positive)

- The Hacker as Trojan/Autoit.arq (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\roaming\utorrent\utorrent.exe

Publisher: BitTorrent Inc.

Signer: BitTorrent Inc

MD5: 42a6b5ef0b934efc529d0ee31e62c08e

SHA-1: 784baeeff866c62e427754a299703a76262f06ad

Created: 27/3/2013 9:56:49 PM

Detections: 24

Determination: Adware

- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)

- McAfee as Artemis!C769093B2C7E (Undefined)

- Malwarebytes as Trojan.FakeTor (Undefined)

- Norman as Troj_Generic.NUGRV (Undefined)

- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)

- avast! as Win32:Sality (Undefined)

- Bitdefender as Trojan.Generic.9795664 (Undefined)

- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)

- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)

- Comodo Security as UnclassifiedMalware (Undefined)

- F-Secure as Trojan.Generic.9795664 (Undefined)

- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)

- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)

- G Data as Trojan.Generic.9795664 (Undefined)

- IKARUS anti.virus as Virus.Win32.Sality (Undefined)

- Fortinet FortiGate as Riskware/Torrent (Undefined)

- ESET NOD32 as Win32/Bunndle (variant) (Undefined)

- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)

- Vba32 AntiVirus as Adware.iBryte (Adware)

- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)

- Bkav FE as W32.Clodc5c.Trojan (Undefined)

- K7 Gateway Antivirus as Riskware  (Undefined)

- K7 AntiVirus as Riskware (Undefined)

- Jiangmin as Trojan/Agent.ivsh (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\avira\antivir desktop\apnic.dll

Publisher: Ask.com

Signer: Ask.com

MD5: b28c334c03cee7c5e829c43ae75dae5a

SHA-1: 71435ddb11e00d0243380c4902324853fe4ece8f

Created: 9/3/2013 6:44:48 PM

Detections: 4

Determination: Adware

- Boost by Reason as Adware.Ask.H

- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

- Reason Heuristics as PUP.Ask.H (Adware)

- XVirus List as Win.Detected (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\avira\antivir desktop\apnstub.exe

Publisher: Ask.com

Signer: Ask.com

MD5: 93a912072351dfef975f12efad18bd9f

SHA-1: ffa8b6510d624a55f3eb7ffd6d5221a44944681c

Created: 9/3/2013 6:44:48 PM

Detections: 6

Determination: Adware

- Reason Heuristics as PUP.Ask.H (Adware)

- Dr.Web as Trojan.DownLoader7.16675 (Undefined)

- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

- Boost by Reason as Optional.Ask.H

- Filseclab Twister as W32.Bundled.Toolbar.Ask.lrsp (Undefined)

- XVirus List as Win.Detected (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe

Publisher: Ask

Signer: Ask.com

MD5: ad74cca501da08ef395e520d9c258f81

SHA-1: 1a3f14c0a66f9af050d1f34fbacbaadc31751a07

Created: 9/3/2013 6:44:48 PM

Detections: 4

Determination: Adware

- Reason Heuristics as PUP.Toolbar.Ask.T (Adware)

- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

- Antiy Labs AVL as Trojan/Win32.Autoit (Undefined)

- XVirus List as Win.Detected (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\avira\antivir desktop\offercast_avirav7_.exe

Publisher: Ask.com

Signer: Ask.com

MD5: ae88282d08916c00a324f6a269924ea9

SHA-1: 4b553651ef610c0614f8393d6c25aba0a8f09eca

Created: 2/7/2013 3:27:37 PM

Detections: 5

Determination: Adware

- Reason Heuristics as PUP.Installer.Ask.S (Adware)

- Antiy Labs AVL as Packed/Win32.Krap (Undefined)

- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)

- Filseclab Twister as Packed.Krap.in.fagj

- XVirus List as Win32.Detected (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\dodge.dll

Publisher:

MD5: d53907f6ee918f736b7ab865fa19089e

SHA-1: 89ad3e662ff67610115dafe6cd7c82bc32f154f5

Created: 29/11/2007 12:58:14 PM

Detections: 3

Determination: Inconclusive

- Bkav FE as HW32.CDB (Undefined)

- CMC Antivirus as Virus.Win32.Sality!O (Undefined)

- ByteHero BDV as Virus.Win32.Heur.c

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\gomtvstrm.dll

Publisher:

Signer: GRETECH

MD5: 43ef13e7913876a1f2aa3d1d475daa7a

SHA-1: 293bf473be95cffdbc9bbf01c70c2a1240775172

Created: 17/5/2011 8:49:30 AM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.GRETECH.J (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\gomweb3.dll

Publisher: Gretech Corp.

Signer: GRETECH

MD5: 01fc47255ecd30c8714659ded6f3a5eb

SHA-1: f32452057a2968b32a1a900a4e9a3f6af5d80e01

Created: 17/5/2011 8:49:32 AM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.GRETECH.H (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\gomwiz.exe

Publisher:

Signer: GRETECH

MD5: 093e2579db2533fcc05138507cbb6279

SHA-1: 4d0b43b33e0d137c420bafca764751a374d48f7c

Created: 12/4/2012 3:29:56 PM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.GRETECH.G (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\popup.exe

Publisher: Gretech Corporation

Signer: GRETECH

MD5: 9fd5cf6eefc965ac2f4dc45f14bd45c5

SHA-1: eedd5c2ea5494deed00e25f76283ac8286f81b42

Created: 18/4/2012 4:28:22 PM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.GRETECH.F (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\gretech\gomplayer\vsutil.dll

Publisher: Gretech Corp.

Signer: GRETECH

MD5: d0af9939daf22e3eba094daedd7c87d0

SHA-1: ac92b643e950b29eb8935867af18959a60131252

Created: 17/5/2011 8:49:30 AM

Detections: 1

Determination: Inconclusive

- Reason Heuristics as PUP.Optional.GRETECH.G (Adware)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\dcbass\bass_alac.dll

Publisher: MaresWEB

MD5: e5e6efa3505b93fc0962e9d4ead609e3

SHA-1: fb39a571f87b83e8f06dd60a82728acfea85048c

Created: 9/3/2013 7:14:03 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.CDB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\ffdshow\ffmpeg.dll

Publisher:

MD5: ad927ad14ba8cdb4e593647e585009ce

SHA-1: f3e7bdc1647d5b3cbf32ad562a1fb0435d085181

Created: 9/3/2013 7:13:56 PM

Detections: 1

Determination: Inconclusive

- Emsisoft Anti-Malware as Android.Trojan.GinerMaster.U (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\lav\avfilter-lav-3.dll

Publisher:

MD5: 3dad504968d0b2a6ff513ce0eb01a720

SHA-1: b67ed0a2ac4c1ab4286089263b4e73075cf7981a

Created: 9/3/2013 7:14:00 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.TsCabk (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\lav\avformat-lav-54.dll

Publisher:

MD5: 3ad891cdad8e149db843437d9be00bf2

SHA-1: 95e7139a9e56d0e382f2c946d7ef7e70da5e1c41

Created: 9/3/2013 7:14:00 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.TsCabk (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\lav\avutil-lav-51.dll

Publisher:

MD5: da95112cb978cf269d856fbb7258c170

SHA-1: 0f522826cc9eab550dc16b4adca3d1ce8e776409

Created: 9/3/2013 7:14:00 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.TsCabk (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\filters\lav\swscale-lav-2.dll

Publisher:

MD5: d06a9579cf3d19f17dfa434d28c2e859

SHA-1: a05491024b0fc4880069f54c8cbced3546e1891d

Created: 9/3/2013 7:14:00 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as HW32.TsCabk (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\icaros\avcodec-ics-54.dll

Publisher:

MD5: b22bf4198d4424a171114f45dddb9197

SHA-1: 3c8669ed8a651b4cb6bd6d9850e1d6e18ccb6cbc

Created: 9/3/2013 7:14:00 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\icaros\avformat-ics-54.dll

Publisher:

MD5: 5012a148b69616936bb23571adb9bb8c

SHA-1: e20f53a756a8b80cf527f275332ee814be5bf0cd

Created: 9/3/2013 7:14:01 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\icaros\avutil-ics-51.dll

Publisher:

MD5: de2ef430b79d150c9294ead1bf883925

SHA-1: 514997574ad81893f231e19efe882b5b95f90a2b

Created: 9/3/2013 7:14:01 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\icaros\swscale-ics-2.dll

Publisher:

MD5: 7964b2dfe7af5e7cb794bb577f46ff85

SHA-1: 72f66fe2c3db3c10b7f2eb9ce29745ac4cd57f1e

Created: 9/3/2013 7:14:01 PM

Detections: 1

Determination: Ignore detections (false positive)

- Bkav FE as W32.HfsAutoB (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\k-lite codec pack\tools\vobsubstrip.exe

Publisher:

MD5: afd4f735108a24d5112ac1fd661bec8b

SHA-1: ad4f8fc9683132c5b7b018a9f60821367817d405

Created: 9/3/2013 7:14:03 PM

Detections: 1

Determination: Ignore detections (false positive)

- The Hacker as Posible_Worm32 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\spybot - search & destroy 2\borlndmm.dll

Publisher: Borland Software Corporation

Signer: Safer Networking Ltd.

MD5: 88f54314e76eda9f6d1d9d6c40e36636

SHA-1: 6d6d95a4850d121a984bed451e6630b974fbfad6

Created: 24/2/2015 5:06:33 AM

Detections: 1

Determination: Ignore detections (false positive)

- CMC Antivirus as Packed.Win32.Obfuscated.10!O

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\spybot - search & destroy 2\av\scan.dll

Publisher: BitDefender

Signer: BitDefender SRL

MD5: 9b375bb63f99b113c065a5db4e632e23

SHA-1: 115edae4e06227fe6f8c66b28557a67b8c3218aa

Created: 24/2/2015 5:06:33 AM

Detections: 1

Determination: Ignore detections (false positive)

- Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\xilisoft\video converter ultimate\avformat.dll

Publisher:

MD5: f402e834b82f24efe1281a0fbf5b3206

SHA-1: 62a7b652399601887c2f6091ad3d23fc162aefa2

Created: 16/6/2008 4:05:00 PM

Detections: 2

Determination: Ignore detections (false positive)

- Emsisoft A-Squared as Virus.Win32.VunSpy!IK (Undefined)

- IKARUS anti.virus as Virus.Win32.VunSpy (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\xilisoft\video converter ultimate\avp.exe

Publisher:

MD5: 75802d63ce6460c6661cbebb97a687bf

SHA-1: e2075fdbbeb9a059b3d5177d9cd730b1b281ea43

Created: 23/6/2008 7:01:52 PM

Detections: 1

Determination: Inconclusive

- McAfee as New Win32.g4 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\xilisoft\video converter ultimate\ctrllibrary.dll

Publisher: TODO: <Company name>

MD5: d050a9e1be1ae81aab772c40ee67e197

SHA-1: 9cca6486653cdd90ab12b016b532d8bf71a111c2

Created: 24/6/2008 8:31:24 PM

Detections: 1

Determination: Ignore detections (false positive)

- Sunbelt AntiMalware as Trojan-Downloader.S (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\program files (x86)\xilisoft\video converter ultimate\uilang.dll

Publisher:

MD5: 2f952e1c0ebe7199638b0b63149b2988

SHA-1: 2ce03459e81d109e20a29e08b5643cfdf33d5cca

Created: 24/6/2008 8:31:26 PM

Detections: 1

Determination: Inconclusive

- Emsisoft Anti-Malware as Gen:Variant.Zusy.74011 (Undefined)

 

---------------------------------------------------------------------------------

 

File path: c:\users\user\appdata\local\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js

Publisher:

MD5: 9cf1f790be8c592b1cabac496ddeaa70

SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899

Created: 25/2/2015 7:16:23 PM

Detections: 1

Determination: Inconclusive

- Avira AntiVirus as GAME/Casino.Gen (Undefined)

[After rebooting, my computer is stuck on the welcome page]

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Home Basic x64

Ran by user on Mon 02/03/2015 at  8:44:56.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\prefs.js

 

user_pref("extensions.defaulttab.installdate", 1345453829);

user_pref("extensions.defaulttab.useNewTabWhiteList", false);

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\minidumps [144 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/03/2015 at  8:48:59.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[After rebooting, my computer is stuck on the welcome page]

Hi,

 

I've rebooted my pc and there's no "Regsvr32" notification anymore. Yay!

 

Anyway, here's the log for adware:

 

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 08:39:58

# Updated 18/02/2015 by Xplode

# Database : 2015-02-18.3 [server]

# Operating system : Windows 7 Home Basic  (x64)

# Username : user - USER-PC

# Running from : C:\Users\user\Downloads\Programs\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\ProgramData\apn

File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Key Deleted : HKLM\SOFTWARE\PerformerSoft

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

 

-\\ Google Chrome v40.0.2214.115

 

 

*************************

 

AdwCleaner[R0].txt - [2414 bytes] - [02/03/2015 08:36:41]

AdwCleaner[s0].txt - [2371 bytes] - [02/03/2015 08:39:58]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2430  bytes] ##########

[After rebooting, my computer is stuck on the welcome page]

Hello, 

 

when i ran the FRST, combofix log was shown:

ComboFix 15-02-16.01 - user 28/02/2015  19:14:52.2.4 - x64

Microsoft Windows 7 Home Basic   6.1.7600.0.1252.60.1033.18.2935.1890 [GMT 8:00]

Running from: c:\users\user\Downloads\Programs\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

.

.

(((((((((((((((((((((((((   Files Created from 2015-01-28 to 2015-02-28  )))))))))))))))))))))))))))))))

.

.

2015-02-28 11:20 . 2015-02-28 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-02-28 10:17 . 2015-02-28 10:17 151626 ----a-w- c:\programdata\Microsoft\Security\Client\temp\tmp86DF.exe

2015-02-23 21:06 . 2013-09-20 02:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe

2015-02-23 21:06 . 2015-02-23 21:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2015-02-23 21:06 . 2015-02-23 21:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2015-02-23 21:05 . 2015-02-23 21:05 -------- d-----w- c:\users\user\AppData\Local\Programs

2015-02-21 20:21 . 2015-02-28 10:18 -------- d-----w- c:\users\user\AppData\Local\Edstion

2015-02-21 20:21 . 2015-02-23 05:11 -------- d-----w- c:\users\user\AppData\Local\YlPack

2015-02-21 20:20 . 2015-02-21 20:20 2165760 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityHelper.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2012-04-21 77064]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-01-10 3825232]

"BitTorrent"="c:\users\user\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-06-08 1242704]

"Edstion"="c:\users\user\AppData\Local\Edstion\MMNotes.dll" [2015-02-28 1268736]

"YWLPack"="c:\users\user\AppData\Local\YlPack\lxsyicur.dll" [2015-02-21 1250304]

"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe

.

R3 GDMINIT;GCT Initial Device Driver;c:\windows\system32\DRIVERS\gdminit.sys;c:\windows\SYSNATIVE\DRIVERS\gdminit.sys [x]

R3 GdmUWm;Yes Go;c:\windows\system32\DRIVERS\gdmuwm.sys;c:\windows\SYSNATIVE\DRIVERS\gdmuwm.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 GCTWiMaxServiceD;Connect Service Daemon;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [x]

S2 GdmWmPrt;Yes Go Protocol Driver;c:\windows\system32\DRIVERS\gdmwmprt.sys;c:\windows\SYSNATIVE\DRIVERS\gdmwmprt.sys [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-02-20 05:29 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44]

.

2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WinSecurityProvider]

@="{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}"

[HKEY_CLASSES_ROOT\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}]

2015-02-21 20:20 2622464 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 415256]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mDefault_Search_URL = about:blank

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = about:blank

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)

Notify-SDWinLogon - SDWinLogon.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{52d62ba8-ee47-456d-8cca-3f2825ff4701}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000004f

"Therad"=dword:00000015

"SpecVersion"=dword:000000c6

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):8d,7c,f1,e8,77,53,7b,8a,e8,bf,3a,9c,46,80,92,f7,2d,49,9c,82,b1,

   dc,93,83,c4,52,32,de,5c,3e,29,c6,86,ab,ef,e2,60,0e,e6,f3,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\srvany.exe

c:\windows\KMService.exe

c:\windows\SysWOW64\regsvr32.exe

c:\windows\SysWOW64\regsvr32.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Completion time: 2015-02-28  19:27:24 - machine was rebooted

ComboFix-quarantined-files.txt  2015-02-28 11:27

ComboFix2.txt  2015-02-26 15:44

.

Pre-Run: 14,433,538,048 bytes free

Post-Run: 14,205,452,288 bytes free

.

- - End Of File - - 99793869AB9842A230BD6237799A48D8

A36C5E4F47E84449FF07ED3517B43A31

 

 

this is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015

Ran by user at 2015-03-02 08:31:15 Run:4

Running from C:\Users\user\Downloads

Loaded Profiles: user &  (Available profiles: user)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll

C:\Users\user\AppData\Local\YlPack\lxsyicur.dll

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION

C:\Users\user\AppData\Local\Edstion\MMNotes.dll 

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

C:\Users\user\AppData\Local\Temp\APNSetup.exe

C:\Users\user\AppData\Local\Temp\avgnt.exe

C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe

cmd: C:\ComboFix.txt

EmptyTemp:

end

 

 

 

*****************

 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully.

"C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully.

"C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.

C:\Users\user\AppData\Local\YlPack => Moved successfully.

C:\Users\user\AppData\Local\Edstion => Moved successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.

 

=========  C:\ComboFix.txt =========

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 148.5 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 08:33:26 ====

[After rebooting, my computer is stuck on the welcome page]

Hi, 

 

i've run mbar, and the diagnostic said that there's no malware found, even though my desktop still shows the "RegSvr32" problems. Here's the log

 

system log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7600 Windows 7 x64

 

Account is Administrative

 

Internet Explorer version: 8.0.7600.16385

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.527000 GHz

Memory total: 3077238784, free: 1288634368

 

Downloaded database version: v2015.03.01.04

Downloaded database version: v2015.02.25.01

Downloaded database version: v2014.12.06.01

Initializing...

======================

------------ Kernel report ------------

     03/02/2015 04:31:46

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\system32\DRIVERS\stdcfltn.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\Accelern.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\WinUSB.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\gdmwmprt.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

 

Scan started

Database versions:

  main:    v2015.03.01.04

  rootkit: v2015.02.25.01

 

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800326e990, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800326d990, DeviceName: Unknown, DriverName: \Driver\stdcfltn\

DevicePointer: 0xfffffa80031654e0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80031281f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1C34AD4E

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848  Numsec = 204593152

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 204800000  Numsec = 771971072

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7600 Windows 7 x64

 

Account is Administrative

 

Internet Explorer version: 8.0.7600.16385

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.527000 GHz

Memory total: 3077238784, free: 1254817792

 

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7600 Windows 7 x64

 

Account is Administrative

 

Internet Explorer version: 8.0.7600.16385

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.527000 GHz

Memory total: 3077238784, free: 1698705408

 

Downloaded database version: v2015.03.01.04

Downloaded database version: v2015.02.25.01

Downloaded database version: v2014.12.06.01

Initializing...

======================

------------ Kernel report ------------

     03/02/2015 05:20:22

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\system32\DRIVERS\stdcfltn.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\Accelern.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\WinUSB.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\gdmwmprt.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\idmwfp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

 

Scan started

Database versions:

  main:    v2015.03.01.04

  rootkit: v2015.02.25.01

 

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80033b0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800326bc80, DeviceName: Unknown, DriverName: \Driver\stdcfltn\

DevicePointer: 0xfffffa8003132520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80031271f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1C34AD4E

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848  Numsec = 204593152

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 204800000  Numsec = 771971072

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

 

 

log:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

www.malwarebytes.org

 

Database version:

  main:    v2015.03.01.04

  rootkit: v2015.02.25.01

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

user :: USER-PC [administrator]

 

2/3/2015 5:21:16 AM

mbar-log-2015-03-02 (05-21-16).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 352958

Time elapsed: 19 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

[After rebooting, my computer is stuck on the welcome page]

Hi, 

 

For C:\Users\user\AppData\Local\YlPack\lxsyicur.dll:

 

 

SHA256: 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340e File name: lxsyicur.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:20:35 UTC ( 0 minutes ago )

 

 File identification

MD5 c04dffc43f589d9dfc7340bf87348a1d

SHA1 5a7923c80be5a821993b3e93f7150e5229489571

SHA256 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340e

ssdeep

768:5uXcYEaSV1+Mqatc+bWNtTbXPlNA9zrWWuqV7alPJNqYTiUJ:4cjaW+7gWNRbf3AVcU4JNqYTrJ

File size 50.0 KB ( 51220 bytes )

File type unknown

Magic literal

data

TrID Unknown!

 VirusTotal metadata

First submission 2015-03-01 16:20:35 UTC ( 3 minutes ago )

Last submission 2015-03-01 16:20:35 UTC ( 3 minutes ago )

File names lxsyicur.lck

 

for C:\Users\user\AppData\Local\Edstion\MMNotes.dll

 

SHA256: db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03f File name: MMNotes.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:26:31 UTC ( 0 minutes ago )

 

 File identification

MD5 07ba31a552c1bfa792a233a5eaf43e56

SHA1 2e51365f6546b5f106d3e4e85c7a04b4fe093aa6

SHA256 db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03f

ssdeep

6144:9k+0kFQcySzZRpvugNhdlods5XbAugO5JKUKgYl5/rxLaeuqomrW:uVMQU/GgNJo6eOSF9rzueK

File size 231.5 KB ( 237076 bytes )

File type unknown

Magic literal

data

TrID Unknown!

 VirusTotal metadata

First submission 2015-03-01 16:26:31 UTC ( 0 minutes ago )

Last submission 2015-03-01 16:26:31 UTC ( 0 minutes ago )

File names MMNotes.lck

[After rebooting, my computer is stuck on the welcome page]

HI, 

 

Here are the two logs:

 

FRST: 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by user (administrator) on USER-PC on 01-03-2015 16:00:56

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Home Basic (X64) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

() C:\Program Files (x86)\WordWeb\wweb32.exe

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-01-10] (Tonec Inc.)

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [bitTorrent] => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} ->  No File

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js

FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\abs@avira.com [2014-08-29]

FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]

FF Extension: Duck Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{EBC0244A-6BA2-C2B1-09E6-948FC450C25A} [2015-02-22]

FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-21]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz

FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-01-10]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

 

Chrome: 

=======

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ABP ( Adblock Plus )) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]

CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]

CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-14]

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]

CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)

S4 GCTWiMaxServiceD; C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [569464 2013-06-06] (GCT Semiconductor, Inc.) [File not signed]

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-09] () [File not signed]

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)

S3 GDMINIT; C:\Windows\System32\DRIVERS\gdminit.sys [32768 2013-07-03] (GCT Semiconductor)

S3 GdmUWm; C:\Windows\System32\DRIVERS\gdmuwm.sys [111104 2013-07-03] (GCT Semiconductor, Inc.)

R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2013-07-03] (GCT Semiconductor, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-28] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-01 15:51 - 2015-03-01 15:51 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion

2015-03-01 06:57 - 2015-03-01 06:57 - 00000000 ____D () C:\ProgramData\APN

2015-03-01 05:31 - 2015-03-01 05:31 - 00279176 _____ () C:\Windows\Minidump\030115-24913-01.dmp

2015-03-01 05:20 - 2015-03-01 06:24 - 00001154 _____ () C:\Users\user\Desktop\Fixlist.txt

2015-02-28 23:06 - 2015-02-28 23:03 - 00005456 _____ () C:\Users\user\Desktop\RKreport_SCN_02282015_230229.log

2015-02-28 22:57 - 2015-02-28 22:57 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-02-28 22:57 - 2015-02-28 22:57 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-02-28 22:52 - 2015-02-28 22:52 - 00027093 _____ () C:\Users\user\Desktop\Addition.txt

2015-02-28 22:52 - 2015-02-28 22:52 - 00023373 _____ () C:\Users\user\Desktop\FRST.txt

2015-02-28 22:51 - 2015-03-01 15:52 - 00026408 _____ () C:\Users\user\Downloads\Addition.txt

2015-02-28 22:50 - 2015-03-01 16:01 - 00015405 _____ () C:\Users\user\Downloads\FRST.txt

2015-02-28 22:50 - 2015-03-01 16:01 - 00000000 ____D () C:\FRST

2015-02-28 21:39 - 2015-02-28 21:39 - 00279176 _____ () C:\Windows\Minidump\022815-23446-01.dmp

2015-02-28 21:33 - 2015-02-28 22:58 - 00002727 _____ () C:\Users\user\Desktop\malwarebyte help.txt

2015-02-28 21:03 - 2015-03-01 15:51 - 02092544 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2015-02-28 20:28 - 2015-02-28 20:28 - 00279176 _____ () C:\Windows\Minidump\022815-22557-01.dmp

2015-02-28 20:22 - 2015-02-28 20:22 - 00279176 _____ () C:\Windows\Minidump\022815-18064-01.dmp

2015-02-28 20:14 - 2015-02-28 20:14 - 00279176 _____ () C:\Windows\Minidump\022815-22869-01.dmp

2015-02-28 20:11 - 2015-03-01 05:31 - 00000000 ____D () C:\Windows\Minidump

2015-02-28 20:11 - 2015-02-28 20:11 - 00279176 _____ () C:\Windows\Minidump\022815-16645-01.dmp

2015-02-28 19:41 - 2015-03-01 06:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-28 19:40 - 2015-02-28 19:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-28 19:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-28 19:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-28 19:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-28 19:27 - 2015-02-28 19:27 - 00015519 _____ () C:\ComboFix.txt

2015-02-26 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-26 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-26 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-26 23:27 - 2015-02-28 19:27 - 00000000 ____D () C:\Qoobox

2015-02-26 23:26 - 2015-02-26 23:41 - 00000000 ____D () C:\Windows\erdnt

2015-02-26 19:51 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195132.backup

2015-02-26 19:50 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195036.backup

2015-02-26 19:45 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-194553.backup

2015-02-26 19:22 - 2015-02-26 19:22 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps

2015-02-24 23:36 - 2015-02-27 20:11 - 00000000 ____D () C:\Users\user\Desktop\TeMM

2015-02-24 10:53 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-105335.backup

2015-02-24 06:05 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-060503.backup

2015-02-24 05:07 - 2015-02-24 05:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-02-24 05:06 - 2015-02-24 05:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-02-24 05:06 - 2015-02-24 05:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-02-24 05:06 - 2015-02-24 05:06 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2015-02-24 05:06 - 2015-02-24 05:06 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2015-02-24 05:06 - 2015-02-24 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-02-24 05:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2015-02-23 15:14 - 2015-02-23 15:14 - 00032867 _____ () C:\Users\user\Downloads\Gintama 001-002 - You Jerks! And You Claim to Have Gintama.torrent

2015-02-23 14:57 - 2015-02-23 14:57 - 00055068 _____ () C:\Users\user\Downloads\(AnimeOut) Gintama (Season 1-4) (Complete Batch) (480p - 70MB - Encoded).torrent

2015-02-23 12:59 - 2015-02-28 20:11 - 00008720 _____ () C:\Windows\PFRO.log

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion

2015-02-10 00:14 - 2015-02-10 00:14 - 00002305 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk

2015-02-10 00:14 - 2015-02-10 00:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-05 19:27 - 2015-02-05 22:37 - 00000000 ____D () C:\Users\user\Desktop\BEL 311

2015-02-03 18:30 - 2015-03-01 15:59 - 00004734 _____ () C:\Windows\setupact.log

2015-02-03 18:30 - 2015-02-03 18:30 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-02 02:35 - 2015-02-02 02:35 - 00015708 _____ () C:\Users\user\Downloads\[kickass.so]goliyon.ki.raasleela.ram.leela.2014.1080p.dvdrip.x264team.ddh.rg.torrent

2015-01-30 22:40 - 2015-01-30 22:47 - 18485739 _____ () C:\Users\user\Downloads\Nagada Sang Dhol Song - Goliyon Ki Raasleela Ram-leela ft. Deepika Padukone, Ranveer Singh.mp4

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-01 15:59 - 2013-12-07 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-01 15:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-01 15:58 - 2014-08-25 23:33 - 00000000 ____D () C:\Windows\pss

2015-03-01 15:58 - 2013-03-09 18:30 - 01432345 _____ () C:\Windows\WindowsUpdate.log

2015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-01 06:54 - 2014-08-30 11:18 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-03-01 06:54 - 2014-08-30 11:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-03-01 06:54 - 2014-03-21 22:24 - 00000000 ____D () C:\ProgramData\Oracle

2015-03-01 06:54 - 2013-07-05 21:41 - 00000000 ____D () C:\Program Files (x86)\Java

2015-03-01 06:43 - 2013-12-07 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-01 05:29 - 2014-06-23 14:54 - 00000000 ____D () C:\temp

2015-03-01 05:22 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache

2015-03-01 01:19 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM

2015-02-28 22:49 - 2013-08-08 23:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent

2015-02-28 19:39 - 2014-01-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2015-02-28 19:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-28 03:41 - 2014-03-23 00:14 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-26 23:44 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default

2015-02-24 02:15 - 2013-06-11 23:17 - 00000000 ___RD () C:\Users\user\Desktop\all

2015-02-24 02:03 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\Downloads\Video

2015-02-23 15:47 - 2013-03-27 21:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2015-02-21 23:44 - 2013-06-23 16:35 - 00000000 ___RD () C:\Users\user\Documents\Homework

2015-02-15 23:55 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\Downloads\Compressed

2015-02-05 04:38 - 2013-12-07 22:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-05 04:38 - 2013-12-07 22:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-03 05:45 - 2013-03-09 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic

2015-02-03 05:01 - 2013-04-08 17:20 - 00000000 ____D () C:\Users\user\dwhelper

 

==================== Files in the root of some directories =======

 

2014-07-17 10:47 - 2014-07-17 10:47 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-26 20:11 - 2014-08-26 20:15 - 0000000 _____ () C:\Users\user\AppData\Local\{79B9CA41-C31A-434F-A63A-2D2644B63DF4}

 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\APNSetup.exe

C:\Users\user\AppData\Local\Temp\avgnt.exe

C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-24 14:48

 

==================== End Of Log ============================

 

 

 

Addition: 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015

Ran by user at 2015-03-01 16:02:11

Running from C:\Users\user\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.257 - Adobe Systems Incorporated)

Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

Connect (HKLM-x32\...\{0699889D-F7F8-48BE-8C2E-694599E72F0D}) (Version: 1.9.10.0 - YTL Communications)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1811.7429 - CyberLink Corp.)

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.40.5106 - Gretech Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 r1842 - )

Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)

VideoLAN VLC media player 0.8.4a (HKLM-x32\...\VLC media player) (Version: 0.8.4a - VideoLAN Team)

WEBook3 (HKLM-x32\...\com.adobe.example.WEBook3.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)

WEBook3 (x32 Version: 1.0 - UNKNOWN) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)

WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)

Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 5.0.60.0625 - Xilisoft)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

28-02-2015 19:13:15 ComboFix created restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:34 - 2015-02-28 19:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {3B37228C-C85B-480A-886C-2E7C57B5B321} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)

Task: {3F7F488F-4912-4746-93C4-7DC99AC972D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {600CB13C-D8DB-4D52-B7AC-BD6CD345738E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {636C01A7-02F4-4895-A463-770988CFCF94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {C43C20DF-4A38-4F76-963E-EB008F2E02AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {DCB30B26-F504-42E8-8C90-7C5B37222581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)

Task: {F17E3BB4-ECC6-4599-BE29-57F2E90A13DC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3343311198-1188524082-4047472181-1000

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2013-03-09 20:59 - 2010-10-01 09:48 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

2013-07-21 22:14 - 2012-04-21 15:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe

2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll

2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

2013-07-21 22:14 - 2012-04-21 11:30 - 02213120 ____N () C:\Windows\wweb32.dll

2013-07-21 22:14 - 2012-04-21 11:28 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll

2015-03-01 06:35 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2015-02-24 05:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2015-02-24 05:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2015-02-24 05:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AntiVirSchedulerService => 2

MSCONFIG\Services: btwdins => 2

MSCONFIG\Services: GCTWiMaxServiceD => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\Services: vcsFPService => 2

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup

MSCONFIG\startupreg: LaunchYTLCM => C:\Program Files (x86)\Yes\Connect\Connect.exe

MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3343311198-1188524082-4047472181-500 - Administrator - Disabled)

Guest (S-1-5-21-3343311198-1188524082-4047472181-501 - Limited - Disabled)

user (S-1-5-21-3343311198-1188524082-4047472181-1000 - Administrator - Enabled) => C:\Users\user

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)

Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome

 

Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

 

 

Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

.

 

Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

 

Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

 

Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0x15e0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0x9a0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0x1b20

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0xd1c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: idmBroker.exe, version: 6.18.7.1, time stamp: 0x527a42dd

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0xd54

Faulting application start time: 0xidmBroker.exe0

Faulting application path: idmBroker.exe1

Faulting module path: idmBroker.exe2

Report Id: idmBroker.exe3

 

Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73f74b02

Faulting process id: 0x12a8

Faulting application start time: 0xrundll32.exe0

Faulting application path: rundll32.exe1

Faulting module path: rundll32.exe2

Report Id: rundll32.exe3

 

 

System errors:

=============

Error: (03/01/2015 03:59:21 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 03:59:21 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.

 

Error: (03/01/2015 03:59:14 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 03:49:13 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 03:49:13 PM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.

 

Error: (03/01/2015 03:49:08 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 07:04:11 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 06:34:19 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.

 

Error: (03/01/2015 06:34:13 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

Error: (03/01/2015 06:33:31 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.

The computer with the IP address 192.168.1.5 did not allow the name to be claimed by

this computer.

 

 

Microsoft Office Sessions:

=========================

Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)

Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 

 

Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: 

Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

 

Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

 

Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

 

Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b0215e001d0534ec4e92162C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown05132150-bf42-11e4-8d58-f04da2ca9ba5

 

Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b029a001d0534e59861629C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown97cb225e-bf41-11e4-8d58-f04da2ca9ba5

 

Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b021b2001d0534dee26b47eC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown2c8e1644-bf41-11e4-8d58-f04da2ca9ba5

 

Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b02d1c01d0534d82c83d37C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownc09817b4-bf40-11e4-8d58-f04da2ca9ba5

 

Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: idmBroker.exe6.18.7.1527a42ddunknown0.0.0.000000000c000041d73f74b02d5401d0534d41249acbC:\Program Files (x86)\Internet Download Manager\idmBroker.exeunknown7ed68c98-bf40-11e4-8d58-f04da2ca9ba5

 

Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000041d73f74b0212a801d0534d3501479cC:\Windows\SysWOW64\rundll32.exeunknown72c1435d-bf40-11e4-8d58-f04da2ca9ba5

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-28 19:20:15.198

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-02-28 19:20:15.182

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-02-28 19:20:15.182

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-02-28 19:20:15.182

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-02-26 23:37:12.304

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-02-26 23:37:12.304

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU M 460 @ 2.53GHz

Percentage of memory in use: 35%

Total physical RAM: 2934.68 MB

Available physical RAM: 1883.02 MB

Total Pagefile: 5867.52 MB

Available Pagefile: 4569.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:97.56 GB) (Free:12.8 GB) NTFS

Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:45.65 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C34AD4E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[After rebooting, my computer is stuck on the welcome page]

Hi,

 

I can borrow my friend's pc if i have to, and i do have a flashdrive.

 

I've repeated the above process basically. This time the pc didn't crash, but there's no 2nd log generated anywhere even after i rebooted after changing the msconfig to normal.

Can you take a look at the printscreen of my desktop in the attachment- i got new "security alert"- which i assumed is still the trojan running around

 

so here's the first log:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01

Ran by user at 2015-03-01 06:32:18 Run:3

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()

C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864AC

FF SearchEngineOrder.1: Ask.com

EmptyTemp:

end

 

 

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider => Key not found. 

HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => Key not found. 

"C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key not found. 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google => Key not found. 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 

HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 

HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 

Firefox SearchEngineOrder.1 deleted successfully.

EmptyTemp: => Removed 107 KB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 06:32:33 ====

 

 

 

 

[After rebooting, my computer is stuck on the welcome page]

hello, 

 

I've tried rebooting after altering the msconfig to normal startup, and the pc restarted in normal mode. 

 

However, before i got to run FRST, the pc crashed and now i'm back to safe mode with networking again......

 

What should i do?

 

Also, thanks so much for helping me. I really appreciate this.

[After rebooting, my computer is stuck on the welcome page]

Hello Kevin, 

 

i've run FRST, and it asked to reboot. This is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01

Ran by user at 2015-03-01 05:21:17 Run:1

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()

C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864AC

FF SearchEngineOrder.1: Ask.com

EmptyTemp:

end

 

 

 

*****************

 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.

"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.

Could not move "C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B}" => Key deleted successfully.

HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 

"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1}" => Key deleted successfully.

HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 

Firefox SearchEngineOrder.1 deleted successfully.

EmptyTemp: => Removed 128.3 MB temporary data.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 05:23:55)<=

 

C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll => Is moved successfully.

 

==== End of Fixlog 05:23:55 ====

 

 

 

 

 

 

 

I'll post the 2nd log after i reboot normally shortly

[After rebooting, my computer is stuck on the welcome page]

Hello Kevin, 

 

Just finished running the roguekiller tool. Here's the report

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : user [Administrator]

Mode : Scan -- Date : 02/28/2015  23:02:29

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 24 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}  -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> Found

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] 321750dc2c25e7500ed178a32a5ab811

[bSP] ee4966fd2367ef4d406bfaff226a9519 : Windows Vista/7/8 MBR Code

Partition table:

User = LL1 ... OK

User = LL2 ... OK

 

RKreport_SCN_02282015_230229.log

[After rebooting, my computer is stuck on the welcome page]

Hello there, 

 

Thanks for the speedy reply.

 

1. I've uninstalled my bittorrent. 

2. I've run the farbar rec. Tool.Here's the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01

Ran by user (administrator) on USER-PC on 28-02-2015 22:50:35

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Home Basic (X64) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()

ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10269&src=crm&q={searchTerms}&locale=en_MY&apn_ptnrs=^AH0&apn_dtid=^YYYYYY^YY^MY&apn_uid=5999A74F-BF88-43C4-ADC2-B10D66563C13&apn_sauid=4FA54701-73F2-4FBB-9AFD-ADE0B2A864AC

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} ->  No File

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default

FF SearchEngineOrder.1: Ask.com

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js

FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\abs@avira.com [2014-08-29]

FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]

FF Extension: Duck Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{EBC0244A-6BA2-C2B1-09E6-948FC450C25A} [2015-02-22]

FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-21]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz

FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-01-10]

FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

 

Chrome: 

=======

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ABP ( Adblock Plus )) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]

CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]

CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-14]

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]

CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)

S4 GCTWiMaxServiceD; C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [569464 2013-06-06] (GCT Semiconductor, Inc.) [File not signed]

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-09] () [File not signed]

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)

S3 GDMINIT; C:\Windows\System32\DRIVERS\gdminit.sys [32768 2013-07-03] (GCT Semiconductor)

S3 GdmUWm; C:\Windows\System32\DRIVERS\gdmuwm.sys [111104 2013-07-03] (GCT Semiconductor, Inc.)

R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2013-07-03] (GCT Semiconductor, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-28 22:50 - 2015-02-28 22:51 - 00013570 _____ () C:\Users\user\Downloads\FRST.txt

2015-02-28 22:50 - 2015-02-28 22:50 - 00000000 ____D () C:\FRST

2015-02-28 21:39 - 2015-02-28 21:39 - 00279176 _____ () C:\Windows\Minidump\022815-23446-01.dmp

2015-02-28 21:33 - 2015-02-28 21:36 - 00002151 _____ () C:\Users\user\Desktop\malwarebyte help.txt

2015-02-28 21:03 - 2015-02-28 21:03 - 02087936 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2015-02-28 20:28 - 2015-02-28 20:28 - 00279176 _____ () C:\Windows\Minidump\022815-22557-01.dmp

2015-02-28 20:22 - 2015-02-28 20:22 - 00279176 _____ () C:\Windows\Minidump\022815-18064-01.dmp

2015-02-28 20:14 - 2015-02-28 20:14 - 00279176 _____ () C:\Windows\Minidump\022815-22869-01.dmp

2015-02-28 20:11 - 2015-02-28 21:39 - 00000000 ____D () C:\Windows\Minidump

2015-02-28 20:11 - 2015-02-28 20:11 - 00279176 _____ () C:\Windows\Minidump\022815-16645-01.dmp

2015-02-28 19:41 - 2015-02-28 20:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-28 19:40 - 2015-02-28 19:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-28 19:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-28 19:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-28 19:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-28 19:27 - 2015-02-28 19:27 - 00015519 _____ () C:\ComboFix.txt

2015-02-26 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-26 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-26 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-26 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-26 23:27 - 2015-02-28 19:27 - 00000000 ____D () C:\Qoobox

2015-02-26 23:26 - 2015-02-26 23:41 - 00000000 ____D () C:\Windows\erdnt

2015-02-26 19:51 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195132.backup

2015-02-26 19:50 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195036.backup

2015-02-26 19:45 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-194553.backup

2015-02-26 19:22 - 2015-02-26 19:22 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps

2015-02-24 23:36 - 2015-02-27 20:11 - 00000000 ____D () C:\Users\user\Desktop\TeMM

2015-02-24 10:53 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-105335.backup

2015-02-24 06:05 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-060503.backup

2015-02-24 05:07 - 2015-02-24 05:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-02-24 05:06 - 2015-02-24 05:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-02-24 05:06 - 2015-02-24 05:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-02-24 05:06 - 2015-02-24 05:06 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2015-02-24 05:06 - 2015-02-24 05:06 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2015-02-24 05:06 - 2015-02-24 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-02-24 05:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2015-02-23 15:14 - 2015-02-23 15:14 - 00032867 _____ () C:\Users\user\Downloads\Gintama 001-002 - You Jerks! And You Claim to Have Gintama.torrent

2015-02-23 14:57 - 2015-02-23 14:57 - 00055068 _____ () C:\Users\user\Downloads\(AnimeOut) Gintama (Season 1-4) (Complete Batch) (480p - 70MB - Encoded).torrent

2015-02-23 12:59 - 2015-02-28 20:11 - 00008720 _____ () C:\Windows\PFRO.log

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack

2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion

2015-02-10 00:14 - 2015-02-10 00:14 - 00002305 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk

2015-02-10 00:14 - 2015-02-10 00:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-05 19:27 - 2015-02-05 22:37 - 00000000 ____D () C:\Users\user\Desktop\BEL 311

2015-02-03 18:30 - 2015-02-28 21:52 - 00004286 _____ () C:\Windows\setupact.log

2015-02-03 18:30 - 2015-02-03 18:30 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-02 02:35 - 2015-02-02 02:35 - 00015708 _____ () C:\Users\user\Downloads\[kickass.so]goliyon.ki.raasleela.ram.leela.2014.1080p.dvdrip.x264team.ddh.rg.torrent

2015-01-30 22:40 - 2015-01-30 22:47 - 18485739 _____ () C:\Users\user\Downloads\Nagada Sang Dhol Song - Goliyon Ki Raasleela Ram-leela ft. Deepika Padukone, Ranveer Singh.mp4

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-28 22:49 - 2013-08-08 23:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent

2015-02-28 22:44 - 2013-12-07 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-28 22:00 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-28 22:00 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-28 21:55 - 2013-03-09 18:30 - 01416657 _____ () C:\Windows\WindowsUpdate.log

2015-02-28 21:52 - 2013-12-07 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-28 21:52 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-28 21:51 - 2014-08-25 23:33 - 00000000 ____D () C:\Windows\pss

2015-02-28 20:10 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache

2015-02-28 19:39 - 2014-01-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2015-02-28 19:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-28 03:41 - 2014-03-23 00:14 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-28 03:34 - 2014-06-23 14:54 - 00000000 ____D () C:\temp

2015-02-26 23:44 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default

2015-02-24 02:15 - 2013-06-11 23:17 - 00000000 ___RD () C:\Users\user\Desktop\all

2015-02-24 02:03 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\Downloads\Video

2015-02-23 15:47 - 2013-03-27 21:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2015-02-21 23:44 - 2013-06-23 16:35 - 00000000 ___RD () C:\Users\user\Documents\Homework

2015-02-15 23:55 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\Downloads\Compressed

2015-02-05 04:38 - 2013-12-07 22:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-05 04:38 - 2013-12-07 22:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-03 05:45 - 2013-03-09 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic

2015-02-03 05:44 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM

2015-02-03 05:01 - 2013-04-08 17:20 - 00000000 ____D () C:\Users\user\dwhelper

 

==================== Files in the root of some directories =======

 

2014-07-17 10:47 - 2014-07-17 10:47 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-26 20:11 - 2014-08-26 20:15 - 0000000 _____ () C:\Users\user\AppData\Local\{79B9CA41-C31A-434F-A63A-2D2644B63DF4}

 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\avgnt.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-24 14:48

 

==================== End Of Log ============================

 

 

Addition.txt

[After rebooting, my computer is stuck on the welcome page]

Hi, 

 

Since the time i posted this, I've tried various ways to start my pc normally, and I found one from:

http://www.pvladov.com/2012/08/windows-7-stuck-on-welcome-screen.html

 

I did the first process recommended by the author and Voila! Everything is ok so far, but pls tell me if this is not the right way of resolving the problem. Thanks

 

What I did in Safe mode:

1. Click the Start menu, enter "msconfig" and hit Enter
2. On the General tab click Selective Startup
3. Clear the Load Startup items check box
4. Click the Services tab, click Hide All Microsoft Services to select it and then click the Disable All button
5. Click OK and restart your computer

[After rebooting, my computer is stuck on the welcome page]

Hello,

 

There's a similar topic on this by another user, but the post was closed. So I still can't find solution to this

 

I have  a problem as my Avira constantly detected TR/Miuref.Gen.A in my pc. I've tried spybot and Combofix, but every time  the window starts, the problem persists. So i'm stuck cleaning this manually for days now and i'm stuck in a loop because the problem repeats whenever i start my pc. So today i decided to try MBAM, so I ran the program just now on my Win 7 PC, and it detected 30+ things and asked me to reboot, so I did.

 

The problem is now, I can't seem to start my pc. I'm stuck on the black screen welcoming page, and the only way i can access the computer is through safe mode (which i am using now). 

 

Can someone help me with this? I only have 1 pc and i use it a LOT. I'm beyond desperate. 

 

 

Thank you in advance for your time and help