Infected and no idea how to remove.

Ageel · August 27, 2013

Initial problems: Website redirection to ilivid, wizard 101, jollywallet pop ups...etc. System restore was turned off by virus (es?), earlier restore points deleted, unable to update MBAM. Was finally able to turn on System restore, but previous points still deleted, now able to update MBAM. I updated it, ran a quick and a full scan, and a boot time scan. I also ran scans with SuperAntiSpyware and Avast. There were detections, which I removed from my system, but I still am having issues with my browsers being redirected! I use FF, Chrome and IE, all have been updated to the current release.

Alot of times when I click on a link, I am redirected to one of the aforementioned sites. I have ran scans multiple times and rebooted multiple times, but I still keep getting the same problem when using all 3 browsers. Your assistance will be greatly appreciated. I have attached the dds.txt, attach.txt and the mbam log. Let me know if I need to include anything else. Thanks.attach.txt dds.txt mbam-log-2013-08-27 (10-53-36).txt

MrCharlie · August 27, 2013

Welcome to the forum.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Please disable Defender, you have Avast running. Two anti-virus programs on the system only conflict with each other and provide spotty protection.

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

Then.......

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Ageel · August 28, 2013

Thanks in advance for all your assistance. I did as you suggested. I turned off Defender, disabled utorrent and deleted whatever keygens/cracks I could find. I ran RogueKiller 64bit and closed it out without fixing anything.

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Aguugz [Admin rights]

Mode : Scan -- Date : 08/28/2013 08:58:20

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [7] -> KILLED [TermProc]

[sUSP PATH] NDSPCShowServer.exe -- C:\Users\Aguugz\AppData\Local\DIRECTV Player\NDSPCShowServer.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2531113335-1326481275-3410773886-1000\[...]\Run : Google Update ("C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2531113335-1326481275-3410773886-1000\[...]\Run : PCShowServer ("C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [7]) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:10081) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 9 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA : C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA : C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] KMS Activation for Office : C:\Windows\KMSAct.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤

[FF][PROXY] f57z29r6.default : user_pref("network.proxy.hxxp", "proxy1.emirates.net.ae"); -> FOUND

[FF][PROXY] f57z29r6.default : user_pref("network.proxy.hxxp_port", 8080); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - E:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD15EADS-22P8B0 +++++

--- User ---

[MBR] 580179ec5e8903d9c640981d3e43395a

[bSP] 5553c15a8ce7c12c984c57ef7254606f : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11720 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24006656 | Size: 122 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24258150 | Size: 1418953 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD15EADS-22P8B0 +++++

--- User ---

[MBR] 105496f9069088d6aa438dbbc69b9e71

[bSP] 3ef1edbd72062b7c3931aab2ef2db7bf : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 432201 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885165433 | Size: 521657 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD15EADS-22P8B0 +++++

--- User ---

[MBR] 80437cd8b9e3133868a6b0722d39af1b

[bSP] 9b6ebbf7c1a08cbb9ccbeeaea6641cdb : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476907 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_08282013_085820.txt >>

Let me know if you need any further information.

Regards,

Ageel

MrCharlie · August 28, 2013

I suggest you uninstall FreeOnlineRadioPlayerRecorder Toolbar:
http://www.systemlookup.com/CLSID/72016-tbFree_dll_tbFre0_dll_tbFre1_dll_tbFre2_dll_prxtbFree_dll_prxtbFre0_dll_prxtbFre1_dll_prxtbFre2_dll_prxtbFre3_dll.html

-----------------------------

Lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall
If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Ageel · August 28, 2013

Should I disable Avast prior to running mbar? Thanks.

MrCharlie · August 28, 2013

You shouldn't have to.....MrC

Ageel · August 28, 2013

MrCharlie,

I did as you instructed. Scan didn't find anything. I still am being redirected to the sites I talked about previously. When url is being redirected, the address displays fastfreeconverter for a split second and then ilivid, wizard 101, or other websites are displayed.

mbar-log-2013-08-28 (13-14-13).txt

system-log.txt

MrCharlie · August 28, 2013

Relax, we're not done yet....

Next.....

Make sure you create a new system restore point before running ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Ageel · August 28, 2013

MrCharlie,

Per your request, I have ran ComboFix and attached the txt file. Thanks again for all your invaluable assistance.

ComboFix.txt

MrCharlie · August 28, 2013

OK...Next:

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Ageel · August 28, 2013

AdwCleaner report: I didn't need anything listed. Followed your instructions and did a clean on second run.

# AdwCleaner v3.001 - Report created 28/08/2013 at 15:34:52

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Aguugz - AGUUGZ-PC

# Running from : C:\Users\Aguugz\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END

Folder Found : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm

Folder Found : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}

Folder Found C:\Program Files\Babylon

Folder Found C:\ProgramData\Partner

Folder Found C:\Users\Aguugz\AppData\Local\Bundled software uninstaller

Folder Found C:\Users\Aguugz\AppData\Local\PackageAware

Folder Found C:\Users\Aguugz\AppData\LocalLow\Conduit

Folder Found C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\jetpack

Folder Found C:\Users\Freya\AppData\Local\Babylon

Folder Found C:\Users\Freya\AppData\LocalLow\Conduit

Folder Found C:\Users\Hasna\AppData\Local\Babylon

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\BI

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Imesh

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : [x64] HKCU\Software\BI

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Imesh

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\prefs.js ]

Line Found : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);

Line Found : user_pref("extensions.enabledItems", "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1,foxyproxy@eric.h.jung:2.22.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6,mgDownloadHelper@yevgenyandrov.net:1.0.2,{D[...]

Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]

Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v

[ File : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5775 octets] - [28/08/2013 15:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5835 octets] ##########

MrCharlie · August 28, 2013

OK, lots of adware/spyware found...continue on....MrC

Ageel · August 28, 2013

Post Reboot AdwCleaner report: Am now running JRT. MBAM and Avast disabled.

# AdwCleaner v3.001 - Report created 28/08/2013 at 15:39:13

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Aguugz - AGUUGZ-PC

# Running from : C:\Users\Aguugz\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Program Files\Babylon

Folder Deleted : C:\Users\Aguugz\AppData\Local\Bundled software uninstaller

Folder Deleted : C:\Users\Aguugz\AppData\Local\PackageAware

Folder Deleted : C:\Users\Aguugz\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Freya\AppData\Local\Babylon

Folder Deleted : C:\Users\Freya\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Hasna\AppData\Local\Babylon

Folder Deleted : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\jetpack

Folder Deleted : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}

Folder Deleted : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm

File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Imesh

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\prefs.js ]

Line Deleted : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);

Line Deleted : user_pref("extensions.enabledItems", "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1,foxyproxy@eric.h.jung:2.22.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6,mgDownloadHelper@yevgenyandrov.net:1.0.2,{D[...]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v

[ File : C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5931 octets] - [28/08/2013 15:34:52]

AdwCleaner[R1].txt - [5991 octets] - [28/08/2013 15:37:10]

AdwCleaner[s0].txt - [5813 octets] - [28/08/2013 15:39:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5873 octets] ##########

MrCharlie · August 28, 2013

OK, let me know.....MrC

Ageel · August 28, 2013

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by Aguugz on Wed 08/28/2013 at 15:46:32.66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2737658

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Aguugz\appdata\locallow\fast free converter"

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{2873E0C3-6B28-407D-9970-5A6783C6953A}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{3978AF7D-C676-4F97-B81F-B696170DEC2F}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{833E80C8-DB72-4C77-88FD-3F7A4EC3AA9E}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{88CDE7D6-00E1-4C3C-8CE6-A9AFD7D74DC2}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{A6F2D022-EF7E-4B95-BA33-12757A6D3A8D}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{C3E957BD-ECEC-43EE-8757-8EF690C64B99}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{F18B5DAD-9CBD-4E21-A8EA-0D787819B15D}

Successfully deleted: [Empty Folder] C:\Users\Aguugz\appdata\local\{FB5BF2F8-A0D7-45DE-81EE-E942739CC321}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 08/28/2013 at 15:52:26.61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ageel · August 28, 2013

MBAM Log: Says no malware detected, but still getting website redirection!! Oh well, might just have to reinstall Windows 7 again!

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.28.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Aguugz :: AGUUGZ-PC [administrator]

Protection: Disabled

8/28/2013 5:20:24 PM

mbam-log-2013-08-28 (17-20-24).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 330301

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Ageel · August 28, 2013

MBAM Log: Says no malware detected, but still getting website redirection!! Oh well, might just have to reinstall Windows 7 again!

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.28.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Aguugz :: AGUUGZ-PC [administrator]

Protection: Disabled

8/28/2013 5:20:24 PM

mbam-log-2013-08-28 (17-20-24).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 330301

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · August 28, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Ageel · August 28, 2013

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013

Ran by Aguugz (administrator) on 28-08-2013 18:02:55

Running from C:\Users\Aguugz\Desktop\IT Toolkit

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

() C:\ProgramData\TVersity\Media Server\MediaServer.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

(Akamai Technologies, Inc.) C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe

(NDS Technologies) C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

(Akamai Technologies, Inc.) C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe

() C:\Users\Aguugz\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

(Dropbox, Inc.) C:\Users\Aguugz\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Aguugz\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\SnippingTool.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Google Inc.) C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\THXCfg64.dll [17920 2009-09-30] (Creative Technology Ltd.)

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [bluetooth Connection Assistant] - LBTWIZ.EXE -silent [x]

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Aguugz\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Run: [PCShowServer] - C:\Users\Aguugz\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)

HKCU\...\Run: [speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()

HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [959488 2009-09-03] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)

HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)

HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()

HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()

HKU\Freya\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)

HKU\Freya\...\Run: [Google Update] - C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-25] (Google Inc.)

HKU\Freya\...\Run: [EPSON TX800FW Series (Copy 1)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMP.EXE /FU "C:\Users\Freya\AppData\Local\Temp\E_S5708.tmp" /EF "HKCU" [x]

HKU\Freya\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [x]

HKU\Hasna\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-26] (Google Inc.)

HKU\Mcx1-AGUUGZ-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION

HKU\UpdatusUser\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-08-21] ()

Startup: C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Aguugz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: 127.0.0.1:10081

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://sslvpn.tmhs.org/CACHE/stc/7/binaries/vpnweb.cab

DPF: HKLM-x32 {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer.custhelp.com/euf/assets/activex/snret.cab

DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6267/mcfscan.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.10

FireFox:

========

FF ProfilePath: C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default

FF NetworkProxy: "backup.ftp", "proxy1.emirates.net.ae"

FF NetworkProxy: "backup.ftp_port", 8080

FF NetworkProxy: "backup.gopher", "proxy1.emirates.net.ae"

FF NetworkProxy: "backup.gopher_port", 8080

FF NetworkProxy: "backup.socks", "proxy1.emirates.net.ae"

FF NetworkProxy: "backup.socks_port", 8080

FF NetworkProxy: "backup.ssl", "proxy1.emirates.net.ae"

FF NetworkProxy: "backup.ssl_port", 8080

FF NetworkProxy: "ftp", "proxy1.emirates.net.ae"

FF NetworkProxy: "ftp_port", 8080

FF NetworkProxy: "gopher", "proxy1.emirates.net.ae"

FF NetworkProxy: "gopher_port", 8080

FF NetworkProxy: "http", "proxy1.emirates.net.ae"

FF NetworkProxy: "http_port", 8080

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "proxy1.emirates.net.ae"

FF NetworkProxy: "socks_port", 8080

FF NetworkProxy: "socks_remote_dns", true

FF NetworkProxy: "ssl", "proxy1.emirates.net.ae"

FF NetworkProxy: "ssl_port", 8080

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File

FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aguugz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Aguugz\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aguugz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Aguugz\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: DoNotTrackMe - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\donottrackplus@abine.com

FF Extension: FoxyProxy Basic - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\foxyproxy@eric.h.jung

FF Extension: MaskMe - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\idme@abine.com

FF Extension: MegaUpload DownloadHelper - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\mgDownloadHelper@yevgenyandrov.net

FF Extension: DownloadHelper - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: FoxLingo - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi

FF Extension: mp3rocketdownloader - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\mp3rocketdownloader@mp3rocket.me.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\sfStatistics.xml

FF Extension: thumbnailZoom - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\thumbnailZoom@dadler.github.com.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{891f0410-aaa2-11e0-9f1c-0800200c9a66}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF Extension: No Name - C:\Users\Aguugz\AppData\Roaming\Mozilla\Firefox\Profiles\f57z29r6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aguugz\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (Google Talk Plugin) - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Aguugz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File

CHR Plugin: (Unity Player) - C:\Users\Aguugz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Entanglement) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_1

CHR Extension: (reddit companion) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0

CHR Extension: (TV) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0

CHR Extension: (Chinese Tutor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae\8_0

CHR Extension: (Google Calendar) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (SiteAdvisor) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0

CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0

CHR Extension: (AdBlock) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_1

CHR Extension: (avast! Online Security) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0

CHR Extension: (Hover Free) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj\1.0.11_0

CHR Extension: (RealDownloader) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0

CHR Extension: (Zoho Chat) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhciionmiegecfdffhjlcfanhikpppf\1.1_1

CHR Extension: (Analytics Blocker) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0

CHR Extension: (Alarm Clock Radio) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi\1.7_1

CHR Extension: (Until AM) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0

CHR Extension: (Skype Click to Call) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0

CHR Extension: (Poppit) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0

CHR Extension: (Reddit Infinite Scrolling) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcdiindjnabamiehkinpjhkihgfanof\1.2_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (ezLinkPreview) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkcfbiefgdaceeplickkkmifpicbpcc\5.33_0

CHR Extension: (Hover Zoom) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0

CHR Extension: (SwiftPreview) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphfkpgklibhnhgegdblhnhicgfginnj\2.2.4_0

CHR Extension: (My Chrome Theme) - C:\Users\Aguugz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_1

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)

R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)

R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()

R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc.)

R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)

R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()

S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()

R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-28 18:01 - 2013-08-28 18:02 - 00000000 ____D C:\Users\Aguugz\Desktop\IT Toolkit

2013-08-28 15:52 - 2013-08-28 15:52 - 00001673 _____ C:\Users\Aguugz\Desktop\JRT.txt

2013-08-28 15:46 - 2013-08-28 15:46 - 00000000 ____D C:\Windows\ERUNT

2013-08-28 15:45 - 2013-08-28 15:45 - 01021434 _____ (Thisisu) C:\Users\Aguugz\Desktop\JRT.exe

2013-08-28 15:34 - 2013-08-28 15:39 - 00000000 ____D C:\AdwCleaner

2013-08-28 15:09 - 2013-08-28 15:09 - 01656459 _____ C:\Users\Aguugz\Desktop\winrar-x64-420.exe

2013-08-28 14:57 - 2013-08-28 14:57 - 00033076 _____ C:\Users\Aguugz\Desktop\combofix.txt

2013-08-28 14:56 - 2013-08-28 14:56 - 00033076 _____ C:\ComboFix.txt

2013-08-28 14:27 - 2013-08-28 14:56 - 00000000 ____D C:\Qoobox

2013-08-28 14:27 - 2013-08-28 14:51 - 00000000 ____D C:\Windows\erdnt

2013-08-28 14:27 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-28 14:27 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-28 14:27 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-28 14:27 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-28 14:27 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-28 14:27 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-28 14:27 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-28 14:27 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-28 14:22 - 2013-08-28 14:22 - 05114728 ____R (Swearware) C:\Users\Aguugz\Desktop\ComboFix.exe

2013-08-28 12:57 - 2013-08-28 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-28 12:53 - 2013-08-28 13:35 - 00000000 ____D C:\Users\Aguugz\Desktop\mbar

2013-08-28 12:42 - 2013-08-28 12:51 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Aguugz\Desktop\mbar-1.07.0.1005.exe

2013-08-28 12:37 - 2013-08-28 12:39 - 09876312 _____ (PC Tools ) C:\Users\Aguugz\Desktop\tfinstall.exe

2013-08-28 11:41 - 2013-08-28 14:18 - 967039928 _____ C:\Users\Aguugz\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso

2013-08-28 08:58 - 2013-08-28 08:58 - 00006940 _____ C:\Users\Aguugz\Desktop\RKreport[0]_S_08282013_085820.txt

2013-08-28 08:56 - 2013-08-28 11:38 - 00000000 ____D C:\Users\Aguugz\Desktop\RK_Quarantine

2013-08-28 08:50 - 2013-08-28 08:50 - 03771904 _____ C:\Users\Aguugz\Desktop\RogueKillerX64.exe

2013-08-27 16:08 - 2013-08-27 16:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Aguugz\Desktop\MicrosoftFixit.wu.LB.2730106675446385.1.1.Run.exe

2013-08-27 13:31 - 2013-08-28 15:42 - 00015102 _____ C:\Windows\PFRO.log

2013-08-27 11:25 - 2013-08-28 15:43 - 00000728 _____ C:\Windows\setupact.log

2013-08-27 11:25 - 2013-08-27 11:25 - 00000000 _____ C:\Windows\setuperr.log

2013-08-27 10:51 - 2013-08-27 10:51 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Malwarebytes

2013-08-27 10:50 - 2013-08-27 10:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 10:50 - 2013-08-27 10:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-27 10:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-27 10:24 - 2013-08-27 10:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Aguugz\Downloads\mbam-clean-1.60.2.0003.exe

2013-08-26 22:25 - 2013-08-26 22:25 - 00332732 _____ C:\Users\Aguugz\Documents\cc_20130826_222511.reg

2013-08-26 22:23 - 2013-08-28 13:19 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-08-26 21:13 - 2013-08-26 21:13 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-08-26 21:13 - 2013-08-26 21:13 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-08-26 21:13 - 2013-08-26 21:13 - 00000000 ____D C:\Program Files\CCleaner

2013-08-26 21:12 - 2013-08-26 21:13 - 04454952 _____ (Piriform Ltd) C:\Users\Aguugz\Downloads\ccsetup405.exe

2013-08-26 20:59 - 2013-08-26 20:59 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-26 20:43 - 2013-08-28 15:44 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000

2013-08-26 15:06 - 2013-08-28 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job

2013-08-26 15:06 - 2013-08-28 02:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job

2013-08-26 15:06 - 2013-08-26 15:06 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac

2013-08-26 15:06 - 2013-08-26 15:06 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735

2013-08-26 15:05 - 2013-08-27 10:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-08-26 15:05 - 2013-08-26 15:05 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\SUPERAntiSpyware.com

2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-08-26 13:32 - 2013-08-26 13:34 - 27229688 _____ (SUPERAntiSpyware) C:\Users\Aguugz\Downloads\SUPERAntiSpyware.exe

2013-08-26 13:31 - 2013-08-26 13:31 - 00001087 _____ C:\Users\Aguugz\Desktop\Continue Download Helper Installation.lnk

2013-08-26 12:55 - 2013-08-26 12:55 - 02347384 _____ (ESET) C:\Users\Aguugz\Downloads\esetsmartinstaller_enu.exe

2013-08-26 12:37 - 2013-08-28 15:44 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000

2013-08-26 12:18 - 2013-08-27 15:06 - 00038199 _____ C:\Users\Aguugz\Desktop\dds.txt

2013-08-26 12:18 - 2013-08-27 15:06 - 00013388 _____ C:\Users\Aguugz\Desktop\attach.txt

2013-08-26 11:52 - 2013-08-26 12:30 - 492597008 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\WindowsXPMode_en-us (1).exe

2013-08-26 11:41 - 2013-08-26 11:41 - 01528184 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\GenuineCheck.exe

2013-08-26 11:37 - 2013-08-26 11:37 - 00688992 ____R (Swearware) C:\Users\Aguugz\Downloads\dds.com

2013-08-26 10:47 - 2013-08-26 10:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aguugz\Downloads\iexplorer.exe

2013-08-22 15:54 - 2013-08-22 15:54 - 00000000 ____D C:\Users\Aguugz\.shsh

2013-08-22 15:31 - 2013-08-22 15:31 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iTunes

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iPod

2013-08-22 15:16 - 2013-06-25 15:00 - 07197696 _____ (iH8sn0w) C:\Users\Aguugz\Desktop\iFaith-v1.5.9.exe

2013-08-22 15:02 - 2013-08-22 15:02 - 00000000 ____D C:\Program Files (x86)\File Type Helper

2013-08-20 12:45 - 2013-08-02 13:51 - 00000000 ____D C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT

2013-08-20 12:43 - 2013-08-20 12:44 - 20285559 _____ C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT.zip

2013-08-19 09:09 - 2013-08-19 09:09 - 00029025 _____ C:\Users\Aguugz\Downloads\2BEC9E4483366D4F20A97B800E341B127DE410CE.torrent

2013-08-19 09:07 - 2013-08-19 09:07 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB (1).torrent

2013-08-19 08:51 - 2013-08-19 08:51 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB.torrent

2013-08-14 14:30 - 2013-08-14 14:30 - 00057128 _____ C:\Users\Aguugz\Downloads\42CB1476FA750F9BBDA16432AF40A74DF8EF5D78.torrent

2013-08-14 14:29 - 2013-08-14 14:29 - 00029213 _____ C:\Users\Aguugz\Downloads\562ECB0EA9C457FFCE506F14A594566A2F29F85A.torrent

2013-08-14 13:56 - 2013-08-14 13:56 - 00057194 _____ C:\Users\Aguugz\Downloads\83A7A73A9608D62BF7B906B96BA7A4B87203078B.torrent

2013-08-14 13:55 - 2013-08-14 13:55 - 00028949 _____ C:\Users\Aguugz\Downloads\EA5C135B25751C2C6C4D659502A2A67C0973E2F0.torrent

2013-08-14 13:52 - 2013-08-14 13:52 - 00014996 _____ C:\Users\Aguugz\Downloads\77CCD7CA50D887CB888692334DFDEE638DAB3821.torrent

2013-08-14 13:51 - 2013-08-14 13:51 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C (1).torrent

2013-08-14 13:50 - 2013-08-14 13:50 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C.torrent

2013-08-14 12:10 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 12:10 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 12:10 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 12:10 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 12:10 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 12:10 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 12:10 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 12:10 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 12:10 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 12:10 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 12:09 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 12:09 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 12:09 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 12:09 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 12:09 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 12:09 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 12:09 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 12:09 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 12:09 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 12:09 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-13 17:19 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-13 17:19 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-13 17:19 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-13 17:19 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-13 17:19 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-13 17:19 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-13 17:19 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-13 17:19 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-13 17:19 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-13 17:19 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-13 17:19 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-13 17:19 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-13 17:19 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-13 17:19 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-13 17:19 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-13 17:19 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-13 17:19 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-13 17:19 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-13 17:19 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-13 17:19 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-13 17:19 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-13 17:19 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-13 17:19 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-13 17:19 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-13 17:19 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-13 17:19 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-13 17:19 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-06 15:25 - 2013-08-06 15:25 - 00343846 _____ C:\Users\Aguugz\Desktop\COCCL - Room List 08-06-13.txt

2013-08-06 15:07 - 2013-08-06 15:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-06 10:13 - 2013-08-06 10:13 - 00000857 _____ C:\Users\Aguugz\Desktop\µTorrent.lnk

2013-08-06 10:13 - 2013-08-06 10:13 - 00000837 _____ C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Cisco

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\ProgramData\Cisco

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Cisco

2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\Users\Aguugz\AppData\Local\WinZip Courier

2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\ProgramData\WinZipEC

2013-08-01 08:42 - 2013-08-14 12:06 - 00000000 ____D C:\Windows\system32\MRT

2013-07-29 12:02 - 2013-07-29 12:02 - 00000000 ____D C:\Users\Aguugz\AppData\Local\DIRECTV Player

2013-07-29 12:00 - 2013-07-29 12:01 - 13024568 _____ (DIRECTV) C:\Users\Aguugz\Downloads\DIRECTV_Player_8.0.exe

==================== One Month Modified Files and Folders =======

2013-08-28 18:03 - 2011-10-17 08:34 - 00000000 ____D C:\Users\Aguugz\Documents\Outlook Files

2013-08-28 18:03 - 2011-09-26 11:01 - 00488962 _____ C:\Windows\SysWOW64\TVersityMediaServer.log

2013-08-28 18:03 - 2009-07-14 00:13 - 00747834 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-28 18:02 - 2013-08-28 18:02 - 00000000 ____D C:\FRST

2013-08-28 18:02 - 2013-08-28 18:01 - 00000000 ____D C:\Users\Aguugz\Desktop\IT Toolkit

2013-08-28 17:37 - 2011-03-02 07:07 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job

2013-08-28 17:36 - 2011-02-25 03:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-28 17:28 - 2011-09-26 11:01 - 01024114 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.1

2013-08-28 17:20 - 2011-03-13 08:53 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job

2013-08-28 17:10 - 2013-02-08 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-28 16:13 - 2011-09-26 11:01 - 01024004 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.2

2013-08-28 15:53 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-28 15:53 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-28 15:52 - 2013-08-28 15:52 - 00001673 _____ C:\Users\Aguugz\Desktop\JRT.txt

2013-08-28 15:49 - 2011-02-25 12:24 - 01909266 _____ C:\Windows\WindowsUpdate.log

2013-08-28 15:46 - 2013-08-28 15:46 - 00000000 ____D C:\Windows\ERUNT

2013-08-28 15:46 - 2011-12-06 23:59 - 00000000 ___RD C:\Users\Aguugz\Dropbox

2013-08-28 15:46 - 2011-12-06 23:57 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Dropbox

2013-08-28 15:45 - 2013-08-28 15:45 - 01021434 _____ (Thisisu) C:\Users\Aguugz\Desktop\JRT.exe

2013-08-28 15:44 - 2013-08-26 20:43 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000

2013-08-28 15:44 - 2013-08-26 12:37 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000

2013-08-28 15:44 - 2013-03-06 09:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2.job

2013-08-28 15:44 - 2013-02-01 10:47 - 00000000 ____D C:\ProgramData\VMware

2013-08-28 15:43 - 2013-08-27 11:25 - 00000728 _____ C:\Windows\setupact.log

2013-08-28 15:43 - 2011-03-19 05:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2013-08-28 15:43 - 2011-02-25 12:37 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-28 15:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-28 15:42 - 2013-08-27 13:31 - 00015102 _____ C:\Windows\PFRO.log

2013-08-28 15:39 - 2013-08-28 15:34 - 00000000 ____D C:\AdwCleaner

2013-08-28 15:09 - 2013-08-28 15:09 - 01656459 _____ C:\Users\Aguugz\Desktop\winrar-x64-420.exe

2013-08-28 15:06 - 2013-08-26 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job

2013-08-28 14:57 - 2013-08-28 14:57 - 00033076 _____ C:\Users\Aguugz\Desktop\combofix.txt

2013-08-28 14:56 - 2013-08-28 14:56 - 00033076 _____ C:\ComboFix.txt

2013-08-28 14:56 - 2013-08-28 14:27 - 00000000 ____D C:\Qoobox

2013-08-28 14:56 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default

2013-08-28 14:53 - 2011-02-25 00:42 - 00000000 ___RD C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-28 14:51 - 2013-08-28 14:27 - 00000000 ____D C:\Windows\erdnt

2013-08-28 14:40 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini

2013-08-28 14:36 - 2013-04-02 12:14 - 00000000 ____D C:\Program Files (x86)\Yammer

2013-08-28 14:22 - 2013-08-28 14:22 - 05114728 ____R (Swearware) C:\Users\Aguugz\Desktop\ComboFix.exe

2013-08-28 14:22 - 2011-02-25 00:39 - 00000000 ____D C:\Users\Aguugz

2013-08-28 14:18 - 2013-08-28 11:41 - 967039928 _____ C:\Users\Aguugz\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso

2013-08-28 13:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing

2013-08-28 13:35 - 2013-08-28 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-28 13:35 - 2013-08-28 12:53 - 00000000 ____D C:\Users\Aguugz\Desktop\mbar

2013-08-28 13:34 - 2013-07-23 14:06 - 00000000 ____D C:\Users\Aguugz\Desktop\DT ICONS

2013-08-28 13:19 - 2013-08-26 22:23 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-08-28 13:19 - 2011-05-06 04:00 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-08-28 13:12 - 2013-01-30 01:40 - 00000000 ____D C:\Windows\pss

2013-08-28 12:51 - 2013-08-28 12:42 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Aguugz\Desktop\mbar-1.07.0.1005.exe

2013-08-28 12:39 - 2013-08-28 12:37 - 09876312 _____ (PC Tools ) C:\Users\Aguugz\Desktop\tfinstall.exe

2013-08-28 11:38 - 2013-08-28 08:56 - 00000000 ____D C:\Users\Aguugz\Desktop\RK_Quarantine

2013-08-28 08:58 - 2013-08-28 08:58 - 00006940 _____ C:\Users\Aguugz\Desktop\RKreport[0]_S_08282013_085820.txt

2013-08-28 08:55 - 2011-04-25 18:47 - 00000000 ____D C:\Users\Aguugz\Documents\WePrint

2013-08-28 08:50 - 2013-08-28 08:50 - 03771904 _____ C:\Users\Aguugz\Desktop\RogueKillerX64.exe

2013-08-28 08:37 - 2011-03-02 07:07 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job

2013-08-28 02:00 - 2013-08-26 15:06 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job

2013-08-27 19:20 - 2011-03-13 08:53 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job

2013-08-27 16:53 - 2011-03-04 15:08 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\uTorrent

2013-08-27 16:14 - 2009-07-14 00:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-27 16:08 - 2013-08-27 16:08 - 00347424 _____ (Microsoft Corporation) C:\Users\Aguugz\Desktop\MicrosoftFixit.wu.LB.2730106675446385.1.1.Run.exe

2013-08-27 15:06 - 2013-08-26 12:18 - 00038199 _____ C:\Users\Aguugz\Desktop\dds.txt

2013-08-27 15:06 - 2013-08-26 12:18 - 00013388 _____ C:\Users\Aguugz\Desktop\attach.txt

2013-08-27 15:00 - 2011-10-12 08:56 - 00000039 _____ C:\Windows\vbaddin.ini

2013-08-27 15:00 - 2011-10-12 08:26 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-27 14:59 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini

2013-08-27 13:31 - 2013-03-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-27 11:25 - 2013-08-27 11:25 - 00000000 _____ C:\Windows\setuperr.log

2013-08-27 10:51 - 2013-08-27 10:51 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Malwarebytes

2013-08-27 10:51 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-27 10:50 - 2013-08-27 10:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-27 10:50 - 2013-08-27 10:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-27 10:45 - 2013-08-26 15:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-08-27 10:24 - 2013-08-27 10:24 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Aguugz\Downloads\mbam-clean-1.60.2.0003.exe

2013-08-26 22:25 - 2013-08-26 22:25 - 00332732 _____ C:\Users\Aguugz\Documents\cc_20130826_222511.reg

2013-08-26 22:24 - 2011-02-25 03:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-08-26 22:22 - 2010-01-26 13:26 - 00000000 ____D C:\Windows\Panther

2013-08-26 21:13 - 2013-08-26 21:13 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-08-26 21:13 - 2013-08-26 21:13 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-08-26 21:13 - 2013-08-26 21:13 - 00000000 ____D C:\Program Files\CCleaner

2013-08-26 21:13 - 2013-08-26 21:12 - 04454952 _____ (Piriform Ltd) C:\Users\Aguugz\Downloads\ccsetup405.exe

2013-08-26 21:07 - 2011-03-11 23:46 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\vlc

2013-08-26 20:59 - 2013-08-26 20:59 - 00001074 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-26 18:39 - 2011-03-02 02:39 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Mozilla

2013-08-26 17:15 - 2013-01-30 09:47 - 00000000 ____D C:\Program Files (x86)\ophcrack

2013-08-26 15:06 - 2013-08-26 15:06 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac

2013-08-26 15:06 - 2013-08-26 15:06 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735

2013-08-26 15:05 - 2013-08-26 15:05 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\SUPERAntiSpyware.com

2013-08-26 15:05 - 2013-08-26 15:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-08-26 13:34 - 2013-08-26 13:32 - 27229688 _____ (SUPERAntiSpyware) C:\Users\Aguugz\Downloads\SUPERAntiSpyware.exe

2013-08-26 13:31 - 2013-08-26 13:31 - 00001087 _____ C:\Users\Aguugz\Desktop\Continue Download Helper Installation.lnk

2013-08-26 12:55 - 2013-08-26 12:55 - 02347384 _____ (ESET) C:\Users\Aguugz\Downloads\esetsmartinstaller_enu.exe

2013-08-26 12:30 - 2013-08-26 11:52 - 492597008 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\WindowsXPMode_en-us (1).exe

2013-08-26 11:41 - 2013-08-26 11:41 - 01528184 _____ (Microsoft Corporation) C:\Users\Aguugz\Downloads\GenuineCheck.exe

2013-08-26 11:37 - 2013-08-26 11:37 - 00688992 ____R (Swearware) C:\Users\Aguugz\Downloads\dds.com

2013-08-26 10:48 - 2013-08-26 10:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aguugz\Downloads\iexplorer.exe

2013-08-26 09:35 - 2013-05-21 09:31 - 00002196 ____H C:\Users\Aguugz\Documents\Default.rdp

2013-08-22 15:54 - 2013-08-22 15:54 - 00000000 ____D C:\Users\Aguugz\.shsh

2013-08-22 15:31 - 2013-08-22 15:31 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iTunes

2013-08-22 15:30 - 2013-08-22 15:30 - 00000000 ____D C:\Program Files\iPod

2013-08-22 15:30 - 2011-10-16 08:43 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-08-22 15:02 - 2013-08-22 15:02 - 00000000 ____D C:\Program Files (x86)\File Type Helper

2013-08-20 15:48 - 2011-02-25 02:51 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Google

2013-08-20 12:44 - 2013-08-20 12:43 - 20285559 _____ C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT.zip

2013-08-19 09:09 - 2013-08-19 09:09 - 00029025 _____ C:\Users\Aguugz\Downloads\2BEC9E4483366D4F20A97B800E341B127DE410CE.torrent

2013-08-19 09:07 - 2013-08-19 09:07 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB (1).torrent

2013-08-19 08:51 - 2013-08-19 08:51 - 00057254 _____ C:\Users\Aguugz\Downloads\FF6DF281561D37D6E1515A0348AAE76DF7F1A0EB.torrent

2013-08-15 14:23 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-08-15 14:21 - 2013-02-01 10:55 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\VMware

2013-08-15 14:20 - 2013-02-01 10:55 - 00000000 ____D C:\Users\Aguugz\AppData\Local\VMware

2013-08-14 16:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-08-14 14:30 - 2013-08-14 14:30 - 00057128 _____ C:\Users\Aguugz\Downloads\42CB1476FA750F9BBDA16432AF40A74DF8EF5D78.torrent

2013-08-14 14:29 - 2013-08-14 14:29 - 00029213 _____ C:\Users\Aguugz\Downloads\562ECB0EA9C457FFCE506F14A594566A2F29F85A.torrent

2013-08-14 13:56 - 2013-08-14 13:56 - 00057194 _____ C:\Users\Aguugz\Downloads\83A7A73A9608D62BF7B906B96BA7A4B87203078B.torrent

2013-08-14 13:55 - 2013-08-14 13:55 - 00028949 _____ C:\Users\Aguugz\Downloads\EA5C135B25751C2C6C4D659502A2A67C0973E2F0.torrent

2013-08-14 13:52 - 2013-08-14 13:52 - 00014996 _____ C:\Users\Aguugz\Downloads\77CCD7CA50D887CB888692334DFDEE638DAB3821.torrent

2013-08-14 13:51 - 2013-08-14 13:51 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C (1).torrent

2013-08-14 13:50 - 2013-08-14 13:50 - 00057476 _____ C:\Users\Aguugz\Downloads\96AE0F989ECF1BA71DF6BCCFD57622C541A3E51C.torrent

2013-08-14 12:06 - 2013-08-01 08:42 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 12:03 - 2011-03-02 02:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-06 15:25 - 2013-08-06 15:25 - 00343846 _____ C:\Users\Aguugz\Desktop\COCCL - Room List 08-06-13.txt

2013-08-06 15:07 - 2013-08-06 15:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-06 15:07 - 2013-07-09 14:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-06 15:07 - 2013-04-05 10:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-06 15:07 - 2013-04-05 10:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-06 15:07 - 2013-04-02 10:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll

2013-08-06 15:07 - 2011-11-09 22:07 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-06 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

2013-08-06 10:14 - 2013-04-02 14:48 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\tixati

2013-08-06 10:13 - 2013-08-06 10:13 - 00000857 _____ C:\Users\Aguugz\Desktop\µTorrent.lnk

2013-08-06 10:13 - 2013-08-06 10:13 - 00000837 _____ C:\Users\Aguugz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Users\Aguugz\AppData\Local\Cisco

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\ProgramData\Cisco

2013-08-02 13:52 - 2013-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Cisco

2013-08-02 13:51 - 2013-08-20 12:45 - 00000000 ____D C:\Users\Aguugz\Desktop\Ex_Files_SP_Online_EssT

2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\Users\Aguugz\AppData\Local\WinZip Courier

2013-08-01 08:44 - 2013-08-01 08:44 - 00000000 ____D C:\ProgramData\WinZipEC

2013-07-31 15:40 - 2013-04-02 12:14 - 00000000 ____D C:\Users\Aguugz\AppData\Roaming\Yammer

2013-07-29 12:02 - 2013-07-29 12:02 - 00000000 ____D C:\Users\Aguugz\AppData\Local\DIRECTV Player

2013-07-29 12:01 - 2013-07-29 12:00 - 13024568 _____ (DIRECTV) C:\Users\Aguugz\Downloads\DIRECTV_Player_8.0.exe

Files to move or delete:

====================

C:\Users\Aguugz\AppData\Local\Temp\Quarantine.exe

C:\Users\Aguugz\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-22 09:07

==================== End Of Log ============================

Ageel · August 28, 2013

Additional txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013

Ran by Aguugz at 2013-08-28 18:03:52

Running from C:\Users\Aguugz\Desktop\IT Toolkit

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

µTorrent (HKCU Version: 3.3.1.30003)

7-Zip 9.21 (x32 Version: 9.21.00.0)

ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)

Acer Backup Manager (x32 Version: 2.0.2.39)

Acer eRecovery Management (x32 Version: 4.05.3005)

Acer Registration (x32 Version: 1.02.3006)

Acer ScreenSaver (x32 Version: 1.1.0909)

Acer Updater (x32 Version: 1.01.3014)

Acrobat.com (x32 Version: 1.6.65)

Adobe AIR (x32 Version: 3.8.0.870)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)

Advertising Center (x32 Version: 0.0.0.2)

Akamai NetSession Interface (HKCU)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Audacity 1.3.13 (Unicode) (x32)

avast! Free Antivirus (x32 Version: 8.0.1489.0)

Backup Manager Advance (x32 Version: 2.0.2.39)

BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35)

Bonjour (Version: 3.0.0.10)

CDDRV_Installer (Version: 4.60)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)

ConvertHelper 2.2 (x32)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

DIRECTV Player (x32 Version: 8.0)

Dropbox (HKCU Version: 2.0.22)

DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)

DVDFab 8.1.3.2 (31/10/2011) Qt (x32)

eaner (Version: 4.05)

EASEUS Data Recovery Wizard Free Edition 5.0.1 (x32)

EASEUS Partition Master 9.1.0 Professional (x32)

EASEUS Partition Recovery 5.0.1 (x32)

eBay Worldwide (x32 Version: 2.1.0901)

eMusic Download Manager 4.1.4 (x32 Version: 4.1.4)

EPSON Scan (x32)

EPSON TX800FW Series Printer Uninstall

EpsonNet Config V3 (x32 Version: 3.4a)

erLT (x32 Version: 1.20.0137)

eSobi v2 (x32 Version: 2.0.4.000274)

ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0)

Free Alarm Clock 2.2.1 (x32 Version: 2.2)

Google Chrome (HKCU Version: 29.0.1547.57)

Google Talk Plugin (x32 Version: 3.13.1.11376)

Google Talk Plugin (x32 Version: 4.4.2.14502)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)

Google Update Helper (x32 Version: 1.3.21.153)

Graboid Video 2.03 (x32 Version: 2.03)

HandBrake 0.9.5 (x32 Version: 0.9.5)

iCloud (Version: 2.1.2.8)

Identity Card (x32 Version: 1.00.3002)

ImagXpress (x32 Version: 7.0.74.0)

ImgBurn (x32 Version: 2.5.7.0)

Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3)

Intel® Matrix Storage Manager

Internet TV for Windows Media Center (x32 Version: 4.2.2.0)

iTunes (Version: 11.0.5.5)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10)

JMicron JMB36X Driver (x32 Version: 1.00.0000)

Juniper Networks Network Connect 7.1.0 (x32 Version: 7.1.0.18193)

Juniper Networks Network Connect 7.1.10 (x32 Version: 7.1.10.21187)

Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853)

Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

KhalInstallWrapper (Version: 2.00.0000)

Logitech SetPoint (x32 Version: 4.80)

LTCM Client (x32 Version: 1.20.3792)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee SiteAdvisor (Version: 3.3.1.133)

McAfee SiteAdvisor (x32 Version: 3.6.168)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.60.253.0)

Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)

Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Visio 2010 (Version: 14.0.7015.1000)

Microsoft Office Visio MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Online Services Sign-in Assistant (Version: 7.250.4303.0)

Microsoft Project Professional 2010 (Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visio Premium 2010 (Version: 14.0.7015.1000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Mobile Mouse Server (x32 Version: 2.5.0)

MobileMe Control Panel (Version: 3.1.8.0)

MondomixMP3 (x32 Version: 1.1)

Morphyre (x32)

Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MP3 Rocket (x32)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Music Editor Free (x32)

MyWinLocker (x32 Version: 3.1.76.0)

Nero 9 Essentials (x32)

Nero ControlCenter (x32 Version: 9.0.0.1)

Nero DiscSpeed (x32 Version: 5.4.7.201)

Nero DiscSpeed Help (x32 Version: 5.4.4.100)

Nero DriveSpeed (x32 Version: 4.4.7.201)

Nero DriveSpeed Help (x32 Version: 4.4.4.100)

Nero Express Help (x32 Version: 9.4.9.100)

Nero InfoTool (x32 Version: 6.4.7.201)

Nero InfoTool Help (x32 Version: 6.4.4.100)

Nero Installer (x32 Version: 4.4.8.1)

Nero Online Upgrade (x32 Version: 1.3.0.0)

Nero StartSmart (x32 Version: 9.4.11.209)

Nero StartSmart Help (x32 Version: 9.4.11.208)

Nero StartSmart OEM (x32 Version: 9.16.0.100)

NeroExpress (x32 Version: 9.4.10.505)

neroxml (x32 Version: 1.0.0)

Netflix in Windows Media Center (x32 Version: 3.3.101.0)

Norton Online Backup (x32 Version: 1.2.0.36)

NVIDIA 3D Vision Controller Driver 314.07 (Version: 314.07)

NVIDIA 3D Vision Driver 314.07 (Version: 314.07)

NVIDIA Control Panel 314.07 (Version: 314.07)

NVIDIA Display Control Panel (Version: 6.14.12.5896)

NVIDIA Graphics Driver 314.07 (Version: 314.07)

NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA PhysX (x32 Version: 9.12.1031)

NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407)

NVIDIA Update 1.12.12 (Version: 1.12.12)

NVIDIA Update Components (Version: 1.12.12)

ophcrack 3.4.0 (x32 Version: 3.4.0)

PerSonoCall Consumer Edition (x32 Version: 2.11.0007)

PVSonyDll (Version: 1.00.0001)

Python 2.7.5 (64-bit) (Version: 2.7.5150)

QuickTime (x32 Version: 7.73.80.64)

Radio365 (x32 Version: 2.2.0.5)

RealDownloader (x32 Version: 1.3.1)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)

RealUpgrade 1.1 (x32 Version: 1.1.0)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition

Skype Click to Call (x32 Version: 5.7.8773)

Skype™ 6.1 (x32 Version: 6.1.129)

Spybot - Search & Destroy (x32 Version: 1.6.2)

SUPERAntiSpyware (Version: 5.6.1032)

TeamViewer 8 (x32 Version: 8.0.20202)

THX TruStudio PC (x32 Version: 1.0)

Tixati (x32)

tools-freebsd (x32 Version: 9.2.3.1031769)

tools-linux (x32 Version: 9.2.3.1031769)

tools-netware (x32 Version: 9.2.3.1031769)

tools-solaris (x32 Version: 9.2.3.1031769)

tools-windows (x32 Version: 9.2.3.1031769)

tools-winPre2k (x32 Version: 9.2.3.1031769)

TVersity Codec Pack 1.7 (x32 Version: 1.7)

TVersity Media Server 1.9.7 (x32 Version: 1.9.7)

Unity Web Player (HKCU Version: 2.6.1f3_31223)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition

VirtualCloneDrive (x32)

VLC media player 2.0.8 (x32 Version: 2.0.8)

VMware vCenter Converter Standalone (x32 Version: 5.0.0.470252)

VMware Workstation (Version: 9.0.2)

VMware Workstation (x32 Version: 9.0.2)

Welcome Center (x32 Version: 1.00.3006)

WePrint (x32)

Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Sync (x32 Version: 14.0.8089.726)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

Windows XP Mode (Version: 1.3.7600.16423)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

WinZip 17.5 (Version: 17.5.10480)

Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)

Yammer (x32 Version: 255)

Yammer (x32 Version: 300222)

==================== Restore Points =========================

27-08-2013 18:27:00 Scheduled Checkpoint

27-08-2013 19:37:31 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-08-28 14:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00D87272-9ED9-4672-9AC0-AEE6AB04F384} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File

Task: {01EA4881-A8D2-4AEF-A777-EF2A2101F60B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)

Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)

Task: {136E7E34-AD39-4DA3-8CE1-9CD720231B16} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {154259D6-696C-4104-AD58-A596D9616027} - System32\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {168FB4D9-5906-4C21-BBF5-7F20B7D4FC18} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {1E394E1E-7DB8-4256-B0D8-0F41FBE54796} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {235615A6-8733-4C27-AC43-F8A60349DC96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)

Task: {31F1254A-F487-4D2D-AAC0-0DE583D54066} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2531113335-1326481275-3410773886-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)

Task: {3A306F4D-D166-46E0-B0CE-0B50330A416D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {3AE18BB8-0A61-4240-ABE7-5EB1EE26DC2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {6F058FE9-9CDE-4E7A-B29C-BE3FE212929E} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe No File

Task: {700F0B80-D26B-409A-8582-886C4F4624E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)

Task: {7402A89C-577B-436F-8CD4-94DBACD8CB60} - System32\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)

Task: {79E666D5-861A-4C41-94C5-D92116B3DC3B} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)

Task: {80E5DD0F-13C8-4839-BB72-C6601590A247} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-13] (Microsoft Corporation)

Task: {8933EA15-2A5C-4471-9E1E-6DBDC779379B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {8A256ED2-1B0C-4F5B-91FB-94AFC05DB5AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)

Task: {9EB6045B-EE04-4633-841E-18F0D6DF9D96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {A1C93D16-6786-4204-ACD0-406C901E2F65} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)

Task: {A89F7281-A727-449B-9987-C520046B4DCF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: {C7E94724-9A3D-423C-80D4-404339607F4C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)

Task: {D240E9DC-3460-4B2D-802B-3710DE7C4FCA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {D6308D36-AD58-49F2-8F92-F3116D729E08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)

Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-13] (Microsoft Corporation)

Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)

Task: {E236C8EB-352A-4736-A2A4-909906B1FC4C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2531113335-1326481275-3410773886-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {E7FB78B6-9B98-4444-9091-3B7878389190} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-AGUUGZ-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)

Task: {EE08118F-A725-4AE9-B693-A4FFBFB1437B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25] (Google Inc.)

Task: {F74CEDA7-1AA0-422B-935B-43487011FB8D} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe No File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1a75b4ce8eb2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000Core.job => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1000UA.job => C:\Users\Aguugz\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001Core.job => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531113335-1326481275-3410773886-1001UA.job => C:\Users\Freya\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 227b5581-88b7-4445-8423-d7b05de98eac.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3ab10268-7bc9-40aa-868a-ce4ed62bc735.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Freya\Desktop\(35 unread) - freyashatry - Yahoo! Mail.website:favicon

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MAC Bridge Miniport

Description: MAC Bridge Miniport

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: BridgeMP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Error: (08/28/2013 06:03:52 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume .

Error: (08/28/2013 04:13:36 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume .

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2013-08-28 14:36:22.271

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-28 14:36:22.201

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:45:24.182

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\zntport64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:45:24.088

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\zntport64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:45:20.391

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\TVicPort64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:45:20.313

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\TVicPort64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:44:51.016

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\int15_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-31 13:44:50.954

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\int15_64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 43%

Total physical RAM: 8182.99 MB

Available physical RAM: 4588.16 MB

Total Pagefile: 16364.16 MB

Available Pagefile: 12306.58 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:1385.7 GB) (Free:489.3 GB) NTFS

Drive e: (Server 2008R2) (Fixed) (Total:422.07 GB) (Free:269.16 GB) NTFS

Drive j: (Downloads) (Fixed) (Total:509.43 GB) (Free:2.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: A024D30F)

Partition 1: (Not Active) - (Size=11 GB) - (Type=27)

Partition 2: (Active) - (Size=123 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=-711142566912) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 03183630)

Partition 1: (Not Active) - (Size=422 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=509 GB) - (Type=OF Extended)

==================== End Of Log ============================

MrCharlie · August 28, 2013

All three browsers are being redirected?? MrC

Ageel · August 28, 2013

Yes, all 3 browsers being redirected. IE, FF and Chrome.

MrCharlie · August 28, 2013

OK, it's going to take a little time to look through the logs, probably will get back to you in the AM..MrC

MrCharlie · August 29, 2013

FastFreeConverter looks to be the problem :
http://www.systemlookup.com/Drivers/8990-FastFreeConverterUpdt_exe.html

See if you can disable or delete this extension:

FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com

Delete this folder:

C:\Program Files (x86)\Fast Free Converter

--------------------------------------

I also suggest you run this online scan:

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

Let me know...MrC

Ageel · August 29, 2013

Good Morning MrC,

I could not find Fast Free Converter (FFC) at this location: C:\Program Files (x86)\Fast Free Converter.

I even checked C:\Program Files\FFC and didn't find anything. I searched the whole C: drive and found it in a couple of locations: plz see screenshot. I then deleted all the folders. I also ran the eset online scanner. Zero detections.

Infected and no idea how to remove.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information