Jump to content

Computer Freezing


hms1018
 Share

Recommended Posts

  • Root Admin

Hello and :welcome:


P2P/Piracy Warning:
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.



Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks!

 

RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : HMS1018 [Admin rights]
Mode : Scan -- Date : 09/30/2013 17:38:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] dacf81a5cdc15d6b23b15cce8364c761
[bSP] ade3b5e7897382b1a593b7116c9fea16 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09302013_173835.txt >>

Link to post
Share on other sites

  • Root Admin

Looks okay.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Just hit no and restarted it no problems:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
HMS1018 :: HMS1018-PC [administrator]

9/30/2013 8:53:07 PM
mbar-log-2013-09-30 (20-53-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 291908
Time elapsed: 23 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 4292403200, free: 2146627584

Downloaded database version: v2013.09.30.09
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/30/2013 20:53:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\dsfksvcs.sys
\SystemRoot\system32\DRIVERS\DSFOleaut32.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\dsfroot.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\ImmunetProtect.sys
\SystemRoot\system32\DRIVERS\ImmunetSelfProtect.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\softehci.sys
\SystemRoot\system32\DRIVERS\usbehci_dsf.sys
\SystemRoot\system32\DRIVERS\hrmports.sys
\SystemRoot\system32\DRIVERS\USBPORT_DSF.SYS
\SystemRoot\system32\DRIVERS\hrmints.sys
\SystemRoot\SYSTEM32\DRIVERS\HRMCFGSPC.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\cmudax3.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\azn3ma5z.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\rusb3hub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\bcbtums.sys
\??\C:\Windows\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys
\??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xfffffa8010c5e380
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000d7\
Lower Device Object: 0xfffffa8010876b60
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xfffffa8010c5e380
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000d7\
Lower Device Object: 0xfffffa8010876b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007c51060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a7\
Lower Device Object: 0xfffffa8007a6fb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c525d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004aed060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c53040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004adcd10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004aed060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00281f080, 0xfffffa8004c525d0, 0xfffffa800ab92750
Lower DeviceData: 0xfffff8a00d924c00, 0xfffffa8004aed060, 0xfffffa80113949e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 61767149

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80104ef250, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010876b60, DeviceName: \Device\000000d7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c51b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007a6fb60, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

Link to post
Share on other sites

unkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by HMS1018 on Mon 09/30/2013 at 21:32:32.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D570841B-10AE-4D5B-BBB8-237DA20EA69F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\comcasttb"
Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"



~~~ FireFox

Emptied folder: C:\Users\HMS1018\AppData\Roaming\mozilla\firefox\profiles\oqc7cjzd.default-1379637043124\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/30/2013 at 21:42:31.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

# AdwCleaner v3.006 - Report created 30/09/2013 at 21:52:26
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : HMS1018 - HMS1018-PC
# Running from : C:\Users\HMS1018\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found C:\Program Files (x86)\BitLord 2
Folder Found C:\Program Files (x86)\xfin_portal
Folder Found C:\ProgramData\savensharE
Folder Found C:\ProgramData\saVensshaare
Folder Found C:\Users\HMS1018\AppData\LocalLow\xfin_portal
Folder Found C:\Users\HMS1018\AppData\Roaming\BitLord
Folder Found C:\Users\HMS1018\AppData\Roaming\EZDownloader
Folder Found C:\Users\HMS1018\Documents\BitLord

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6223 octets] - [30/09/2013 21:52:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6283 octets] ##########
 

Link to post
Share on other sites

List of found threats:

 

C:\Program Files (x86)\Cain\Cain.exe    a variant of Win32/CainAbel application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js    Win32/Adware.MultiPlug.H application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js    Win32/Adware.MultiPlug.H application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js    Win32/Adware.MultiPlug.H application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe    multiple threats
C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part    Win32/OpenCandy application
C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part    Win32/DownloadAdmin.G application
C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part    a variant of Win32/Amonetize.P application
C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part    Win32/OpenCandy application
C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part    Win32/DownloadAdmin.G application
C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part    a variant of Win32/Amonetize.P application
C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part    Win32/OpenCandy application
C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp    Win32/Napolar.A trojan
C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E application
C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js    Win32/Adware.MultiPlug.H application
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe    a variant of Win32/InstallCore.T application
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe    a variant of Win32/InstallCore.AX application
C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe    Win32/OpenCandy application
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe    Win32/DownloadAdmin.G application
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe    Win32/DownloadAdmin.G application
C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar    Win32/InstalleRex.I application
C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe    Win32/Toolbar.Babylon.E application
C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by HMS1018 (administrator) on HMS1018-PC on 01-10-2013 01:05:06
Running from C:\Users\HMS1018\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\system32\lxcjcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(magicJack L.P.) C:\Users\HMS1018\AppData\Roaming\mjusbsp\magicJack.exe
(Spotify Ltd) C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [cdloader] - C:\Users\HMS1018\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-28] (Spotify Ltd)
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe
MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39874C359D1ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL =
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\WatchTorrents Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (uTorrentControl_v6) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.16.2.9_0
CHR Extension: (Google Search) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (savensharE ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10
CHR Extension: (Browsea22ssAAvve) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffoganknhpieanlejociegddgkoaaae\1
CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0
CHR Extension: (avast! Online Security) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0
CHR Extension: (Xfinity) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_0
CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0
CHR Extension: (WhiteSmoke New) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.23_0
CHR Extension: (WatchTorrents) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpafocldgpkgojfbjigddelmfjmffkee\1_0
CHR Extension: (saVensshaare ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\HMS1018\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx
CHR HKLM-x32\...\Chrome\Extension: [mpafocldgpkgojfbjigddelmfjmffkee] - C:\Program Files (x86)\WatchTorrents Player\mpafocldgpkgojfbjigddelmfjmffkee.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [566192 2007-02-08] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-11-30] (C-Media Inc)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] ()
S3 ltusbaud; C:\Windows\System32\DRIVERS\ltusbaud_x64.sys [250144 2013-03-04] ()
S3 ltusbaudks; C:\Windows\System32\DRIVERS\ltusbaudks_x64.sys [54048 2013-03-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation                           )
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [105832 2011-08-29] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221544 2011-08-29] (Renesas Electronics Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-06] (Duplex Secure Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U3 azn3ma5z; C:\Windows\System32\Drivers\azn3ma5z.sys [0 ] (Advanced Micro Devices)
S3 HRMACPI; SYSTEM32\DRIVERS\HRMACPI.SYS [x]
R4 ImmunetNetworkMonitorDriver; \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [x]
R4 ImmunetProtectDriver; system32\DRIVERS\ImmunetProtect.sys [x]
R4 ImmunetSelfProtectDriver; system32\DRIVERS\ImmunetSelfProtect.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 SOFTUSBTESTHUB; SYSTEM32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
S3 SOFTWADP; SYSTEM32\DRIVERS\SOFTWADP.SYS [x]
S3 WSOFTUSBK; SYSTEM32\DRIVERS\WSOFTUSBK.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt
2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST
2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe
2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt
2013-09-30 22:45 - 2013-10-01 00:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-30 22:22 - 2013-09-30 22:23 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe
2013-09-30 21:51 - 2013-09-30 21:52 - 00000000 ____D C:\AdwCleaner
2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe
2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe
2013-09-30 20:53 - 2013-09-30 21:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-30 19:20 - 2013-09-30 21:19 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar
2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe
2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes
2013-09-30 17:59 - 2013-09-30 18:13 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back
2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt
2013-09-30 17:34 - 2013-09-30 17:39 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine
2013-09-30 17:32 - 2013-09-30 17:33 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe
2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer                                                ) C:\Users\HMS1018\Downloads\erunt-setup.exe
2013-09-30 13:03 - 2013-09-30 13:04 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt
2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill
2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe
2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif
2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm
2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal
2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db
2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt
2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\Program Files\iTunes
2013-09-23 16:43 - 2013-09-23 16:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod
2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg
2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder
2013-09-18 19:30 - 2013-09-18 19:31 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt
2013-09-18 19:30 - 2013-09-18 19:31 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt
2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com
2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log
2013-09-18 16:20 - 2013-09-18 17:00 - 00000000 ____D C:\Program Files (x86)\ss helper
2013-09-18 16:20 - 2013-09-18 16:59 - 00000000 ____D C:\ProgramData\savensharE
2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes
2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 15:51 - 2013-09-18 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-18 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\HMS1018\Downloads\setup(3).exe
2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe
2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0
2013-09-15 22:40 - 2013-09-15 22:41 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log
2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo
2013-09-15 21:08 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault
2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc
2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-09-15 21:07 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-09-15 21:07 - 2013-09-16 02:27 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-09-15 21:07 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault
2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana
2013-09-15 21:05 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\xfin_portal
2013-09-15 21:04 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader
2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk
2013-09-15 19:30 - 2013-09-16 14:19 - 00000000 ____D C:\ProgramData\saVensshaare
2013-09-13 23:03 - 2013-09-17 14:01 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green
2013-09-13 22:27 - 2013-09-27 13:19 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie
2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk
2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software
2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
2013-09-12 23:52 - 2013-09-17 16:49 - 00000000 ____D C:\ProgramData\Nalpeiron
2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software
2013-09-12 23:51 - 2013-09-12 23:53 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software
2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software
2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software
2013-09-12 23:49 - 2013-09-12 23:51 - 00000000 ____D C:\ProgramData\onOne Software
2013-09-12 23:47 - 2013-09-12 23:48 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe
2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk
2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1)
2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill
2013-09-12 16:56 - 2013-09-13 23:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky
2013-09-12 09:16 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 09:16 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 09:16 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 09:16 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 09:16 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 09:16 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 09:16 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 09:16 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 09:16 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 09:16 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 09:16 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 09:16 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 09:16 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 09:16 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 06:45 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 06:44 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 06:44 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 06:44 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 06:44 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 06:44 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 06:44 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 06:44 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 06:44 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 06:44 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 06:44 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 06:44 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 06:44 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 06:44 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 06:44 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 06:44 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 06:44 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 06:44 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 06:44 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 06:44 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 06:44 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 06:44 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 06:43 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 06:42 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 06:42 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 06:42 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 06:42 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe
2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe
2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-09-09 11:51 - 2013-09-09 12:18 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard
2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic
2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt
2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx
2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp
2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp

==================== One Month Modified Files and Folders =======

2013-10-01 00:58 - 2012-10-18 03:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt
2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST
2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe
2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt
2013-10-01 00:46 - 2013-09-30 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 00:46 - 2013-08-13 22:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 00:46 - 2012-10-18 03:38 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Mozilla
2013-10-01 00:41 - 2012-11-09 22:36 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job
2013-10-01 00:27 - 2012-12-17 19:03 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job
2013-10-01 00:13 - 2012-12-17 09:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-30 22:48 - 2013-08-20 12:32 - 00000000 ____D C:\Users\HMS1018\Desktop\Stray
2013-09-30 22:37 - 2011-01-01 00:56 - 01933757 _____ C:\Windows\WindowsUpdate.log
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-30 22:23 - 2013-09-30 22:22 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe
2013-09-30 21:52 - 2013-09-30 21:51 - 00000000 ____D C:\AdwCleaner
2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe
2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt
2013-09-30 21:41 - 2012-11-09 22:36 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job
2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT
2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe
2013-09-30 21:19 - 2013-09-30 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-30 21:19 - 2013-09-30 19:20 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar
2013-09-30 21:13 - 2012-12-17 09:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 20:27 - 2012-12-17 19:03 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job
2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe
2013-09-30 19:18 - 2013-08-12 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Spotify
2013-09-30 19:04 - 2013-08-14 13:05 - 00000000 ____D C:\ProgramData\Immunet
2013-09-30 19:04 - 2013-08-14 12:44 - 00000000 ____D C:\Program Files\Immunet
2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes
2013-09-30 18:13 - 2013-09-30 17:59 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back
2013-09-30 18:07 - 2013-03-14 11:10 - 00655872 ___SH C:\Users\HMS1018\Desktop\Thumbs.db
2013-09-30 17:39 - 2013-09-30 17:34 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine
2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt
2013-09-30 17:33 - 2013-09-30 17:32 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe
2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk
2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer                                                ) C:\Users\HMS1018\Downloads\erunt-setup.exe
2013-09-30 16:51 - 2013-04-25 22:59 - 00000000 ____D C:\Users\HMS1018\Desktop\Rental info
2013-09-30 13:04 - 2013-09-30 13:03 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt
2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill
2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe
2013-09-30 12:41 - 2012-11-02 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\uTorrent
2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif
2013-09-30 11:11 - 2013-07-28 20:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Lake Placid (1999)
2013-09-30 11:11 - 2012-11-14 17:17 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Windows Live
2013-09-30 11:05 - 2013-02-14 12:45 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\IrfanView
2013-09-30 11:03 - 2012-10-22 14:10 - 00000000 ____D C:\Program Files\Lx_cats
2013-09-28 21:53 - 2013-08-13 10:48 - 00000999 _____ C:\Users\HMS1018\Desktop\magicJack.lnk
2013-09-28 21:53 - 2012-10-18 01:58 - 00000985 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2013-09-28 21:53 - 2012-10-18 01:58 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\mjusbsp
2013-09-27 21:27 - 2013-04-06 20:00 - 00000000 ___RD C:\Users\HMS1018\Desktop\Dropbox
2013-09-27 21:27 - 2013-04-04 11:08 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Dropbox
2013-09-27 15:38 - 2009-07-14 00:51 - 22404150 _____ C:\Windows\setupact.log
2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 13:32 - 2013-07-24 06:29 - 00000993 _____ C:\Users\Guest\Desktop\magicJack.lnk
2013-09-27 13:32 - 2013-07-24 06:29 - 00000979 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2013-09-27 13:32 - 2013-07-24 06:29 - 00000000 ____D C:\Users\Guest\AppData\Roaming\mjusbsp
2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm
2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal
2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db
2013-09-27 13:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 13:29 - 2012-10-18 00:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-27 13:19 - 2013-09-13 22:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie
2013-09-25 22:08 - 2013-05-02 11:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-25 22:08 - 2012-10-18 03:42 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Adobe
2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt
2013-09-25 10:32 - 2013-01-03 00:22 - 00000000 ____D C:\Users\HMS1018\Desktop\odd stuff
2013-09-24 15:43 - 2013-08-12 19:16 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Spotify
2013-09-24 10:20 - 2010-11-20 23:47 - 00231470 _____ C:\Windows\PFRO.log
2013-09-24 10:18 - 2012-10-18 00:09 - 00000000 ____D C:\Windows 7 Activation (Reccomended)
2013-09-23 21:06 - 2013-05-07 08:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iTunes
2013-09-23 16:45 - 2013-08-26 14:26 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-23 16:44 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod
2013-09-23 16:30 - 2013-05-07 16:55 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Apple Computer
2013-09-22 05:17 - 2013-01-22 22:18 - 00000000 ____D C:\Program Files (x86)\Cain
2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg
2013-09-20 10:13 - 2013-07-28 09:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Young Dro - Best Thang Smokin' Album
2013-09-20 06:58 - 2012-10-18 03:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 06:58 - 2012-10-18 03:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 06:58 - 2012-10-18 03:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 20:30 - 2013-06-05 13:31 - 00000000 ____D C:\Users\HMS1018\Desktop\Old Firefox Data
2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder
2013-09-18 19:31 - 2013-09-18 19:30 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt
2013-09-18 19:31 - 2013-09-18 19:30 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt
2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com
2013-09-18 17:00 - 2013-09-18 16:20 - 00000000 ____D C:\Program Files (x86)\ss helper
2013-09-18 16:59 - 2013-09-18 16:20 - 00000000 ____D C:\ProgramData\savensharE
2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log
2013-09-18 16:25 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\Browsea22ssAAvve
2013-09-18 16:20 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes
2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 15:52 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 16:49 - 2013-09-12 23:52 - 00000000 ____D C:\ProgramData\Nalpeiron
2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\HMS1018\Downloads\setup(3).exe
2013-09-17 14:01 - 2013-09-13 23:03 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green
2013-09-16 14:19 - 2013-09-15 19:30 - 00000000 ____D C:\ProgramData\saVensshaare
2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe
2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0
2013-09-16 02:28 - 2013-09-15 21:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-09-16 02:28 - 2013-09-15 21:05 - 00000000 ____D C:\Program Files (x86)\xfin_portal
2013-09-16 02:28 - 2013-09-15 21:04 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-09-16 02:28 - 2013-07-28 20:13 - 00000000 ____D C:\Users\HMS1018\Downloads\A Nightmare on Elm Street (1984)
2013-09-16 02:28 - 2013-07-28 20:00 - 00000000 ____D C:\Users\HMS1018\Downloads\Fast And Furious 6[2013]WEBRip XviD-ETRG
2013-09-16 02:28 - 2013-07-28 19:50 - 00000000 ____D C:\Users\HMS1018\Downloads\[ www.Torrenting.com ] - Love.and.Basketball.2000.WS.iNTERNAL.REPACK.DVDRip.XviD-PiRATEKiD
2013-09-16 02:28 - 2013-05-13 15:44 - 00000000 ____D C:\Users\HMS1018\Downloads\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
2013-09-16 02:28 - 2013-04-30 13:02 - 00000000 ____D C:\Users\Guest
2013-09-16 02:27 - 2013-09-15 21:07 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-09-16 02:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-09-15 22:41 - 2013-09-15 22:40 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log
2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo
2013-09-15 22:29 - 2011-01-01 00:56 - 00000000 ____D C:\Users\HMS1018
2013-09-15 21:13 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault
2013-09-15 21:13 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault
2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc
2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana
2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-09-15 19:35 - 2012-11-09 14:03 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader
2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk
2013-09-15 10:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-14 04:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 23:27 - 2013-09-12 16:56 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky
2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk
2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software
2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
2013-09-12 23:53 - 2013-09-12 23:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software
2013-09-12 23:53 - 2013-07-06 11:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software
2013-09-12 23:51 - 2013-09-12 23:49 - 00000000 ____D C:\ProgramData\onOne Software
2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software
2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software
2013-09-12 23:50 - 2012-10-22 15:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-12 23:48 - 2013-09-12 23:47 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe
2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk
2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1)
2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill
2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 09:59 - 2009-07-14 00:45 - 05433144 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:15 - 2013-07-26 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 09:11 - 2012-11-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 09:11 - 2012-10-18 00:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 23:23 - 2013-05-07 08:18 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe
2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe
2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk
2013-09-10 02:39 - 2012-12-21 00:36 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-10 02:39 - 2012-12-20 15:40 - 00000000 ____D C:\Program Files\WinRAR
2013-09-09 12:18 - 2013-09-09 11:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard
2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic
2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt
2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx
2013-09-05 11:10 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 14:32 - 2013-07-06 11:06 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp
2013-09-04 14:18 - 2013-02-22 05:17 - 539062456 _____ C:\Windows\MEMORY.DMP
2013-09-04 14:18 - 2013-02-22 05:17 - 00000000 ____D C:\Windows\Minidump
2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp

Some content of TEMP:
====================
C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe
C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll
C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe
C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe
C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe
C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe
C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe
C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe
C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe
C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe
C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe
C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe
C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe
C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe
C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe
C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll
C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe
C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe
C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe
C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe
C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll
C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll
C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll
C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe
C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe
C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 01:11

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by HMS1018 at 2013-10-01 17:24:48 Run:1
Running from C:\Users\HMS1018\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js
C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe
C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js
C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part
C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js
C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js
C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js
C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part
C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll
C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe
C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part
C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll
C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe
C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe
C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part
C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe
C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe
C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe
C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe
C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe
C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe
C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe
C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe
C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe
C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe
C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe
C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe
C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll
C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe
C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe
C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe
C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part
C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe
C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll
C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll
C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll
C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp
C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe
C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe
C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe
C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe
C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar
C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe
C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe
MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe
MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/
SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL =
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC)
FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi
Task: {150672DB-EAF9-4941-ADEA-4E940DEC4E86} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {17F43E83-B769-47A9-A10A-E9E183B0D41C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.)
Task: {8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {D597D0D1-B6A7-463D-9D84-0464FAD2C88E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.)
Task: {F4BD837E-A59F-4011-969E-36117C4F33E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {F7DC172C-461B-4A59-846E-F588285296C2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F87126C6-071F-4B17-B99E-A65D4B30E7E1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe:BDU
AlternateDataStreams: C:\Users\HMS1018\Downloads\magicJackSetup.exe:BDU
AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe:BDU
AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe:BDU
AlternateDataStreams: C:\Users\HMS1018\Downloads\msprod2.exe:BDU


*****************

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part => Moved successfully.
"C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll" => File/Directory not found.
C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js => Moved successfully.
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe => Moved successfully.
C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe => Moved successfully.
C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe => Moved successfully.
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe => Moved successfully.
C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe => Moved successfully.
C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar => Moved successfully.
C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe => Moved successfully.
C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key deleted successfully.
HKCR\CLSID\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key deleted successfully.
HKCR\CLSID\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2 => Key deleted successfully.
C:\Windows\system32\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@Koox Group LLC/WatchTorrents Player,version=1.0.0.0 => Key deleted successfully.
C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-vpu7aD5IBmKRFA@jetpack => Value deleted successfully.
C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully.
C:\ProgramData\Nalpeiron => ":user.ns1" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns2" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns3" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns4" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe => ":BDU" ADS removed successfully.
C:\Users\HMS1018\Downloads\magicJackSetup.exe => ":BDU" ADS removed successfully.
C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe => ":BDU" ADS removed successfully.
C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe => ":BDU" ADS removed successfully.
C:\Users\HMS1018\Downloads\msprod2.exe => ":BDU" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then run the following.

 

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Link to post
Share on other sites

  Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java.  If you can do without Java that would be best.

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


 

 

Otherwise, how is the computer running now?

Are there still any signs of an infection?

 

Thanks

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Oct 02 15:34:54 2013

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.