Jump to content

Recommended Posts

I keep getting the league of angels ads.  I ran a malware bytes scan but they still appear.  Here are my scans.

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2014 16:28:35
System Uptime: 06/04/2014 17:13:32 (22 hours ago)
.
Motherboard: LENOVO |  | Emerald Lake
Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 70.052 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP41: 24/03/2014 13:59:33 - Windows Update
RP42: 27/03/2014 03:00:10 - Windows Update
RP43: 30/03/2014 11:30:37 - Installed BowPad
RP44: 30/03/2014 23:35:59 - Windows Update
RP45: 31/03/2014 08:39:09 - Installed CompanionLink.
RP46: 03/04/2014 02:53:18 - Windows Update
RP47: 04/04/2014 11:34:15 - Installed 3CXPhone
RP48: 06/04/2014 05:58:15 - Windows Update
RP49: 06/04/2014 17:20:05 - Installed BowPad
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
3CXPhone
7-Zip 9.20 (x64 edition)
Adobe Acrobat XI Pro
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Akamai NetSession Interface
AzureTools.Notifications
Bandwidth Monitor v3.4 build 757
Behaviors SDK (XAML) for Visual Studio
Blend for Visual Studio 2013
Blend for Visual Studio 2013 ENU resources
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
BowPad
Brother MFL-Pro Suite MFC-J430W
Build Tools - amd64
Build Tools - x86
Build Tools Language Resources - amd64
Build Tools Language Resources - x86
Cloudfogger
CompanionLink
Copy
Covenant Eyes
CryptSync
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Deluge 1.3.6
Dotfuscator and Analytics Community Edition
Dropbox
eMule
Energy Management
Entity Framework Tools for Visual Studio 2013
Fiddler
FileZilla Client 3.8.0
Firewall Builder 5.1
Flvto Youtube Downloader
Foxit Advanced PDF Editor 3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Greenshot 1.1.7.17
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
Internet Download Manager
ISO Creator 1.0
Java 7 Update 51
Java Auto Updater
JavaScript Tooling
Junk Mail filter update
LastPass (uninstall only)
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo Games Console
Lenovo OneKey Recovery
Lenovo YouCam
LocalESPC Dev12
LocalESPCui for en-us Dev12
Magic ISO Maker v5.5 (build 0276)
Malwarebytes Anti-Malware version 2.0.1.1004
Mesh Runtime
MetaTrader - Alpari UK
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft Advertising SDK for Windows 8.1 - ENU
Microsoft Advertising Service Extension for Visual Studio
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft C++ REST SDK for Visual Studio 2013
Microsoft Exchange Web Services Managed API 2.0
Microsoft Expression Blend SDK for .NET 4
Microsoft Help Viewer 2.1
Microsoft Identity Extensions
Microsoft LightSwitch for Visual Studio 2013 Core
Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU
Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools
Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU
Microsoft LightSwitch v4.0 SDK
Microsoft NuGet - Visual Studio 2013
Microsoft Office 2010
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64)
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharePoint 2013 Developer Tools for Visual Studio
Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack
Microsoft Silverlight
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (12.0.30919.1)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Team Foundation Server 2013 Object Model (x64)
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU
Microsoft Visual C++  ARM Libraries
Microsoft Visual C++  x64-arm Cross Compilers
Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources
Microsoft Visual C++  x64-x86 Cross Compilers
Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources
Microsoft Visual C++  x64 Libraries
Microsoft Visual C++  x64 Native Compilers
Microsoft Visual C++  x64 Native Compilers - ENU Resources
Microsoft Visual C++  x86 Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
Microsoft Visual C++ 2013 Compilers
Microsoft Visual C++ 2013 Compilers - ENU Resources
Microsoft Visual C++ 2013 Core Libraries
Microsoft Visual C++ 2013 Extended Libraries
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86-x64 Compilers
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2013 Devenv
Microsoft Visual Studio 2013 Devenv Resources
Microsoft Visual Studio 2013 IntelliTrace Core amd64
Microsoft Visual Studio 2013 IntelliTrace Core x86
Microsoft Visual Studio 2013 IntelliTrace Front End x86
Microsoft Visual Studio 2013 Performance Collection Tools
Microsoft Visual Studio 2013 Performance Collection Tools - ENU
Microsoft Visual Studio 2013 Preparation
Microsoft Visual Studio 2013 Profiling Tools
Microsoft Visual Studio 2013 Shell (Minimum)
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2013 Shell (Minimum) Resources
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies
Microsoft Visual Studio Premium 2013
Microsoft Visual Studio Premium 2013 - ENU
Microsoft Visual Studio Professional 2013
Microsoft Visual Studio Professional 2013 - ENU
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64)
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU
Microsoft Visual Studio Ultimate 2013
Microsoft Visual Studio Ultimate 2013 - ENU
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
Microsoft Web Deploy 3.5
Microsoft Web Developer Tools 2013 - Visual Studio 2013
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.3
MSVCRT
MSVCRT_amd64
MultiBit 0.5.16
Notepad++
Oasis2Service 1.0
Onekey Theater
ooVoo
Open XML SDK 2.5 for Microsoft Office
OpenVPN 2.3.1-I001
Oracle VM VirtualBox 4.3.8
Power2Go
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Protrader 3
Python Tools Redirection Template
qBittorrent 3.1.9
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RtLED
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2863902) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SharePoint Client Components
Skype™ 6.13
Spotware cAlgo
Spotware cTrader
SRS Premium Sound Control Panel
Synaptics Pointing Device Driver
TAP-Windows 9.9.2
Team Explorer for Microsoft Visual Studio 2013
TeamViewer 9
TightVNC
Trader Workstation 4.0
TrueCrypt
TWS API
Update for  (KB2504637)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
UserGuide
VeriFace
Visual F# 3.1 SDK
Visual F# 3.1 VS
Visual Studio 2013 Prerequisites
Visual Studio 2013 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
VMware vSphere CLI
VMware vSphere Client 5.0
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.3
VNC Viewer 5.0.3
WampServer 2.4
WCF Data Services 5.6.0 Runtime
WCF Data Services Tools for Microsoft Visual Studio 2013
WCF RIA Services V1.0 SP2
Windows 7 USB/DVD Download Tool
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Azure Mobile Services SDK
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinMerge 2.14.0
WinPcap 4.1.2
WinRAR 5.01 (64-bit)
WinSCP 5.5.1
Workflow Manager Client 1.0
Workflow Manager Tools 1.0 for Visual Studio
X-Lite 4
Zoiper
.
==== Event Viewer Messages From Past Week ========
.
06/04/2014 22:27:06, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
06/04/2014 17:18:17, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
06/04/2014 17:13:41, Error: Service Control Manager [7000]  - The cewfp service failed to start due to the following error:  The specified procedure could not be found.
05/04/2014 22:46:37, Error: Schannel [36887]  - The following fatal alert was received: 46.
05/04/2014 22:43:20, Error: Schannel [36887]  - The following fatal alert was received: 48.
02/04/2014 19:03:54, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
02/04/2014 15:37:15, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
.
==== End Of File ===========================
 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Baruch at 15:20:02 on 2014-04-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1255.972.1033.18.8106.1776 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CE\CovenantEyesCommService.exe
C:\Program Files\CE\CovenantEyesProxy.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\windows\SysWOW64\authServer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe
C:\Program Files\CryptSync\CryptSync.exe
C:\Program Files\Cloudfogger\Cloudfogger.exe
C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\Cloudfogger\Cloudfogger.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Baruch\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Zoiper\Zoiper.exe
C:\Users\Baruch\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CE\CovenantEyes.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CE\CovenantEyesHelper.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\CounterPath\X-Lite\awesomium_process
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll
C:\Users\Baruch\Documents\Visual Studio 2013\Projects\AfraidUpdater\AfraidUpdater\bin\Debug\AfraidUpdater.vshost.exe
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft\IntelliTrace\12.0.0\IntelliTrace.exe
C:\Windows\SysWOW64\javaw.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\3CXPhone\3CXPhone.exe
C:\Program Files\TightVNC\tvnviewer.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
C:\windows\system32\calc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\forex\MetaTrader - Alpari UK2\terminal.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uProxyServer = socks=127.0.0.1:8080
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files (x86)\CE\extensions\ie\x86\ceie-0.7.2.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [bandwidthMonitor] C:\Program Files (x86)\BandwidthMonitor\BWMonitor.exe
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Copy] "C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe"
uRun: [CryptSync] "C:\Program Files\CryptSync\CryptSync.exe" /tray
uRun: [Cloudfogger] "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent --autostart
uRun: [X-Lite] "C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Baruch\AppData\Local\Akamai\netsession_win.exe"
uRun: [Zoiper] C:\Program Files (x86)\Zoiper\Zoiper.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Covenant Eyes] C:\Program Files (x86)\CE\CovenantEyes.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRunOnce: [TalkUninstall] cmd.exe /C rmdir /S /Q "C:\Program Files (x86)\NCH Software\Talk"
mRunOnce: [TalkUninstall2] cmd.exe /C rmdir /Q "C:\Program Files (x86)\NCH Software\Talk"
mRunOnce: [TalkUninstall3] cmd.exe /C rmdir /S /Q "C:\Users\Baruch\AppData\Roaming\NCH Software\Program Files\Talk"
mRunOnce: [TalkUninstall4] cmd.exe /C rmdir /Q "C:\Users\Baruch\AppData\Roaming\NCH Software\Program Files"
mRunOnce: [TalkUninstall5] cmd.exe /C rmdir /Q "C:\Users\Baruch\AppData\Roaming\NCH Software"
dRun: [Copy] "C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Baruch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\3CXPhone.lnk - C:\Program Files (x86)\3CXPhone\3CXPhone.exe
StartupFolder: C:\Users\Baruch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Baruch\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Baruch\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
TCP: NameServer = 192.169.1.1
TCP: Interfaces\{2FA38959-2378-4E86-8BB8-59D091F2F2F9} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1} : DHCPNameServer = 192.169.1.1
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\2456A75617D2E6F514236414 : NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\2456A75617D2E6F514236414 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\26F6279637B62756D656271313 : NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\26F6279637B62756D656271313 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\975746573786 : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Covenant Eyes for Internet Explorer: {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files (x86)\CE\extensions\ie\x64\ceie-0.7.2.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [igfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Baruch\AppData\Roaming\Mozilla\Firefox\Profiles\8m67iox4.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-18 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-6-18 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-18 13408]
R1 CBFilterFS;CBFilterFS;C:\windows\System32\drivers\cbfltfs.sys [2014-2-23 148312]
R1 cbfs3;cbfs3;C:\windows\System32\drivers\cbfs3.sys [2014-2-23 352520]
R1 cewd64f;cewd64f service;\??\C:\windows\System32\Drivers\cewd64f.sys --> C:\windows\System32\Drivers\cewd64f.sys [?]
R1 cewd64r;cewd64r service;\??\C:\windows\System32\Drivers\cewd64r.sys --> C:\windows\System32\Drivers\cewd64r.sys [?]
R2 Auth Service;Auth Service;C:\windows\System32\authServer.exe --> C:\windows\System32\authServer.exe [?]
R2 CovenantEyesCommService;Covenant Eyes Communication Service;C:\Program Files (x86)\CE\CovenantEyesCommService.exe [2014-2-2 4531560]
R2 CovenantEyesProxy;CovenantEyesProxy;C:\Program Files\CE\CovenantEyesProxy.exe [2014-2-2 5345120]
R2 IDMWFP;IDMWFP;C:\windows\System32\drivers\idmwfp.sys [2014-2-5 175480]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-23 46080]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-2 4972864]
R2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-7-19 2179056]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-18 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-8-14 609904]
R2 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2014-2-2 4773768]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-2-2 266240]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-5 31088]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-6 119512]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-18 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\System32\drivers\vm2uvcflt.sys [2011-6-18 15056]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2011-6-18 234960]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 cewfp;cewfp;C:\windows\System32\drivers\cewfp64.sys [2014-2-2 40136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-6-18 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-6-18 39464]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2014-2-2 15768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-6-18 332272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-2 19456]
S3 tap0801;TAP-Win32 Adapter V8;C:\windows\System32\drivers\tap0801.sys [2005-4-14 30720]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-2 30208]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2014-2-2 19968]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-5 87728]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-2-2 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-06 14:21:08    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\BowPad
2014-04-06 13:34:56    119512    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-04-06 13:34:23    88280    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-04-06 13:34:23    63192    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-04-06 13:34:23    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-04-06 13:34:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-04-06 13:34:23    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 02:58:42    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{628FEC5D-1883-4A5D-A526-C6301AEF7064}\mpengine.dll
2014-04-05 17:53:59    10521840    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 17:42:53    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\Foxit Software
2014-04-04 08:34:50    --------    d-----w-    C:\Users\Baruch\AppData\Local\3CX VoIP Phone
2014-04-04 08:34:41    --------    d-----w-    C:\Program Files (x86)\3CXPhone
2014-04-04 06:13:05    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\Foxit Advanced PDF Editor
2014-04-04 06:13:05    --------    d-----w-    C:\Users\Baruch\AppData\Local\Foxit Advanced PDF Editor
2014-04-04 06:13:02    --------    d-----w-    C:\ProgramData\Foxit Advanced PDF Editor
2014-04-04 06:13:02    --------    d-----w-    C:\ProgramData\Aspell
2014-04-04 06:12:59    --------    d-----w-    C:\Users\Baruch\AppData\Local\Aspell
2014-04-04 06:12:59    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2014-04-04 00:42:12    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD6733D5-D733-4563-93BE-8B40E4C7941B}\gapaengine.dll
2014-04-03 10:17:02    --------    d-----w-    C:\Program Files (x86)\ElectraSoft
2014-04-03 10:15:53    --------    d-----w-    C:\klr
2014-04-03 07:59:59    --------    d-----w-    C:\Users\Baruch\AppData\Local\AfraidUpdater
2014-04-02 11:20:21    --------    d-----w-    C:\ProgramData\eMule
2014-04-02 11:20:12    --------    d-----w-    C:\Users\Baruch\AppData\Local\eMule
2014-04-02 11:20:10    --------    d-----w-    C:\Program Files (x86)\eMule
2014-04-02 07:35:29    --------    d-----w-    C:\Users\Baruch\AppData\Local\EtradeWinformsTest
2014-03-31 05:39:38    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\CompanionLink
2014-03-31 05:39:33    --------    d-----w-    C:\Program Files (x86)\CompanionLink
2014-03-30 08:30:59    --------    d-----w-    C:\Program Files\BowPad
2014-03-22 21:22:35    --------    d-----w-    C:\Program Files\TAP-Windows
2014-03-22 21:22:34    --------    d-----w-    C:\Program Files\OpenVPN
2014-03-22 20:04:13    --------    d-----w-    C:\Program Files (x86)\OpenVPN
2014-03-20 08:57:31    --------    d-----w-    C:\Users\Baruch\AppData\Local\qBittorrent
2014-03-20 08:57:27    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\qBittorrent
2014-03-20 08:57:20    --------    d-----w-    C:\Program Files (x86)\qBittorrent
2014-03-19 08:04:20    --------    d-----w-    C:\Program Files (x86)\Bunny-Wabbit
2014-03-19 07:55:52    --------    d-----w-    C:\Program Files (x86)\MagicISO
2014-03-18 08:34:02    --------    d-----w-    C:\Users\Baruch\VirtualBox VMs
2014-03-18 08:02:53    --------    d-----w-    C:\Users\Baruch\.VirtualBox
2014-03-18 08:02:21    252704    ----a-w-    C:\windows\System32\drivers\VBoxDrv.sys
2014-03-18 08:02:16    126752    ----a-w-    C:\windows\System32\drivers\VBoxUSBMon.sys
2014-03-18 08:02:13    --------    d-----w-    C:\Program Files\Oracle
2014-03-15 18:44:49    --------    d-----w-    C:\Users\Baruch\AppData\Roaming\netcitadel.com
2014-03-15 18:44:08    --------    d-----w-    C:\FWBuilder51
2014-03-12 02:13:26    484864    ----a-w-    C:\windows\System32\wer.dll
2014-03-12 02:13:26    381440    ----a-w-    C:\windows\SysWow64\wer.dll
2014-03-12 02:13:26    228864    ----a-w-    C:\windows\System32\wwansvc.dll
2014-03-12 02:13:25    3156480    ----a-w-    C:\windows\System32\win32k.sys
2014-03-12 02:11:36    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-03-12 02:11:36    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-03-12 02:11:36    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-03-12 02:11:35    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:26:30    --------    d-----w-    C:\windows\AutoKMS
2014-03-11 13:26:01    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2014-03-11 07:43:27    --------    d-sh--w-    C:\windows\BitLockerDiscoveryVolumeContents
2014-03-11 07:43:27    --------    d-----w-    C:\windows\RemotePackages
2014-03-10 16:13:03    --------    d-----w-    C:\Users\Baruch\AppData\Local\{0E7D499C-96AA-48D9-839C-F9275431A3EF}
2014-03-10 16:12:51    --------    d-----w-    C:\Users\Baruch\AppData\Local\{9355BC1B-4B77-449F-AE8F-7BFBCD4AA42D}
.
==================== Find3M  ====================
.
2014-03-11 20:38:18    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:38:18    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 07:52:30    133928    ----a-w-    C:\windows\System32\drivers\NisDrvWFP.sys
2014-02-25 16:27:38    154912    ----a-w-    C:\windows\System32\drivers\VBoxNetFlt.sys
2014-02-25 16:27:38    140576    ----a-w-    C:\windows\System32\drivers\VBoxNetAdp.sys
2014-02-25 16:24:28    204064    ----a-w-    C:\windows\System32\VBoxNetFltNobj.dll
2014-02-21 09:51:45    231376    ----a-w-    C:\windows\System32\drivers\truecrypt.sys
2014-02-13 05:49:39    14773248    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-02-02 17:00:02    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-02-02 17:00:02    194048    ----a-w-    C:\windows\SysWow64\elshyph.dll
2014-02-02 15:08:03    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-24 23:19:42    268512    ----a-w-    C:\windows\System32\drivers\MpFilter.sys
2014-01-22 07:45:48    4445520    ----a-w-    C:\windows\SysWow64\authServer.exe
2014-01-22 07:44:02    40136    ----a-w-    C:\windows\System32\drivers\cewfp64.sys
2014-01-22 06:52:10    108800    ----a-w-    C:\windows\System32\drivers\ssudbus.sys
2014-01-19 07:33:29    270496    ------w-    C:\windows\System32\MpSigStub.exe
2014-01-09 02:22:42    5694464    ----a-w-    C:\windows\SysWow64\mstscax.dll
.
============= FINISH: 15:20:25.58 ===============
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
P2P software installed

Going over your logs I noticed that you have qBitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

ooVoo



Close the window.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Gmer rootkit scanner

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-07 16:39:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 M4-CT256 rev.000F 238.47GB
Running: b50m6zy9.exe; Driver: C:\Users\Baruch\AppData\Local\Temp\pwdiipog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8588]                                                                                                                                                             0000000077d42e65
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8244]                                                                                                                                                             000000006e580dc7
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:9680]                                                                                                                                                             000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8240]                                                                                                                                                             000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:9640]                                                                                                                                                             000000006953b73e
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8276]                                                                                                                                                             000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:9968]                                                                                                                                                             000000006e6519f9
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:1664]                                                                                                                                                             0000000034b6c4a0
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:11064]                                                                                                                                                            00000000739e786a
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:10040]                                                                                                                                                            000000003b8aaf9c
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:10164]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:10168]                                                                                                                                                            000000006e61ff4d
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:10700]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:11212]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:11216]                                                                                                                                                            0000000050a99a94
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8064]                                                                                                                                                             0000000037c5188d
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:11236]                                                                                                                                                            0000000050a74337
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:11240]                                                                                                                                                            000000007757d864
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:9572]                                                                                                                                                             00000000375f9f74
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:6800]                                                                                                                                                             0000000077d43e85
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:10108]                                                                                                                                                            000000007757d864
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8124]                                                                                                                                                             0000000077d43e85
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:3660]                                                                                                                                                             000000006ef232fb
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:4812]                                                                                                                                                             0000000077d43e85
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8432]                                                                                                                                                             0000000077d43e85
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:13932]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:15012]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:8760]                                                                                                                                                             000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:16920]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:15456]                                                                                                                                                            000000006e6336af
Thread   C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe [9244:15672]                                                                                                                                                            000000006e6336af
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:9636]                                                              000000006e580dc7
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:11108]                                                             000000006e6336af
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:5180]                                                              0000000077d42e65
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:9140]                                                              000000006e61ff4d
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:10756]                                                             0000000077d43e85
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:6440]                                                              000000006e6519f9
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:17040]                                                             000000006e6336af
Thread   C:\windows\Microsoft.Net\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll [10668:14292]                                                             000000006e6336af
---- Processes - GMER 2.1 ----

Library  C:\Users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [3888] (Copy Shell Extensions/Barracuda Networks, Inc.)(2014-02-19 08:18:52)                                                             000007fef2da0000
Library  C:\Users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Program Files\RealVNC\VNC Server\vncserver.exe [5792] (Copy Shell Extensions/Barracuda Networks, Inc.)(2014-02-19 08:18:52)                                   000007fef2da0000
Library  C:\Users\Baruch\AppData\Roaming\Copy\Gui.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900](2014-02-0                                                                                                            000007fee8e00000
Library  C:\Users\Baruch\AppData\Roaming\Copy\Brt.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900](2014-02-0                                                                                                            000007fee7190000
Library  C:\Users\Baruch\AppData\Roaming\Copy\QtCore4.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 21:47:16)              0000000074b60000
Library  C:\Users\Baruch\AppData\Roaming\Copy\QtGui4.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 21:47:16)               00000000741d0000
Library  C:\Users\Baruch\AppData\Roaming\Copy\AgentSync.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900](2014-02-04 13:29:10)                                                                                           000007fee6700000
Library  C:\Users\Baruch\AppData\Roaming\Copy\CloudSync.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900](2014-02-04 13:27:12)                                                                                           000007fee5e80000
Library  C:\Users\Baruch\AppData\Roaming\Copy\imageformats\qjpeg4.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Copy\CopyAgent.exe [5900] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-08-05 21:47:50)  000007fef8f50000
Library  C:\Users\Baruch\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe [6700](2013-12-18 02:25:54)                                                                            0000000003d80000
Library  c:\users\baruch\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiverdu.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe [6700](2014-04-06 14:16:17)                              00000000058d0000
Library  C:\Users\Baruch\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe [6700](2013-10-18 23:55:02)                                                                                  000000005ba50000
Library  C:\Users\Baruch\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe [6700] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                                                    00000000600f0000
Library  C:\Users\Baruch\AppData\Local\assembly\dl3\W2NZWX1A.VAJ\24JGQ94G.T2J\58f07b15\00d18f75_74abc101\CLOutlookAddIn.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [9404](2014-04-06 14:34:00)                       0000000060be0000
Library  C:\Users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [9404] (Copy Shell Extensions/Barracuda Networks, Inc.)(2014-02-19 08:18:52)                              000007fef2da0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2ECF2FFA-D090-43B0-B205-8373ED857FF3}\Connection@Name                                                                                                        isatap.{9296C534-B375-41AF-A0AD-91A5A5F4224D}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D792521F-2941-4A7C-9193-E86FD2E908E9}\Connection@Name                                                                                                        isatap.{A1CEF1E7-D324-4259-8FA7-68E6E39A7868}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                                                           \Device\{AF9C7CBD-AD8C-46D6-B6BE-68AA1DC2F7B5}?\Device\{E120A89F-1FAD-4B62-A4E1-F4703C4A7A44}?\Device\{D792521F-2941-4A7C-9193-E86FD2E908E9}?\Device\{2ECF2FFA-D090-43B0-B205-8373ED857FF3}?\Device\{EAB6C45E-4CAC-4713-8B58-48B92E120760}?\Device\{FF16F635-D371-44F5-9456-977755CA7264}?\Device\{B94921F5-F60D-4B4E-AB4D-3961731431EB}?\Device\{41963481-C671-4607-AF75-A6F22DA3AF1B}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                                                          "{AF9C7CBD-AD8C-46D6-B6BE-68AA1DC2F7B5}"?"{E120A89F-1FAD-4B62-A4E1-F4703C4A7A44}"?"{D792521F-2941-4A7C-9193-E86FD2E908E9}"?"{2ECF2FFA-D090-43B0-B205-8373ED857FF3}"?"{EAB6C45E-4CAC-4713-8B58-48B92E120760}"?"{FF16F635-D371-44F5-9456-977755CA7264}"?"{B94921F5-F60D-4B4E-AB4D-3961731431EB}"?"{41963481-C671-4607-AF75-A6F22DA3AF1B}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                                                         \Device\TCPIP6TUNNEL_{AF9C7CBD-AD8C-46D6-B6BE-68AA1DC2F7B5}?\Device\TCPIP6TUNNEL_{E120A89F-1FAD-4B62-A4E1-F4703C4A7A44}?\Device\TCPIP6TUNNEL_{D792521F-2941-4A7C-9193-E86FD2E908E9}?\Device\TCPIP6TUNNEL_{2ECF2FFA-D090-43B0-B205-8373ED857FF3}?\Device\TCPIP6TUNNEL_{EAB6C45E-4CAC-4713-8B58-48B92E120760}?\Device\TCPIP6TUNNEL_{FF16F635-D371-44F5-9456-977755CA7264}?\Device\TCPIP6TUNNEL_{B94921F5-F60D-4B4E-AB4D-3961731431EB}?\Device\TCPIP6TUNNEL_{41963481-C671-4607-AF75-A6F22DA3AF1B}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e08d0a                                                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2ECF2FFA-D090-43B0-B205-8373ED857FF3}@InterfaceName                                                                                                                             isatap.{9296C534-B375-41AF-A0AD-91A5A5F4224D}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2ECF2FFA-D090-43B0-B205-8373ED857FF3}@ReusableType                                                                                                                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D792521F-2941-4A7C-9193-E86FD2E908E9}@InterfaceName                                                                                                                             isatap.{A1CEF1E7-D324-4259-8FA7-68E6E39A7868}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D792521F-2941-4A7C-9193-E86FD2E908E9}@ReusableType                                                                                                                              0
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e08d0a (not active ControlSet)                                                                                                                                                    

---- EOF - GMER 2.1 ----

 

TDSS-Killer

 

Makes post too long so I am attaching the log instead.
 

TDSSKiller.3.0.0.30_07.04.2014_16.40.25_log.txt

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

combofix

 

ComboFix 14-04-06.01 - Baruch 04/07/2014  17:26:10.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1255.972.1033.18.8106.3499 [GMT 3:00]
Running from: c:\users\Baruch\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\contacts3.bin
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings.rdp
c:\programdata\AMMYY\settings3.bin
c:\programdata\Roaming
c:\users\Baruch\AppData\Local\assembly\tmp
c:\users\Baruch\AppData\Local\Temp\TeamViewer\Version9\TVFile14.bak_2014-04-06-21-18-58.tmp
c:\users\Baruch\AppData\Local\Temp\TeamViewer\Version9\TVFile16.bak_2014-04-06-21-18-58.tmp
c:\windows\s.bat
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-07 to 2014-04-07  )))))))))))))))))))))))))))))))
.
.
2014-04-07 14:34 . 2014-04-07 14:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-07 14:25 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2E981AF-2373-4652-A791-5164F623CAF6}\mpengine.dll
2014-04-06 14:21 . 2014-04-06 14:21    --------    d-----w-    c:\users\Baruch\AppData\Roaming\BowPad
2014-04-06 13:34 . 2014-04-07 09:56    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-06 13:34 . 2014-04-06 13:34    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-06 13:34 . 2014-04-06 13:34    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-06 13:34 . 2014-04-03 06:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-06 13:34 . 2014-04-03 06:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-06 13:34 . 2014-04-03 06:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-06 02:58 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 17:42 . 2014-04-05 17:42    --------    d-----w-    c:\users\Baruch\AppData\Roaming\Foxit Software
2014-04-04 08:34 . 2014-04-04 10:14    --------    d-----w-    c:\users\Baruch\AppData\Local\3CX VoIP Phone
2014-04-04 08:34 . 2014-04-04 08:34    --------    d-----w-    c:\program files (x86)\3CXPhone
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\users\Baruch\AppData\Roaming\Foxit Advanced PDF Editor
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\users\Baruch\AppData\Local\Foxit Advanced PDF Editor
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\programdata\Aspell
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\programdata\Foxit Advanced PDF Editor
2014-04-04 06:12 . 2014-04-04 06:12    --------    d-----w-    c:\users\Baruch\AppData\Local\Aspell
2014-04-04 06:12 . 2014-04-04 06:12    --------    d-----w-    c:\program files (x86)\Foxit Software
2014-04-04 00:42 . 2014-02-20 11:14    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6733D5-D733-4563-93BE-8B40E4C7941B}\gapaengine.dll
2014-04-03 10:17 . 2014-04-03 10:19    --------    d-----w-    c:\program files (x86)\ElectraSoft
2014-04-03 10:15 . 2014-04-03 10:15    --------    d-----w-    C:\klr
2014-04-03 07:59 . 2014-04-03 07:59    --------    d-----w-    c:\users\Baruch\AppData\Local\AfraidUpdater
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\programdata\eMule
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\users\Baruch\AppData\Local\eMule
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\program files (x86)\eMule
2014-04-02 07:35 . 2014-04-02 07:35    --------    d-----w-    c:\users\Baruch\AppData\Local\EtradeWinformsTest
2014-03-31 05:39 . 2014-03-31 05:39    --------    d-----w-    c:\users\Baruch\AppData\Roaming\CompanionLink
2014-03-31 05:39 . 2014-03-31 05:39    --------    d-----w-    c:\program files (x86)\CompanionLink
2014-03-30 08:30 . 2014-04-06 14:20    --------    d-----w-    c:\program files\BowPad
2014-03-22 21:22 . 2014-03-22 21:22    --------    d-----w-    c:\program files\TAP-Windows
2014-03-22 21:22 . 2014-03-22 21:23    --------    d-----w-    c:\program files\OpenVPN
2014-03-22 20:04 . 2014-03-22 21:20    --------    d-----w-    c:\program files (x86)\OpenVPN
2014-03-20 08:57 . 2014-03-20 08:57    --------    d-----w-    c:\users\Baruch\AppData\Local\qBittorrent
2014-03-20 08:57 . 2014-03-20 08:59    --------    d-----w-    c:\users\Baruch\AppData\Roaming\qBittorrent
2014-03-20 08:57 . 2014-03-20 08:57    --------    d-----w-    c:\program files (x86)\qBittorrent
2014-03-19 08:04 . 2014-03-19 08:04    --------    d-----w-    c:\program files (x86)\Bunny-Wabbit
2014-03-19 07:55 . 2014-03-19 07:58    --------    d-----w-    c:\program files (x86)\MagicISO
2014-03-18 08:34 . 2014-03-18 08:34    --------    d-----w-    c:\users\Baruch\VirtualBox VMs
2014-03-18 08:02 . 2014-03-20 16:27    --------    d-----w-    c:\users\Baruch\.VirtualBox
2014-03-18 08:02 . 2014-02-25 16:31    252704    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys
2014-03-18 08:02 . 2014-03-18 08:02    --------    dc----w-    c:\windows\system32\DRVSTORE
2014-03-18 08:02 . 2014-02-25 16:27    126752    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys
2014-03-18 08:02 . 2014-03-18 08:02    --------    d-----w-    c:\program files\Oracle
2014-03-15 18:44 . 2014-03-15 18:44    --------    d-----w-    c:\users\Baruch\AppData\Roaming\netcitadel.com
2014-03-15 18:44 . 2014-03-15 18:44    --------    d-----w-    C:\FWBuilder51
2014-03-12 02:13 . 2014-01-29 02:32    484864    ----a-w-    c:\windows\system32\wer.dll
2014-03-12 02:13 . 2014-01-29 02:06    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-12 02:13 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-12 02:13 . 2014-02-07 01:23    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-03-12 02:11 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-12 02:11 . 2014-02-04 02:32    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-12 02:11 . 2014-02-04 02:04    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-12 02:11 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:26 . 2014-03-12 13:35    --------    d-----w-    c:\windows\AutoKMS
2014-03-11 13:26 . 2014-03-11 13:26    --------    d-----w-    c:\programdata\Microsoft Toolkit
2014-03-11 07:43 . 2014-03-11 07:43    --------    d-sh--w-    c:\windows\BitLockerDiscoveryVolumeContents
2014-03-11 07:43 . 2014-03-11 07:43    --------    d-----w-    c:\windows\RemotePackages
2014-03-10 08:05 . 2014-03-10 08:05    --------    d-----w-    c:\program files\7-Zip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 01:00 . 2014-02-02 14:56    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 20:38 . 2014-02-02 15:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:38 . 2014-02-02 15:49    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 07:52 . 2013-09-27 07:53    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-25 16:27 . 2014-02-25 16:27    154912    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys
2014-02-25 16:27 . 2014-02-25 16:27    140576    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys
2014-02-25 16:24 . 2014-02-25 16:24    204064    ----a-w-    c:\windows\system32\VBoxNetFltNobj.dll
2014-02-21 09:51 . 2014-02-21 09:51    231376    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2014-02-20 11:14 . 2014-02-19 05:46    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-13 05:49 . 2014-02-02 14:39    14773248    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2014-02-07 07:08 . 2014-02-07 07:08    98304    ----a-r-    c:\users\Baruch\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2014-02-06 12:16 . 2014-02-13 01:00    23170048    ----a-w-    c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-13 01:00    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-13 01:00    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-13 01:00    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-13 01:00    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-13 01:00    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-13 01:00    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-13 01:00    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-13 01:00    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-13 01:00    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-13 01:00    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-13 01:00    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-13 01:00    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-13 01:00    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-13 01:00    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-13 01:00    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-13 01:00    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-13 01:00    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-13 01:00    627200    ----a-w-    c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-13 01:00    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-13 01:00    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-13 01:00    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-13 01:00    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-13 01:00    2334208    ----a-w-    c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-13 01:00    13051392    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-13 01:00    1964032    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-13 01:00    1393664    ----a-w-    c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-13 01:00    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-13 01:00    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-02-02 19:54 . 2014-02-02 19:54    2850432    ----a-w-    c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2014-02-02 17:00 . 2014-02-02 17:00    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-02 17:00 . 2014-02-02 17:00    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-02-02 16:59 . 2014-02-02 16:59    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-02 16:59 . 2014-02-02 16:59    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-02 16:59 . 2014-02-02 16:59    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-02 16:59 . 2014-02-02 16:59    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-02-02 16:59 . 2014-02-02 16:59    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-02-02 16:59 . 2014-02-02 16:59    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-02-02 16:59 . 2014-02-02 16:59    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-02-02 16:59 . 2014-02-02 16:59    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-02-02 16:59 . 2014-02-02 16:59    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-02 16:59 . 2014-02-02 16:59    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-02-02 16:59 . 2014-02-02 16:59    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-02-02 16:59 . 2014-02-02 16:59    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-02 16:59 . 2014-02-02 16:59    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-02-02 16:59 . 2014-02-02 16:59    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-02-02 16:59 . 2014-02-02 16:59    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-02-02 16:59 . 2014-02-02 16:59    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-02-02 16:59 . 2014-02-02 16:59    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-02-02 16:59 . 2014-02-02 16:59    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-02-02 16:59 . 2014-02-02 16:59    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-02-02 16:59 . 2014-02-02 16:59    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-02 16:59 . 2014-02-02 16:59    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-02 16:59 . 2014-02-02 16:59    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-02-02 16:59 . 2014-02-02 16:59    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-02-02 16:59 . 2014-02-02 16:59    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-02-02 16:59 . 2014-02-02 16:59    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-02-02 16:59 . 2014-02-02 16:59    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-02 16:59 . 2014-02-02 16:59    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-02-02 16:59 . 2014-02-02 16:59    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-02-02 16:59 . 2014-02-02 16:59    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-02-02 16:59 . 2014-02-02 16:59    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-02 16:59 . 2014-02-02 16:59    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-02 16:59 . 2014-02-02 16:59    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-02-02 16:59 . 2014-02-02 16:59    413696    ----a-w-    c:\windows\system32\html.iec
2014-02-02 16:59 . 2014-02-02 16:59    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-02 16:59 . 2014-02-02 16:59    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-02 16:59 . 2014-02-02 16:59    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-02-02 16:59 . 2014-02-02 16:59    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-02-02 16:59 . 2014-02-02 16:59    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-02-02 16:59 . 2014-02-02 16:59    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-02-02 16:59 . 2014-02-02 16:59    235520    ----a-w-    c:\windows\system32\url.dll
2014-02-02 16:59 . 2014-02-02 16:59    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-02 16:59 . 2014-02-02 16:59    147968    ----a-w-    c:\windows\system32\occache.dll
2014-02-02 16:59 . 2014-02-02 16:59    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-02-02 16:59 . 2014-02-02 16:59    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-02-02 16:59 . 2014-02-02 16:59    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-02-02 16:59 . 2014-02-02 16:59    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-02-02 16:59 . 2014-02-02 16:59    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-02 16:59 . 2014-02-02 16:59    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-02 16:59 . 2014-02-02 16:59    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-02 16:59 . 2014-02-02 16:59    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-02-02 15:08 . 2014-02-02 15:08    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-02 14:28 . 2010-06-24 11:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-29 21:02 . 2014-01-29 21:02    279000    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-01-29 21:02 . 2014-01-29 21:02    524800    ----a-w-    c:\windows\system32\iglhsip64.dll
2014-01-29 21:02 . 2014-01-29 21:02    519680    ----a-w-    c:\windows\SysWow64\iglhsip32.dll
2014-01-29 21:02 . 2014-01-29 21:02    515544    ----a-w-    c:\windows\system32\igfxsrvc.exe
2014-01-29 21:02 . 2014-01-29 21:02    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-06-18 15:58    433648    ----a-w-    c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2014-01-22 07:45    1641808    ----a-w-    c:\program files (x86)\CE\extensions\ie\x86\ceie-0.7.2.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 0Cloudfogger]
@="{15EDBCBF-7231-4290-946E-5BB12C6AF342}"
[HKEY_CLASSES_ROOT\CLSID\{15EDBCBF-7231-4290-946E-5BB12C6AF342}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1Cloudfogger]
@="{14A3EC74-D852-416A-9691-AC3096EE1953}"
[HKEY_CLASSES_ROOT\CLSID\{14A3EC74-D852-416A-9691-AC3096EE1953}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 2Cloudfogger]
@="{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}"
[HKEY_CLASSES_ROOT\CLSID\{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-01-14 20728480]
"BandwidthMonitor"="c:\program files (x86)\BandwidthMonitor\BWMonitor.exe" [2014-02-05 224256]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-02-09 3825232]
"Copy"="c:\users\Baruch\AppData\Roaming\Copy\CopyAgent.exe" [2014-04-04 15504528]
"CryptSync"="c:\program files\CryptSync\CryptSync.exe" [2013-11-16 707320]
"Cloudfogger"="c:\program files\Cloudfogger\Cloudfogger.exe" [2013-02-25 7173456]
"X-Lite"="c:\program files (x86)\CounterPath\X-Lite\X-Lite.exe" [2013-10-03 4867936]
"Akamai NetSession Interface"="c:\users\Baruch\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
"Zoiper"="c:\program files (x86)\Zoiper\Zoiper.exe" [2013-12-19 10291200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-18 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Covenant Eyes"="c:\program files (x86)\CE\CovenantEyes.exe" [2014-01-22 7101272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"TalkUninstall"="rmdir" [X]
"TalkUninstall2"="rmdir" [X]
"TalkUninstall3"="rmdir" [X]
"TalkUninstall4"="rmdir" [X]
"TalkUninstall5"="rmdir" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\Baruch\AppData\Roaming\Copy\CopyAgent.exe" [2014-04-04 15504528]
.
c:\users\Baruch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3CXPhone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe minimize [2012-7-30 2062336]
Dropbox.lnk - c:\users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-2 14773248]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-2-2 14773248]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe /h [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 cewfp;cewfp;c:\windows\system32\Drivers\cewfp64.sys;c:\windows\SYSNATIVE\Drivers\cewfp64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 CBFilterFS;CBFilterFS;c:\windows\system32\drivers\cbfltfs.sys;c:\windows\SYSNATIVE\drivers\cbfltfs.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 cewd64f;cewd64f service;c:\windows\system32\Drivers\cewd64f.sys;c:\windows\SYSNATIVE\Drivers\cewd64f.sys [x]
S1 cewd64r;cewd64r service;c:\windows\system32\Drivers\cewd64r.sys;c:\windows\SYSNATIVE\Drivers\cewd64r.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe;c:\windows\SYSNATIVE\authServer.exe [x]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files (x86)\CE\CovenantEyesCommService.exe;c:\program files (x86)\CE\CovenantEyesCommService.exe [x]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe;c:\program files\CE\CovenantEyesProxy.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe;c:\program files\Realtek\RtLED\RtLEDService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45600837
*NewlyCreated* - PWDIIPOG
*Deregistered* - 45600837
*Deregistered* - pwdiipog
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:32    1150280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02 20:38]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:57]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-06-18 15:58    750064    ----a-w-    c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2014-01-22 07:45    2118480    ----a-w-    c:\program files (x86)\CE\extensions\ie\x64\ceie-0.7.2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 0Cloudfogger]
@="{15EDBCBF-7231-4290-946E-5BB12C6AF342}"
[HKEY_CLASSES_ROOT\CLSID\{15EDBCBF-7231-4290-946E-5BB12C6AF342}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1Cloudfogger]
@="{14A3EC74-D852-416A-9691-AC3096EE1953}"
[HKEY_CLASSES_ROOT\CLSID\{14A3EC74-D852-416A-9691-AC3096EE1953}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 2Cloudfogger]
@="{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}"
[HKEY_CLASSES_ROOT\CLSID\{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-06-18 15:47    1502720    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-18 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-18 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-18 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-18 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-12-12 495616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = socks=127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000


IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.169.1.1
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\2456A75617D2E6F514236414: NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\26F6279637B62756D656271313: NameServer = 8.8.8.8,4.2.2.2
FF - ProfilePath - c:\users\Baruch\AppData\Roaming\Mozilla\Firefox\Profiles\8m67iox4.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-186838000-3208792219-961223589-1000_Classes\Wow6432Node\CLSID\{0612e993-9355-42f1-9160-d736666b9729}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005f
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-186838000-3208792219-961223589-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):90,0d,9b,08,a1,71,3a,00,36,e7,00,7c,d9,5c,64,45,89,7e,aa,26,4e,
   9b,7f,c8,77,b0,99,42,44,ef,16,15,6b,e7,ef,71,0c,0a,55,a8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-07  17:37:02
ComboFix-quarantined-files.txt  2014-04-07 14:37
.
Pre-Run: 75,177,451,520 bytes free
Post-Run: 78,623,694,848 bytes free
.
- - End Of File - - 80B3F424492046F79378C8F4CD94DBE5
 

Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Partner

Covenant Eyes


Close the window.

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------

  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------

  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

 

 

CFScript.txt

Link to post
Share on other sites

result

 

ComboFix 14-04-06.01 - Baruch 04/07/2014  19:12:17.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1255.972.1033.18.8106.4789 [GMT 3:00]
Running from: c:\users\Baruch\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Baruch\Downloads\Programs\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Partner
c:\programdata\Partner\debug.log
c:\programdata\Partner\Partner.dll
c:\programdata\Partner\Partner.exe
c:\programdata\Partner\Partner64.dll
c:\users\Baruch\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Partner Service
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-07 to 2014-04-07  )))))))))))))))))))))))))))))))
.
.
2014-04-07 16:18 . 2014-04-07 16:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-07 14:25 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2E981AF-2373-4652-A791-5164F623CAF6}\mpengine.dll
2014-04-06 14:21 . 2014-04-06 14:21    --------    d-----w-    c:\users\Baruch\AppData\Roaming\BowPad
2014-04-06 13:34 . 2014-04-07 09:56    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-06 13:34 . 2014-04-06 13:34    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-06 13:34 . 2014-04-06 13:34    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-06 13:34 . 2014-04-03 06:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-06 13:34 . 2014-04-03 06:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-06 13:34 . 2014-04-03 06:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-06 02:58 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-05 17:42 . 2014-04-05 17:42    --------    d-----w-    c:\users\Baruch\AppData\Roaming\Foxit Software
2014-04-04 08:34 . 2014-04-04 10:14    --------    d-----w-    c:\users\Baruch\AppData\Local\3CX VoIP Phone
2014-04-04 08:34 . 2014-04-04 08:34    --------    d-----w-    c:\program files (x86)\3CXPhone
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\users\Baruch\AppData\Roaming\Foxit Advanced PDF Editor
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\users\Baruch\AppData\Local\Foxit Advanced PDF Editor
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\programdata\Aspell
2014-04-04 06:13 . 2014-04-04 06:13    --------    d-----w-    c:\programdata\Foxit Advanced PDF Editor
2014-04-04 06:12 . 2014-04-04 06:12    --------    d-----w-    c:\users\Baruch\AppData\Local\Aspell
2014-04-04 06:12 . 2014-04-04 06:12    --------    d-----w-    c:\program files (x86)\Foxit Software
2014-04-04 00:42 . 2014-02-20 11:14    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6733D5-D733-4563-93BE-8B40E4C7941B}\gapaengine.dll
2014-04-03 10:17 . 2014-04-03 10:19    --------    d-----w-    c:\program files (x86)\ElectraSoft
2014-04-03 10:15 . 2014-04-03 10:15    --------    d-----w-    C:\klr
2014-04-03 07:59 . 2014-04-03 07:59    --------    d-----w-    c:\users\Baruch\AppData\Local\AfraidUpdater
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\programdata\eMule
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\users\Baruch\AppData\Local\eMule
2014-04-02 11:20 . 2014-04-02 11:20    --------    d-----w-    c:\program files (x86)\eMule
2014-04-02 07:35 . 2014-04-02 07:35    --------    d-----w-    c:\users\Baruch\AppData\Local\EtradeWinformsTest
2014-03-31 05:39 . 2014-03-31 05:39    --------    d-----w-    c:\users\Baruch\AppData\Roaming\CompanionLink
2014-03-31 05:39 . 2014-03-31 05:39    --------    d-----w-    c:\program files (x86)\CompanionLink
2014-03-30 08:30 . 2014-04-06 14:20    --------    d-----w-    c:\program files\BowPad
2014-03-22 21:22 . 2014-03-22 21:22    --------    d-----w-    c:\program files\TAP-Windows
2014-03-22 21:22 . 2014-03-22 21:23    --------    d-----w-    c:\program files\OpenVPN
2014-03-22 20:04 . 2014-03-22 21:20    --------    d-----w-    c:\program files (x86)\OpenVPN
2014-03-20 08:57 . 2014-03-20 08:57    --------    d-----w-    c:\users\Baruch\AppData\Local\qBittorrent
2014-03-20 08:57 . 2014-03-20 08:59    --------    d-----w-    c:\users\Baruch\AppData\Roaming\qBittorrent
2014-03-20 08:57 . 2014-03-20 08:57    --------    d-----w-    c:\program files (x86)\qBittorrent
2014-03-19 08:04 . 2014-03-19 08:04    --------    d-----w-    c:\program files (x86)\Bunny-Wabbit
2014-03-19 07:55 . 2014-03-19 07:58    --------    d-----w-    c:\program files (x86)\MagicISO
2014-03-18 08:34 . 2014-03-18 08:34    --------    d-----w-    c:\users\Baruch\VirtualBox VMs
2014-03-18 08:02 . 2014-03-20 16:27    --------    d-----w-    c:\users\Baruch\.VirtualBox
2014-03-18 08:02 . 2014-02-25 16:31    252704    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys
2014-03-18 08:02 . 2014-03-18 08:02    --------    dc----w-    c:\windows\system32\DRVSTORE
2014-03-18 08:02 . 2014-02-25 16:27    126752    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys
2014-03-18 08:02 . 2014-03-18 08:02    --------    d-----w-    c:\program files\Oracle
2014-03-15 18:44 . 2014-03-15 18:44    --------    d-----w-    c:\users\Baruch\AppData\Roaming\netcitadel.com
2014-03-15 18:44 . 2014-03-15 18:44    --------    d-----w-    C:\FWBuilder51
2014-03-12 02:13 . 2014-01-29 02:32    484864    ----a-w-    c:\windows\system32\wer.dll
2014-03-12 02:13 . 2014-01-29 02:06    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-12 02:13 . 2014-01-28 02:32    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-12 02:13 . 2014-02-07 01:23    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-03-12 02:11 . 2014-02-04 02:32    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-12 02:11 . 2014-02-04 02:32    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-12 02:11 . 2014-02-04 02:04    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-12 02:11 . 2014-02-04 02:04    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 13:26 . 2014-03-12 13:35    --------    d-----w-    c:\windows\AutoKMS
2014-03-11 13:26 . 2014-03-11 13:26    --------    d-----w-    c:\programdata\Microsoft Toolkit
2014-03-11 07:43 . 2014-03-11 07:43    --------    d-sh--w-    c:\windows\BitLockerDiscoveryVolumeContents
2014-03-11 07:43 . 2014-03-11 07:43    --------    d-----w-    c:\windows\RemotePackages
2014-03-10 08:05 . 2014-03-10 08:05    --------    d-----w-    c:\program files\7-Zip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 01:00 . 2014-02-02 14:56    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-11 20:38 . 2014-02-02 15:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:38 . 2014-02-02 15:49    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 07:52 . 2013-09-27 07:53    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-02-25 16:27 . 2014-02-25 16:27    154912    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys
2014-02-25 16:27 . 2014-02-25 16:27    140576    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys
2014-02-25 16:24 . 2014-02-25 16:24    204064    ----a-w-    c:\windows\system32\VBoxNetFltNobj.dll
2014-02-21 09:51 . 2014-02-21 09:51    231376    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2014-02-20 11:14 . 2014-02-19 05:46    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-13 05:49 . 2014-02-02 14:39    14773248    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2014-02-07 07:08 . 2014-02-07 07:08    98304    ----a-r-    c:\users\Baruch\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2014-02-06 12:16 . 2014-02-13 01:00    23170048    ----a-w-    c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-13 01:00    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-13 01:00    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-13 01:00    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-13 01:00    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-13 01:00    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-13 01:00    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-13 01:00    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-13 01:00    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-13 01:00    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-13 01:00    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-13 01:00    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-13 01:00    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-13 01:00    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-13 01:00    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-13 01:00    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-13 01:00    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-13 01:00    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-13 01:00    627200    ----a-w-    c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-13 01:00    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-13 01:00    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-13 01:00    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-13 01:00    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-13 01:00    2334208    ----a-w-    c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-13 01:00    13051392    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-13 01:00    1964032    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-13 01:00    1393664    ----a-w-    c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-13 01:00    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-13 01:00    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-02-02 19:54 . 2014-02-02 19:54    2850432    ----a-w-    c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2014-02-02 17:00 . 2014-02-02 17:00    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-02 17:00 . 2014-02-02 17:00    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-02-02 16:59 . 2014-02-02 16:59    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-02 16:59 . 2014-02-02 16:59    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-02 16:59 . 2014-02-02 16:59    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-02 16:59 . 2014-02-02 16:59    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-02-02 16:59 . 2014-02-02 16:59    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-02-02 16:59 . 2014-02-02 16:59    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-02-02 16:59 . 2014-02-02 16:59    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-02-02 16:59 . 2014-02-02 16:59    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-02-02 16:59 . 2014-02-02 16:59    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-02 16:59 . 2014-02-02 16:59    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-02-02 16:59 . 2014-02-02 16:59    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-02-02 16:59 . 2014-02-02 16:59    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-02 16:59 . 2014-02-02 16:59    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-02-02 16:59 . 2014-02-02 16:59    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-02-02 16:59 . 2014-02-02 16:59    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-02-02 16:59 . 2014-02-02 16:59    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-02-02 16:59 . 2014-02-02 16:59    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-02-02 16:59 . 2014-02-02 16:59    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-02-02 16:59 . 2014-02-02 16:59    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-02-02 16:59 . 2014-02-02 16:59    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-02 16:59 . 2014-02-02 16:59    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-02 16:59 . 2014-02-02 16:59    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-02-02 16:59 . 2014-02-02 16:59    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-02-02 16:59 . 2014-02-02 16:59    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-02-02 16:59 . 2014-02-02 16:59    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-02-02 16:59 . 2014-02-02 16:59    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-02 16:59 . 2014-02-02 16:59    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-02-02 16:59 . 2014-02-02 16:59    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-02-02 16:59 . 2014-02-02 16:59    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-02-02 16:59 . 2014-02-02 16:59    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-02 16:59 . 2014-02-02 16:59    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-02 16:59 . 2014-02-02 16:59    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-02-02 16:59 . 2014-02-02 16:59    413696    ----a-w-    c:\windows\system32\html.iec
2014-02-02 16:59 . 2014-02-02 16:59    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-02 16:59 . 2014-02-02 16:59    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-02 16:59 . 2014-02-02 16:59    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-02-02 16:59 . 2014-02-02 16:59    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-02-02 16:59 . 2014-02-02 16:59    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-02-02 16:59 . 2014-02-02 16:59    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-02-02 16:59 . 2014-02-02 16:59    235520    ----a-w-    c:\windows\system32\url.dll
2014-02-02 16:59 . 2014-02-02 16:59    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-02 16:59 . 2014-02-02 16:59    147968    ----a-w-    c:\windows\system32\occache.dll
2014-02-02 16:59 . 2014-02-02 16:59    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-02-02 16:59 . 2014-02-02 16:59    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-02-02 16:59 . 2014-02-02 16:59    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-02-02 16:59 . 2014-02-02 16:59    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-02-02 16:59 . 2014-02-02 16:59    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-02 16:59 . 2014-02-02 16:59    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-02 16:59 . 2014-02-02 16:59    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-02 16:59 . 2014-02-02 16:59    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-02-02 15:08 . 2014-02-02 15:08    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-02 14:28 . 2010-06-24 11:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-29 21:02 . 2014-01-29 21:02    279000    ----a-w-    c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-01-29 21:02 . 2014-01-29 21:02    524800    ----a-w-    c:\windows\system32\iglhsip64.dll
2014-01-29 21:02 . 2014-01-29 21:02    519680    ----a-w-    c:\windows\SysWow64\iglhsip32.dll
2014-01-29 21:02 . 2014-01-29 21:02    515544    ----a-w-    c:\windows\system32\igfxsrvc.exe
2014-01-29 21:02 . 2014-01-29 21:02    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2014-01-22 07:45    1641808    ----a-w-    c:\program files (x86)\CE\extensions\ie\x86\ceie-0.7.2.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 0Cloudfogger]
@="{15EDBCBF-7231-4290-946E-5BB12C6AF342}"
[HKEY_CLASSES_ROOT\CLSID\{15EDBCBF-7231-4290-946E-5BB12C6AF342}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1Cloudfogger]
@="{14A3EC74-D852-416A-9691-AC3096EE1953}"
[HKEY_CLASSES_ROOT\CLSID\{14A3EC74-D852-416A-9691-AC3096EE1953}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 2Cloudfogger]
@="{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}"
[HKEY_CLASSES_ROOT\CLSID\{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}]
2013-02-25 14:34    717136    ----a-w-    c:\program files\Cloudfogger\CfShellEx_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-01-14 20728480]
"BandwidthMonitor"="c:\program files (x86)\BandwidthMonitor\BWMonitor.exe" [2014-02-05 224256]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-02-09 3825232]
"Copy"="c:\users\Baruch\AppData\Roaming\Copy\CopyAgent.exe" [2014-04-04 15504528]
"CryptSync"="c:\program files\CryptSync\CryptSync.exe" [2013-11-16 707320]
"Cloudfogger"="c:\program files\Cloudfogger\Cloudfogger.exe" [2013-02-25 7173456]
"X-Lite"="c:\program files (x86)\CounterPath\X-Lite\X-Lite.exe" [2013-10-03 4867936]
"Akamai NetSession Interface"="c:\users\Baruch\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
"Zoiper"="c:\program files (x86)\Zoiper\Zoiper.exe" [2013-12-19 10291200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-18 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Covenant Eyes"="c:\program files (x86)\CE\CovenantEyes.exe" [2014-01-22 7101272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\Baruch\AppData\Roaming\Copy\CopyAgent.exe" [2014-04-04 15504528]
.
c:\users\Baruch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3CXPhone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe minimize [2012-7-30 2062336]
Dropbox.lnk - c:\users\Baruch\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-2-2 14773248]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-2-2 14773248]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe /h [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 cewfp;cewfp;c:\windows\system32\Drivers\cewfp64.sys;c:\windows\SYSNATIVE\Drivers\cewfp64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe;c:\program files\Realtek\RtLED\RtLEDService.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 CBFilterFS;CBFilterFS;c:\windows\system32\drivers\cbfltfs.sys;c:\windows\SYSNATIVE\drivers\cbfltfs.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 cewd64f;cewd64f service;c:\windows\system32\Drivers\cewd64f.sys;c:\windows\SYSNATIVE\Drivers\cewd64f.sys [x]
S1 cewd64r;cewd64r service;c:\windows\system32\Drivers\cewd64r.sys;c:\windows\SYSNATIVE\Drivers\cewd64r.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe;c:\windows\SYSNATIVE\authServer.exe [x]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files (x86)\CE\CovenantEyesCommService.exe;c:\program files (x86)\CE\CovenantEyesCommService.exe [x]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe;c:\program files\CE\CovenantEyesProxy.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:32    1150280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02 20:38]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:57]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18 15:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2014-01-22 07:45    2118480    ----a-w-    c:\program files (x86)\CE\extensions\ie\x64\ceie-0.7.2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 0Cloudfogger]
@="{15EDBCBF-7231-4290-946E-5BB12C6AF342}"
[HKEY_CLASSES_ROOT\CLSID\{15EDBCBF-7231-4290-946E-5BB12C6AF342}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1Cloudfogger]
@="{14A3EC74-D852-416A-9691-AC3096EE1953}"
[HKEY_CLASSES_ROOT\CLSID\{14A3EC74-D852-416A-9691-AC3096EE1953}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 2Cloudfogger]
@="{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}"
[HKEY_CLASSES_ROOT\CLSID\{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4}]
2013-02-25 14:36    892752    ----a-w-    c:\program files\Cloudfogger\CfShellEx64_1.4.2143.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-02-19 08:40    3975168    ----a-w-    c:\users\Baruch\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Baruch\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-06-18 15:47    1502720    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-18 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-18 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-18 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-18 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2013-12-12 495616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = socks=127.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000


IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.169.1.1
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\2456A75617D2E6F514236414: NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{FA090104-94CD-4FF5-9A79-569B65B571F1}\26F6279637B62756D656271313: NameServer = 8.8.8.8,4.2.2.2
FF - ProfilePath - c:\users\Baruch\AppData\Roaming\Mozilla\Firefox\Profiles\8m67iox4.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-04-07  19:21:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-07 16:21
ComboFix2.txt  2014-04-07 14:37
.
Pre-Run: 79,173,722,112 bytes free
Post-Run: 78,301,638,656 bytes free
.
- - End Of File - - D6587E3C4008572FB831A46D6101F153
 

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/04/2014
Scan Time: 13:31:28
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.08.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Baruch

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307717
Time Elapsed: 8 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESSET scan

 

C:\Users\Baruch\Downloads\FileZilla_3.7.3_win32-setup.exe    a variant of Win32/InstallCore.IO potentially unwanted application
C:\Users\Baruch\Downloads\Compressed\bitcoin-rpcminer-20110227-win32bin\rpcminer-4way.exe    a variant of Win32/BitCoinMiner.BE potentially unsafe application
C:\Users\Baruch\Downloads\Compressed\bitcoin-rpcminer-20110227-win32bin\rpcminer-cpu.exe    a variant of Win32/BitCoinMiner.BE potentially unsafe application
C:\Users\Baruch\Downloads\Compressed\bitcoin-rpcminer-20110227-win32bin\rpcminer-cuda.exe    a variant of Win32/BitCoinMiner.M potentially unsafe application
C:\Users\Baruch\Downloads\Compressed\bitcoin-rpcminer-20110227-win32bin\rpcminer-opencl.exe    a variant of Win32/BitCoinMiner.BE potentially unsafe application
C:\Users\Baruch\Downloads\ElectraSoft.Master.Keystroke.Logger.Pro.v14.01.01.Regged-WaLMaRT\wmt0666x\Setup\Setup.exe    a variant of Win32/MasterKeystrokeLogger.A potentially unsafe application
C:\Users\Baruch\Downloads\MagicISO.Maker+PowerISO+UltraISO+WinISO[All-In-One]-VKL\MagicISO Maker v5.5 Build 276\Patch.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Users\Baruch\Downloads\Programs\AA_v3.4.exe    a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application
C:\Users\Baruch\Downloads\Programs\talksetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Baruch\Dropbox\programs\TeamViewer v8.0.18051 Enterprise\Patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Baruch\Dropbox\programs\TeamViewer v8.0.18930 Enterprise\TeamViewer v8.0.18930 Enterprise\patch\Patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

adwcleaner

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 16:51:21
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Baruch - BARUCH-PC
# Running from : C:\Users\Baruch\Downloads\Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Baruch\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Baruch\AppData\Local\PackageAware
Folder Deleted : C:\Users\Baruch\AppData\Roaming\Mozilla\Firefox\Profiles\8m67iox4.default\Extensions\anttoolbar@ant.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Baruch\AppData\Roaming\Mozilla\Firefox\Profiles\8m67iox4.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394366909847");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Baruch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3167 octets] - [08/04/2014 16:41:57]
AdwCleaner[s0].txt - [3065 octets] - [08/04/2014 16:51:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3125 octets] ##########
 

 

jrt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Baruch on Tue 04/08/2014 at 17:08:22.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Baruch\appdata\local\{0E7D499C-96AA-48D9-839C-F9275431A3EF}
Successfully deleted: [Empty Folder] C:\Users\Baruch\appdata\local\{8A300C9D-1C27-476C-8847-F8692E1A1508}
Successfully deleted: [Empty Folder] C:\Users\Baruch\appdata\local\{9355BC1B-4B77-449F-AE8F-7BFBCD4AA42D}
Successfully deleted: [Empty Folder] C:\Users\Baruch\appdata\local\{AB5D9BDF-61D5-4F71-96FE-747D59277DA2}



~~~ FireFox

Successfully deleted the following from C:\Users\Baruch\AppData\Roaming\mozilla\firefox\profiles\8m67iox4.default\prefs.js

user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396965390692");
Emptied folder: C:\Users\Baruch\AppData\Roaming\mozilla\firefox\profiles\8m67iox4.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/08/2014 at 17:12:53.87
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

security check

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 JavaScript Tooling    
 Visual Studio Extensions for Windows Library for JavaScript
 Adobe Flash Player 12.0.0.77  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender



    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

farbar

 

Farbar Service Scanner Version: 25-02-2014
Ran by Baruch (administrator) on 08-04-2014 at 18:02:56
Running from "C:\Users\Baruch\Downloads\Programs"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Link to post
Share on other sites

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.