I'm infected with Constant Blocked Malicious Website Popups!

[lesvdavis]

Please help me as I am desperate!

 

I have run Farbar.

 

First.Txt, Addition.txt & Previous post.txt are included.

 

I have disabled uTorrent and mipony will not run them during the diagnostics or assistance.

 

Thank you so much!

 

Les

 

 

 

FRST.txt

Addition.txt

Previous posts.txt

[MrCharlie]

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

[lesvdavis]

1. Thank you so much for your expert help! I have been strugling with this all night without sleep and many hours before. Bless you!

 

2. I had previously scaned and deleted all using the settings you specified in MalwareBytes 2.0.2

 

3. Your link RogueKiller 64 bit does not work. It says web page not found.

 

4. I was unable to paste the RogueKiller log in Internet Explorer but could with FireFox.

 

5. Please advise me how to proceed ASAP

 

Thank you.

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 08:09:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command :  () -> MISSING

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05272014_080941.txt >>


 

[MrCharlie]

Make sure you have created a restore point and.....
Download Delfix from Here and save it to your desktop.

• Place a check mark in front of .......
• Create registry backup <---only!
• Uncheck the rest!
• Click the Run button.
  
  Close the tool out when it's done....we'll use it later.
  
  ----------------------------------------
  
  Run RogueKiller again and click Scan
  When the scan completes > click on the Registry tab
  Put a check next to all of these and uncheck the rest: (if found)
  
  

  [V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND

  Now click Delete on the right hand column under Options
  
  Now click Fix Host on the right hand column under Options
  
  -------------------------------------
  
  
  Please read the directions carefully so you don't end up deleting something that is good!!
  
  If in doubt about an entry....please ask or choose Skip!!!!
  
  Don't Delete anything unless instructed to!
  
  If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
  If a suspicious object is detected, the default action will be Skip, click on Continue
  
  Please note that TDSSKiller can be run in safe mode if needed.
  
  Please download the latest version of TDSSKiller from HERE and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)
    
    
  • Put a checkmark beside loaded modules.
    
    
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    
    
  • Click the Start Scan button.
    
    
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    
    
    
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    
    
    
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

  Here's a summary of what to do if you would like to print it out:

  If in doubt about an entry....please ask or choose Skip
  
  Don't Delete anything unless instructed to!
  
  If a suspicious object is detected, the default action will be Skip, click on Continue
  
  If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  
  If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
  Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
  ~~~~~~~~~~~~~~~~~~~~
  
  You can attach the logs if they're too long:
  
  Bottom right corner of this page.
  
  
  New window that comes up.
  
  
  
  Then...........
  
  Please download and run ComboFix.
  
  The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
  
  Please visit this webpage for download links, and instructions for running ComboFix
  
  http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  
  http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download
  
  Please make sure you click download buttons that look similar to this, not "sponsored ad links":
  
  
  
  Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  Information on disabling your malware programs can be found Here.
  
  Make sure you run ComboFix from your desktop.
  
  Give it at least 30-45 minutes to finish if needed.
  
  Please include the C:\ComboFix.txt in your next reply for further review.
  
  

  ---------->NOTE<----------

  If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
  
  MrC
   

[lesvdavis]

1. Done

2. But MAW Premium: "Your system is not fully protected."  Real time protection: No protection. Fix now does not work.

3.Whats next?

4 Combofix log:

ComboFix 14-05-27.02 - Les 05/27/2014  10:29:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.15823.13867 [GMT -4:00]
Running from: c:\users\Les\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Les\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url
c:\users\Les\Documents\~WRL0005.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-27 to 2014-05-27  )))))))))))))))))))))))))))))))
.
.
2014-05-27 14:33 . 2014-05-27 14:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-27 14:18 . 2014-05-27 14:18    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\offreg.dll
2014-05-27 14:15 . 2014-05-27 14:15    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-05-27 13:58 . 2014-05-27 13:58    --------    d-----w-    c:\windows\ERUNT
2014-05-27 11:28 . 2014-05-27 11:28    177680    ----a-w-    c:\windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 09:20 . 2014-05-27 11:37    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2014-05-27 09:20 . 2014-05-27 09:37    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-05-27 07:17 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00917B7-B073-4AAF-A8DE-852EB92DB4DD}\mpengine.dll
2014-05-27 00:20 . 2014-05-27 06:25    --------    d-----w-    C:\temp
2014-05-26 23:42 . 2014-05-26 23:43    --------    d-----w-    C:\FRST
2014-05-26 06:45 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-25 13:34 . 2014-05-06 04:40    23544320    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-25 13:34 . 2014-05-06 03:00    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-05-25 13:34 . 2014-05-06 04:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-25 13:34 . 2014-05-06 03:07    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-25 13:12 . 2014-03-25 02:43    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-05-25 13:11 . 2014-05-09 06:14    477184    ----a-w-    c:\windows\system32\aepdu.dll
2014-05-25 13:11 . 2014-05-09 06:11    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-05-25 08:54 . 2014-05-27 11:31    --------    d-----w-    c:\program files\stinger
2014-05-25 08:38 . 2014-05-27 00:24    --------    d-----w-    c:\program files\pcreg
2014-05-25 08:34 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\63D1.tmp
2014-05-25 08:34 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\F095.tmp
2014-05-25 08:20 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\390B.tmp
2014-05-25 08:19 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\C8E9.tmp
2014-05-25 08:09 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\3FD2.tmp
2014-05-25 08:09 . 2011-05-12 18:03    6144    ------w-    c:\windows\system32\CA45.tmp
2014-05-25 08:08 . 2014-05-25 09:51    --------    d-----w-    c:\program files (x86)\Sophos
2014-05-24 14:19 . 2014-05-24 14:19    0    ----a-w-    c:\windows\system32\atiu9pag.dll
2014-05-24 14:19 . 2014-05-24 14:19    0    ----a-w-    c:\windows\system32\TrayIcon12.dll
2014-05-24 14:19 . 2014-05-24 14:19    0    ----a-w-    c:\windows\system32\atiuxpag.dll
2014-05-24 14:19 . 2014-05-24 14:19    0    ----a-w-    c:\windows\system32\atidxx32.dll
2014-05-24 14:19 . 2014-05-24 14:19    0    ----a-w-    c:\windows\system32\aticfx32.dll
2014-05-24 14:08 . 2013-09-02 07:58    175528    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-05-24 13:22 . 2013-04-29 13:17    47632    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2014-05-24 13:22 . 2014-05-24 13:22    --------    d-----w-    c:\windows\SysWow64\DASBOOT
2014-05-24 13:09 . 2014-05-27 14:18    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-24 13:09 . 2014-05-27 11:37    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-24 13:09 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-24 13:09 . 2014-05-12 11:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-13 18:20 . 2014-05-13 18:20    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-05-13 18:20 . 2014-05-13 18:20    273176    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-05-13 18:06 . 2014-05-13 18:06    323352    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-05-13 18:05 . 2014-05-13 18:05    191768    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-05-13 18:05 . 2014-05-13 18:05    152344    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-05-13 18:05 . 2014-05-13 18:05    130328    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 18:04 . 2014-05-13 18:04    236312    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 18:04 . 2014-05-13 18:04    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 13:15 . 2014-04-05 23:08    93223848    ----a-w-    c:\windows\system32\MRT.exe
2014-05-14 08:38 . 2013-03-15 20:22    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:38 . 2013-03-15 20:22    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25 . 2013-08-25 09:46    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-15 06:34 . 2014-04-15 06:34    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-06 02:08 . 2014-04-06 02:08    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-04-06 02:07 . 2014-04-06 02:07    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-06 02:07 . 2014-04-06 02:07    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-04-06 02:07 . 2014-04-06 02:07    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-04-06 02:07 . 2014-04-06 02:07    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-04-06 02:07 . 2014-04-06 02:07    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-04-06 02:07 . 2014-04-06 02:07    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-06 02:07 . 2014-04-06 02:07    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-04-06 02:07 . 2014-04-06 02:07    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-04-06 02:07 . 2014-04-06 02:07    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-04-06 02:07 . 2014-04-06 02:07    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-04-06 02:07 . 2014-04-06 02:07    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-04-06 02:07 . 2014-04-06 02:07    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-04-06 02:07 . 2014-04-06 02:07    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-04-06 02:07 . 2014-04-06 02:07    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-04-06 02:07 . 2014-04-06 02:07    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-04-06 02:07 . 2014-04-06 02:07    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-04-06 02:07 . 2014-04-06 02:07    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-04-06 02:07 . 2014-04-06 02:07    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-04-06 02:07 . 2014-04-06 02:07    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-04-06 02:07 . 2014-04-06 02:07    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-04-06 02:07 . 2014-04-06 02:07    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-04-06 02:07 . 2014-04-06 02:07    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-04-06 02:07 . 2014-04-06 02:07    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-04-06 02:07 . 2014-04-06 02:07    413696    ----a-w-    c:\windows\system32\html.iec
2014-04-06 02:07 . 2014-04-06 02:07    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-04-06 02:07 . 2014-04-06 02:07    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-04-06 02:07 . 2014-04-06 02:07    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-04-06 02:07 . 2014-04-06 02:07    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-04-06 02:07 . 2014-04-06 02:07    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-04-06 02:07 . 2014-04-06 02:07    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-04-06 02:07 . 2014-04-06 02:07    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-04-06 02:07 . 2014-04-06 02:07    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-04-06 02:07 . 2014-04-06 02:07    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-04-06 02:07 . 2014-04-06 02:07    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-04-06 02:07 . 2014-04-06 02:07    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-04-06 02:07 . 2014-04-06 02:07    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-04-06 02:07 . 2014-04-06 02:07    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-04-06 02:07 . 2014-04-06 02:07    235520    ----a-w-    c:\windows\system32\url.dll
2014-04-06 02:07 . 2014-04-06 02:07    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-04-06 02:07 . 2014-04-06 02:07    147968    ----a-w-    c:\windows\system32\occache.dll
2014-04-06 02:07 . 2014-04-06 02:07    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-04-06 02:07 . 2014-04-06 02:07    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-04-06 02:07 . 2014-04-06 02:07    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-04-06 02:07 . 2014-04-06 02:07    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-04-06 02:07 . 2014-04-06 02:07    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-03-19 19:27 . 2014-03-19 19:27    76496    ----a-w-    c:\windows\system32\drivers\dc3d.sys
2014-03-19 19:23 . 2014-03-19 19:23    50896    ----a-w-    c:\windows\system32\drivers\point64.sys
2014-03-06 09:31 . 2014-04-11 17:53    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 17:53    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 17:53    548352    ----a-w-    c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 17:53    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 17:53    2767360    ----a-w-    c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 17:53    51200    ----a-w-    c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 17:53    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 17:53    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 17:53    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 17:53    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 17:53    752640    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 17:53    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 17:53    5784064    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 17:53    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 17:53    586240    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 17:53    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 17:53    455168    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 17:53    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 17:53    38400    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 17:53    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 17:53    4254720    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 17:53    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 17:53    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 17:53    592896    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 17:53    628736    ----a-w-    c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 17:53    32256    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 17:53    2043904    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 17:53    13551104    ----a-w-    c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 17:53    1967104    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 17:53    2260480    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 17:53    1400832    ----a-w-    c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 17:53    846336    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 17:53    1789440    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-11 17:50    362496    ----a-w-    c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-11 17:50    243712    ----a-w-    c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-11 17:50    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-11 17:50    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-11 17:50    1163264    ----a-w-    c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-11 17:50    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-11 17:50    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-11 17:50    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-11 17:50    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-11 17:50    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-11 17:50    2048    ----a-w-    c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"BelkinAPM"="c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe" [2013-03-15 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\63D1.tmp;c:\windows\SYSNATIVE\63D1.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BelkinAPMmonitor;BelkinAPMmonitor;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BelkinAPMRMI;BelkinAPMRMI;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe;c:\program files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37645424
*Deregistered* - 37645424
*Deregistered* - avgtp
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 08:38]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19]
.
2014-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-17 02:19]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://my.yahoo.com/?mkg=015
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-01242760.sys
SafeBoot-37645424.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\63D1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

[lesvdavis]

1. I no longer am getting the popups.

2. I Uninstalled & reinstalled MBAM & the real time protection is now working!

3. MBAM came up with PUP's. What should I do with them?

4.Thank you so much!!!

5. MBAMscan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/27/2014
Scan Time: 11:15:34 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.27.06
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Les

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270057
Time Elapsed: 4 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2810094668-4147885114-852093014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lrcsmonkey@lrcsmonkey.net, C:\Program Files (x86)\Lyrics_Monkey\128.xpi, , [174b5ef8522970c6e19e4893db28d62a]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin, , [154d85d11e5d7db9888e602ab44e639d],

Files: 4
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul, , [154d85d11e5d7db9888e602ab44e639d],
PUP.Optional.TopArcadeHits.A, C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css, , [154d85d11e5d7db9888e602ab44e639d],

Physical Sectors: 0
(No malicious items detected)


(end)

[MrCharlie]

Did you run TDSSKiller???  Logs?????

 

MrC

[lesvdavis]

Over and over again, AVG Internet Security Keeps on Saying "Found MalSign.SearchSafer.F77."

 

... "Status: Object was blocked."

 

When you click on more information, a webpage states:

 

"This link on d2sci4fopfy9a2.cloudfront.net is safe for browsing

 

http://d2sci4fopfy9a2.cloudfront.net/service/service.exe"

---------------------------------------------------------------------------------------------------------------------------------------------

18:45:30.0220 0x20e8  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
18:45:36.0041 0x20e8  ============================================================
18:45:36.0041 0x20e8  Current date / time: 2014/05/27 18:45:36.0041
18:45:36.0041 0x20e8  SystemInfo:
18:45:36.0041 0x20e8  
18:45:36.0041 0x20e8  OS Version: 6.1.7601 ServicePack: 1.0
18:45:36.0041 0x20e8  Product type: Workstation
18:45:36.0041 0x20e8  ComputerName: LES-PC
18:45:36.0041 0x20e8  UserName: Les
18:45:36.0041 0x20e8  Windows directory: C:\Windows
18:45:36.0041 0x20e8  System windows directory: C:\Windows
18:45:36.0041 0x20e8  Running under WOW64
18:45:36.0041 0x20e8  Processor architecture: Intel x64
18:45:36.0041 0x20e8  Number of processors: 4
18:45:36.0041 0x20e8  Page size: 0x1000
18:45:36.0041 0x20e8  Boot type: Normal boot
18:45:36.0041 0x20e8  ============================================================
18:45:36.0144 0x20e8  KLMD registered as C:\Windows\system32\drivers\33619643.sys
18:45:36.0254 0x20e8  System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
18:45:36.0721 0x20e8  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:36.0986 0x20e8  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:37.0002 0x20e8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:45:37.0033 0x20e8  ============================================================
18:45:37.0033 0x20e8  \Device\Harddisk0\DR0:
18:45:37.0033 0x20e8  MBR partitions:
18:45:37.0033 0x20e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
18:45:37.0033 0x20e8  \Device\Harddisk1\DR1:
18:45:37.0033 0x20e8  MBR partitions:
18:45:37.0033 0x20e8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:45:37.0033 0x20e8  \Device\Harddisk2\DR2:
18:45:37.0033 0x20e8  MBR partitions:
18:45:37.0033 0x20e8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
18:45:37.0033 0x20e8  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
18:45:37.0033 0x20e8  ============================================================
18:45:37.0049 0x20e8  C: <-> \Device\Harddisk0\DR0\Partition1
18:45:37.0059 0x20e8  F: <-> \Device\Harddisk2\DR2\Partition2
18:45:37.0074 0x20e8  D: <-> \Device\Harddisk2\DR2\Partition1
18:45:37.0142 0x20e8  E: <-> \Device\Harddisk1\DR1\Partition1
18:45:37.0142 0x20e8  ============================================================
18:45:37.0142 0x20e8  Initialize success
18:45:37.0142 0x20e8  ============================================================
18:45:59.0019 0x20bc  Deinitialize success

---------------------------------------------------------------------------------------------------------------------------------------------------------

I had a problem with RougueKiller and it left three reports:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 10:04:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command :  () -> MISSING

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05272014_100434.txt >>
------------------------------------------------------------------------------------------------------------
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Les [Admin rights]

Mode : Remove -- Date : 05/27/2014 10:05:37

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 10 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> NOT SELECTED

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[bROK VAL] HKCR\[...]\command :  () -> NOT SELECTED

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

[...]

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++

--- User ---

[MBR] afa0f3335d003a6ef4cdb3b0da111803

[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++

--- User ---

[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3

[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++

--- User ---

[MBR] 514eea983f47cad9d32bf62f39816a66

[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_05272014_100537.txt >>

RKreport[0]_S_05272014_100434.txt

 

-------------------------------------------------------------------------------------------------------------------

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : HOSTSFix -- Date : 05/27/2014 10:05:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
[...]


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1    localhost


Finished : << RKreport[0]_H_05272014_100559.txt >>
RKreport[0]_D_05272014_100537.txt;RKreport[0]_S_05272014_100434.txt


 

 

[lesvdavis]

Thank you so much for your help. You are awesome!

 

Sorry but apparently there was another RogueKiller Report, when it was first run:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Les [Admin rights]
Mode : Scan -- Date : 05/27/2014 08:09:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[bROK VAL] HKCR\[...]\command :  () -> MISSING

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4473 : wscript.exe - C:\Users\Les\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro SE SATA Disk Device +++++
--- User ---
[MBR] afa0f3335d003a6ef4cdb3b0da111803
[bSP] 3137bb68740694f60a3e4096a8e54664 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228935 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3926a7d4c51f43dfc7df32dc7cab84c3
[bSP] b05272dc69fd18ebdb5f8437a8835a58 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] 514eea983f47cad9d32bf62f39816a66
[bSP] 1049ba53099b45af745bdc0259c79f7d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 208209 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 426414080 | Size: 1699518 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive5: (\\.\PHYSICALDRIVE5 @ USB) Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive6: (\\.\PHYSICALDRIVE6 @ USB) Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive7: (\\.\PHYSICALDRIVE7 @ USB) Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05272014_080941.txt >>


 

[MrCharlie]

Please read and follow my directions carefully.

Please go to the link below, download and run Fixit:
http://support.microsoft.com/kb/972034 <---reset host file fixit

---------------------------------------

There has to at least one more log from TDSSKiller or do you remember if it found anything????

-----------------------------------------

Please download AdwCleaner from HERE or HERE to your desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Next.........


If you're using Malwarebytes 2.0, please run a Threat Scan
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

Last.....

Re-scan with FRST and please make sure the Addition Box is checked.

Post or attach the logs.

MrC

[lesvdavis]

I have posted 5 TDSS Logs that I do not see here.

[lesvdavis]

I have completed all the instructions you gave me and am posting the logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Les on Wed 05/28/2014 at  1:08:20.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\EvilLyrics_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\EvilLyrics_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Les\AppData\Roaming\ask4expert"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Les\AppData\Roaming\mozilla\firefox\profiles\bgiwwrqg.default-1366599260262\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/28/2014 at  1:13:21.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[lesvdavis]

# AdwCleaner v3.211 - Report created 27/05/2014 at 22:35:41

# Updated 26/05/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Les - LES-PC

# Running from : C:\Users\Les\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js

File Found : C:\Users\Les\daemonprocess.txt

Folder Found : C:\Program Files (x86)\adawaretb

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\driver-soft

Folder Found : C:\Program Files (x86)\Toolbar Cleaner

Folder Found : C:\ProgramData\apn

Folder Found : C:\ProgramData\blekko toolbars

Folder Found : C:\Users\Les\AppData\LocalLow\adawaretb

Folder Found : C:\Users\Les\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Les\AppData\Roaming\DriverCure

Folder Found : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb

Folder Found : C:\Users\Les\Documents\Mobogenie

Folder Found : C:\Users\Les\Documents\PC Speed Maximizer

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\AppDataLow\Software\Compete

Key Found : HKCU\Software\AppDataLow\Software\Lyrics_Monkey

Key Found : HKCU\Software\AVG SafeGuard toolbar

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar

Key Found : [x64] HKCU\Software\IM

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Found : HKLM\Software\adawaretb

Key Found : HKLM\Software\AVG SafeGuard toolbar

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\Software\CompeteInc

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Found : HKLM\Software\Toolbar Cleaner

Key Found : HKLM\Software\Uniblue

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ]

Line Found : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4306 octets] - [27/05/2014 22:35:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4366 octets] ##########

-----------------------------------------------------------------------------------------------------------------

# AdwCleaner v3.211 - Report created 27/05/2014 at 22:42:41

# Updated 26/05/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Les - LES-PC

# Running from : C:\Users\Les\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\blekko toolbars

Folder Deleted : C:\Program Files (x86)\adawaretb

Folder Deleted : C:\Program Files (x86)\driver-soft

Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Les\AppData\LocalLow\adawaretb

Folder Deleted : C:\Users\Les\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Les\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\Les\Documents\Mobogenie

Folder Deleted : C:\Users\Les\Documents\PC Speed Maximizer

Folder Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\adawaretb

File Deleted : C:\Users\Les\daemonprocess.txt

File Deleted : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\user.js

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKLM\Software\adawaretb

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\CompeteInc

Key Deleted : HKLM\Software\Toolbar Cleaner

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\Les\AppData\Roaming\Mozilla\Firefox\ProfiLes\bgiwwrqg.default-1366599260262\prefs.js ]

 

Line Deleted : user_pref("extensions.a9a1cadcd98ec441387d30f7c4253cd2731f19576e1e240bc81acbe7a5f1cf67ccom45914.45914.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

 

-\\ Google Chrome v

 

*************************

 

AdwCleaner[R0].txt - [4482 octets] - [27/05/2014 22:35:41]

AdwCleaner[s0].txt - [4153 octets] - [27/05/2014 22:42:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4213 octets] ##########

[lesvdavis]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Les (administrator) on LES-PC on 28-05-2014 01:39:11
Running from C:\Users\Les\Desktop\PopUp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Program Files\pcreg\pcreg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Macrovision) C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [belkinAPM] => C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPM.exe [114688 2013-03-15] (Macrovision)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-24]
FF Extension: Adblock Plus - C:\Users\Les\AppData\Roaming\Mozilla\Firefox\Profiles\bgiwwrqg.default-1366599260262\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-16]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 BelkinAPMmonitor; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe [114688 2013-03-15] (Macrovision)
R3 BelkinAPMRMI; C:\Program Files (x86)\Belkin Automatic Power Management Software\BelkinAPMRMI.exe [114688 2013-03-15] (Macrovision)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [143416 2012-10-25] (MSI)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] ()
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-23] (GFI Software)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-04-12] (Paragon Software Group)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\63D1.tmp [6144 2011-05-12] (Sophos Plc)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 01:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 01:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt
2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt
2014-05-27 22:35 - 2014-05-28 01:03 - 00000000 ____D () C:\AdwCleaner
2014-05-27 22:35 - 2014-05-27 22:36 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt
2014-05-27 22:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt
2014-05-27 10:29 - 2014-05-27 10:34 - 00000000 ____D () C:\Qoobox
2014-05-27 10:29 - 2014-05-27 10:33 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:29 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-27 10:29 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-27 10:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-27 10:29 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-27 09:58 - 2014-05-28 01:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt
2014-05-27 08:04 - 2014-05-27 08:09 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine
2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 05:20 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-26 22:36 - 2014-05-28 01:39 - 00000000 ____D () C:\Users\Les\Desktop\PopUp
2014-05-26 19:42 - 2014-05-28 01:39 - 00000000 ____D () C:\FRST
2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-25 23:37 - 2014-05-28 01:20 - 00180030 _____ () C:\Windows\setupact.log
2014-05-25 23:37 - 2014-05-27 22:44 - 00002568 _____ () C:\Windows\PFRO.log
2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 09:34 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-25 09:34 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-25 09:34 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-25 09:34 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-25 09:34 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-25 09:34 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-25 09:13 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-25 09:13 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-25 09:13 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-25 09:13 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-25 09:13 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-25 09:13 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-25 09:13 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-25 09:13 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-25 09:13 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-25 09:13 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-25 09:13 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-25 09:13 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-25 09:13 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-25 09:13 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-25 09:13 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-25 09:13 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-25 09:13 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-25 09:12 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-25 09:11 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-25 09:11 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-25 09:11 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-25 04:54 - 2014-05-27 07:31 - 00000000 ____D () C:\Program Files\stinger
2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-25 04:38 - 2014-05-26 20:24 - 00000000 ____D () C:\Program Files\pcreg
2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\F095.tmp
2014-05-25 04:34 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\63D1.tmp
2014-05-25 04:20 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\390B.tmp
2014-05-25 04:19 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\C8E9.tmp
2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\CA45.tmp
2014-05-25 04:09 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3FD2.tmp
2014-05-25 04:08 - 2014-05-25 05:51 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache
2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache
2014-05-24 10:08 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-05-24 09:22 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp
2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee
2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs
2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-09 19:23 - 2014-05-27 07:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-05-28 01:39 - 2014-05-26 22:36 - 00000000 ____D () C:\Users\Les\Desktop\PopUp
2014-05-28 01:39 - 2014-05-26 19:42 - 00000000 ____D () C:\FRST
2014-05-28 01:38 - 2013-05-28 01:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 01:27 - 2009-07-14 00:45 - 00031104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 01:24 - 2013-05-26 05:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-28 01:24 - 2009-07-14 01:13 - 00786254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 01:23 - 2013-09-23 14:00 - 01397940 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 01:21 - 2014-05-28 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-28 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 01:20 - 2014-05-25 23:37 - 00180030 _____ () C:\Windows\setupact.log
2014-05-28 01:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 01:13 - 2014-05-28 01:13 - 00001726 _____ () C:\Users\Les\Desktop\JRT.txt
2014-05-28 01:08 - 2014-05-27 09:58 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 01:08 - 2013-03-14 20:56 - 00000000 ____D () C:\Users\Les\Documents\Outlook Files
2014-05-28 01:03 - 2014-05-27 22:35 - 00000000 ____D () C:\AdwCleaner
2014-05-27 23:18 - 2013-03-15 05:39 - 00000000 ____D () C:\Program Files (x86)\Belkin Automatic Power Management Software
2014-05-27 22:44 - 2014-05-25 23:37 - 00002568 _____ () C:\Windows\PFRO.log
2014-05-27 22:42 - 2014-05-27 22:42 - 00004317 _____ () C:\Users\Les\Desktop\AdwCleaner[s0].txt
2014-05-27 22:42 - 2013-09-23 14:01 - 00000000 ____D () C:\Users\Les
2014-05-27 22:36 - 2014-05-27 22:35 - 00004482 _____ () C:\Users\Les\Desktop\AdwCleaner[R0].txt
2014-05-27 21:37 - 2013-03-16 22:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 21:37 - 2013-03-16 22:19 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 11:43 - 2013-03-16 22:19 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 11:43 - 2013-03-16 22:19 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 11:18 - 2014-05-25 04:38 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Malwarebytes
2014-05-27 11:14 - 2013-08-25 05:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 11:06 - 2013-03-15 16:23 - 00042739 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
2014-05-27 10:34 - 2014-05-27 10:34 - 00028557 _____ () C:\ComboFix.txt
2014-05-27 10:34 - 2014-05-27 10:29 - 00000000 ____D () C:\Qoobox
2014-05-27 10:34 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:33 - 2014-05-27 10:29 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 10:33 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 10:33 - 2009-07-13 22:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-05-27 10:15 - 2014-05-27 10:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-27 09:58 - 2014-05-27 09:58 - 00000256 _____ () C:\DelFix.txt
2014-05-27 08:09 - 2014-05-27 08:04 - 00000000 ____D () C:\Users\Les\Desktop\RK_Quarantine
2014-05-27 07:37 - 2014-05-27 05:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-27 07:37 - 2014-05-09 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-27 07:37 - 2014-04-26 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-27 07:37 - 2013-03-19 22:43 - 00000000 ____D () C:\Users\Les\AppData\Roaming\uTorrent
2014-05-27 07:37 - 2013-03-14 22:18 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-05-27 07:37 - 2013-03-14 02:10 - 00000000 ____D () C:\SuperChargerProfile
2014-05-27 07:37 - 2011-01-01 02:15 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-27 07:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-27 07:31 - 2014-05-25 04:54 - 00000000 ____D () C:\Program Files\stinger
2014-05-27 07:28 - 2014-05-27 07:28 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.7d45.deleteme
2014-05-27 06:55 - 2014-03-31 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-27 06:48 - 2009-07-14 01:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 05:37 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-05-27 02:43 - 2013-06-29 18:56 - 00379038 _____ () C:\Users\Les\Desktop\- Knicks-.txt
2014-05-26 21:44 - 2013-03-15 14:52 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-05-26 20:24 - 2014-05-25 04:38 - 00000000 ____D () C:\Program Files\pcreg
2014-05-26 20:20 - 2013-09-23 15:24 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-26 01:26 - 2011-01-01 02:19 - 00000000 ____D () C:\Users\Les\AppData\Roaming\Mipony
2014-05-26 00:14 - 2014-05-26 00:14 - 00110080 _____ () C:\Users\Les\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00418152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-25 23:37 - 2014-05-25 23:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 23:37 - 2013-03-14 01:58 - 00000000 ___RD () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-25 09:37 - 2011-01-01 01:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-25 09:18 - 2014-04-05 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-25 09:15 - 2014-04-05 19:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 06:07 - 2013-03-20 05:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-25 05:51 - 2014-05-25 04:08 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-25 05:03 - 2013-10-21 16:24 - 00000000 ____D () C:\Windows\Minidump
2014-05-24 10:28 - 2014-05-24 10:28 - 00283182 _____ () C:\Users\Les\AppData\Local\census.cache
2014-05-24 10:28 - 2014-05-24 10:28 - 00197179 _____ () C:\Users\Les\AppData\Local\ars.cache
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\TrayIcon12.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-05-24 10:08 - 2014-05-24 10:08 - 00000036 _____ () C:\Users\Les\AppData\Local\housecall.guid.cache
2014-05-24 00:45 - 2014-05-24 00:45 - 00012326 _____ () C:\Users\Les\AppData\Local\hpjijmtp
2014-05-24 00:44 - 2014-05-24 00:44 - 00068314 _____ () C:\Users\Les\AppData\Local\qfvexiee
2014-05-24 00:42 - 2014-05-24 00:42 - 00000000 _____ () C:\Users\Les\AppData\Roaming\SharedSettings.ccs
2014-05-22 20:55 - 2013-03-15 22:59 - 00000000 ____D () C:\Users\Les\AppData\Roaming\MediaMonkey
2014-05-14 13:18 - 2014-05-14 13:18 - 00000859 _____ () C:\Users\Les\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-14 13:18 - 2013-03-19 22:44 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-05-14 04:38 - 2013-05-28 01:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 04:38 - 2013-03-15 16:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 04:38 - 2013-03-15 16:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 01:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 01:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 01:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 06:51 - 2013-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 02:14 - 2014-05-25 09:11 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-25 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 04:14 - 2013-03-15 16:23 - 01024098 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log.1
2014-05-06 23:41 - 2013-03-16 02:41 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-06 00:40 - 2014-05-25 09:34 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-25 09:34 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-25 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-25 09:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-25 09:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Les\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 00:20

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02

Ran by Les at 2014-05-28 01:39:29

Running from C:\Users\Les\Desktop\PopUp

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

 

==================== Installed Programs ======================

 

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)

Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden

AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)

AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden

Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )

Belkin Automatic Power Management Software (HKLM-x32\...\Belkin Automatic Power Management Software) (Version: 2.3.0.6 - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)

CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version:  - )

CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.107 - MSI)

Combined Community Codec Pack 2013-03-02 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.03.02.0 - CCCP Project)

CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CrystalDiskMark 3.0.2e (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2e - Crystal Dew World)

DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)

DivX 4.0 Final Codec (HKLM-x32\...\DivXCodec) (Version:  - )

DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )

Easy Duplicate Finder v. 2.2.1 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version:  - EasyDuplicateFinder.com)

EasyBCD 2.1 (HKLM-x32\...\EasyBCD) (Version: 2.1 - NeoSmart Technologies)

EvilLyrics (HKLM-x32\...\EvilLyrics) (Version:  - ) <==== ATTENTION

Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.0.8 - MSI)

ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - )

FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )

Forté Agent (HKLM-x32\...\Forte Agent) (Version: 6.00 - Forté Internet Software, Inc.)

Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version:  - )

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LAV Filters 0.60.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.60.1 - Hendrik Leppkes)

Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)

Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden

MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MiPony 2.1.1 (HKLM-x32\...\MiPony) (Version: 2.1.1 - )

Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MPC-HC 1.6.6.6957 (3975d54) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.6.6957 - MPC-HC Team)

OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )

OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )

OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )

Paragon Hard Disk Manager™ 11 Server (HKLM-x32\...\{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}) (Version: 90.00.0003 - Paragon Software)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)

Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )

Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)

Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)

Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.30 - Topala Software Solutions)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.014 - MSI)

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden

TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software)

TuneUp Utilities 2014 (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2020.14 - TuneUp Software) Hidden

TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)

TVersity Media Server Pro 2.4 (HKLM-x32\...\TVersity Media Server Pro) (Version: 2.4 - TVersity)

Ultra Video Joiner 6.3.0103 (HKLM-x32\...\Ultra Video Joiner_is1) (Version:  - Aone Software)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VueScan (HKLM\...\VueScan) (Version:  - )

WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)

WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)

WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )

Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.8.0.1101 - Xilisoft)

XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version:  - )

Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )

 

==================== Restore Points  =========================

 

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1746A278-1C7E-4708-811C-0AA9B191C769} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software)

Task: {19C0E852-3997-48DD-A0E4-16B2EB8AC627} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)

Task: {1B80D6B5-2231-4291-A25D-5E8E9027354C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {26D59E2E-423D-481B-953D-AE59107F726F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)

Task: {35DB3D34-B4C4-4DF3-9B73-004C3E9E460C} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-12] ()

Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION

Task: {6826976B-DFFA-46F1-ACFA-E3FCBEFBB17C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {733AE50C-BE22-40BF-B25A-1AE1F259EAF6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {7F455179-CF41-40C5-80E6-B8A01874FE4A} - System32\Tasks\Sansa Dispatch => C:\Users\Les\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2013-06-20] (SanDisk Corporation)

Task: {88AD309C-8007-4AD3-9740-7A4A161BE8FE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {93632E7A-3CFD-4139-825A-7030AB5B8E8B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe

Task: {BE480E89-BA3E-40EE-8384-0965F88DBC6C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated)

Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe

Task: {D6A61A8C-A109-4E5E-A54E-B8EC780E544F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)

Task: {E1F32578-DDFC-45D5-891C-EA9124A91E72} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION

Task: {FE810340-EF6D-4202-B127-6EFED12D30DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-03-24 06:50 - 2011-10-30 11:24 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll

2014-05-25 03:28 - 2014-05-25 03:28 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe

2013-08-29 12:08 - 2013-08-29 12:08 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

2013-03-13 15:13 - 2013-03-13 15:13 - 05283624 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe

2013-03-15 05:40 - 2013-03-15 05:40 - 00045056 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jspWin.dll

2013-03-15 05:40 - 2013-03-15 05:40 - 00032768 _____ () C:\Program Files (x86)\Belkin Automatic Power Management Software\jusb.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00102184 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll

2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium.dll

2011-12-17 17:15 - 2011-12-17 17:15 - 00081704 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll

2011-12-17 17:15 - 2011-12-17 17:15 - 00556840 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll

2011-12-17 17:14 - 2011-12-17 17:14 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll

2011-12-17 17:15 - 2011-12-17 17:15 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll

2011-12-17 17:15 - 2011-12-17 17:15 - 00562072 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll

2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\System32\TrayIcon12.dll

2013-03-05 23:02 - 2013-03-05 23:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium\berkelium.dll

2013-03-05 23:02 - 2013-03-05 23:02 - 01305102 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avcodec-52.dll

2013-03-05 23:02 - 2013-03-05 23:02 - 00096782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avutil-50.dll

2013-03-05 23:02 - 2013-03-05 23:02 - 00160782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avformat-52.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-09 19:23 - 2014-05-09 19:23 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\aticfx32.dll

2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll

2014-05-24 10:19 - 2014-05-24 10:19 - 00000000 _____ () C:\Windows\system32\atidxx32.dll

==================== Alternate Data Streams (whitelisted) =========

 

==================== Safe Mode (whitelisted) ===================

 

==================== EXE Association (whitelisted) =============

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: Futuremark SystemInfo Service => 3

MSCONFIG\Services: TuneUp.UtilitiesSvc => 2

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: )

Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

].

 

Operation:

   Obtain a callable interface for this provider

   List interfaces for all providers supporting this context

   Query Shadow Copies

 

Context:

   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

   Snapshot Context: 13

   Snapshot Context: 13

   Execution Context: Coordinator

Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

Operation:

   Obtain a callable interface for this provider

   List interfaces for all providers supporting this context

   Query Shadow Copies

Context:

   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

   Snapshot Context: 13

   Snapshot Context: 13

   Execution Context: Coordinator

 

Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0x1170

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 12292) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

Operation:

   Obtain a callable interface for this provider

   List interfaces for all providers supporting this context

   Query Shadow Copies

Context:

   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

   Snapshot Context: 13

   Snapshot Context: 13

   Execution Context: Coordinator

 

Error: (05/28/2014 01:39:30 AM) (Source: VSS) (EventID: 13) (User: )

Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

Operation:

   Obtain a callable interface for this provider

   List interfaces for all providers supporting this context

   Query Shadow Copies

Context:

   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

   Snapshot Context: 13

   Snapshot Context: 13

   Execution Context: Coordinator

 

Error: (05/28/2014 01:22:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:21:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a117001cf7a3498eb1533C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exee2e5981d-e627-11e3-afa8-d43d7e90d9e5

 

CodeIntegrity Errors:

===================================

  Date: 2013-03-24 16:02:51.251

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-24 16:02:51.236

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-24 16:02:50.066

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-24 16:02:50.034

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

==================== Memory info ===========================

 

Percentage of memory in use: 15%

Total physical RAM: 15822.91 MB

Available physical RAM: 13367.36 MB

Total Pagefile: 79112.71 MB

Available Pagefile: 76525.71 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (Patriot_Pyro_SE_240GB_Win7-64Pro) (Fixed) (Total:223.57 GB) (Free:166.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Toshiba_2TB_Misc_203GB) (Fixed) (Total:203.33 GB) (Free:177.15 GB) NTFS

Drive e: (Seagate _2TB_Movies) (Fixed) (Total:1863.01 GB) (Free:816.01 GB) NTFS

Drive f: (Toshiba_2TB_Data_1.7TB) (Fixed) (Total:1659.69 GB) (Free:593.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 4D2652EF)

Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1E0C6B29)

Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77EA1D8F)

Partition 1: (Not Active) - (Size=203 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=-416948500992) - (Type=07 NTFS)

 

==================== End Of Log ============================

[lesvdavis]

Will post 5 DSS logs seperately. 

 #1.

10:09:16.0677 0x1638  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
10:09:22.0777 0x1638  ============================================================
10:09:22.0777 0x1638  Current date / time: 2014/05/27 10:09:22.0777
10:09:22.0777 0x1638  SystemInfo:
10:09:22.0777 0x1638  
10:09:22.0777 0x1638  OS Version: 6.1.7601 ServicePack: 1.0
10:09:22.0777 0x1638  Product type: Workstation
10:09:22.0777 0x1638  ComputerName: LES-PC
10:09:22.0778 0x1638  UserName: Les
10:09:22.0778 0x1638  Windows directory: C:\Windows
10:09:22.0778 0x1638  System windows directory: C:\Windows
10:09:22.0778 0x1638  Running under WOW64
10:09:22.0778 0x1638  Processor architecture: Intel x64
10:09:22.0778 0x1638  Number of processors: 4
10:09:22.0778 0x1638  Page size: 0x1000
10:09:22.0778 0x1638  Boot type: Normal boot
10:09:22.0778 0x1638  ============================================================
10:09:22.0873 0x1638  KLMD registered as C:\Windows\system32\drivers\10903881.sys
10:09:22.0982 0x1638  System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}
10:09:23.0423 0x1638  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0423 0x1638  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0660 0x1638  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:23.0694 0x1638  ============================================================
10:09:23.0694 0x1638  \Device\Harddisk0\DR0:
10:09:23.0695 0x1638  MBR partitions:
10:09:23.0695 0x1638  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800
10:09:23.0695 0x1638  \Device\Harddisk1\DR1:
10:09:23.0695 0x1638  MBR partitions:
10:09:23.0695 0x1638  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
10:09:23.0696 0x1638  \Device\Harddisk2\DR2:
10:09:23.0696 0x1638  MBR partitions:
10:09:23.0696 0x1638  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800
10:09:23.0696 0x1638  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763
10:09:23.0696 0x1638  ============================================================
10:09:23.0697 0x1638  C: <-> \Device\Harddisk0\DR0\Partition1
10:09:23.0722 0x1638  F: <-> \Device\Harddisk2\DR2\Partition2
10:09:23.0736 0x1638  D: <-> \Device\Harddisk2\DR2\Partition1
10:09:23.0771 0x1638  E: <-> \Device\Harddisk1\DR1\Partition1
10:09:23.0772 0x1638  ============================================================
10:09:23.0772 0x1638  Initialize success
10:09:23.0772 0x1638  ============================================================
10:11:43.0342 0x0534  KLMD registered as C:\Windows\system32\drivers\68159747.sys
10:11:44.0316 0x0534  Deinitialize success
 

[lesvdavis]

#2.

10:09:16.0677 0x1638  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03

10:09:22.0777 0x1638  ============================================================

10:09:22.0777 0x1638  Current date / time: 2014/05/27 10:09:22.0777

10:09:22.0777 0x1638  SystemInfo:

10:09:22.0777 0x1638 

10:09:22.0777 0x1638  OS Version: 6.1.7601 ServicePack: 1.0

10:09:22.0777 0x1638  Product type: Workstation

10:09:22.0777 0x1638  ComputerName: LES-PC

10:09:22.0778 0x1638  UserName: Les

10:09:22.0778 0x1638  Windows directory: C:\Windows

10:09:22.0778 0x1638  System windows directory: C:\Windows

10:09:22.0778 0x1638  Running under WOW64

10:09:22.0778 0x1638  Processor architecture: Intel x64

10:09:22.0778 0x1638  Number of processors: 4

10:09:22.0778 0x1638  Page size: 0x1000

10:09:22.0778 0x1638  Boot type: Normal boot

10:09:22.0778 0x1638  ============================================================

10:09:22.0873 0x1638  KLMD registered as C:\Windows\system32\drivers\10903881.sys

10:09:22.0982 0x1638  System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}

10:09:23.0423 0x1638  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:09:23.0423 0x1638  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:09:23.0660 0x1638  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:09:23.0694 0x1638  ============================================================

10:09:23.0694 0x1638  \Device\Harddisk0\DR0:

10:09:23.0695 0x1638  MBR partitions:

10:09:23.0695 0x1638  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800

10:09:23.0695 0x1638  \Device\Harddisk1\DR1:

10:09:23.0695 0x1638  MBR partitions:

10:09:23.0695 0x1638  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800

10:09:23.0696 0x1638  \Device\Harddisk2\DR2:

10:09:23.0696 0x1638  MBR partitions:

10:09:23.0696 0x1638  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800

10:09:23.0696 0x1638  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763

10:09:23.0696 0x1638  ============================================================

10:09:23.0697 0x1638  C: <-> \Device\Harddisk0\DR0\Partition1

10:09:23.0722 0x1638  F: <-> \Device\Harddisk2\DR2\Partition2

10:09:23.0736 0x1638  D: <-> \Device\Harddisk2\DR2\Partition1

10:09:23.0771 0x1638  E: <-> \Device\Harddisk1\DR1\Partition1

10:09:23.0772 0x1638  ============================================================

10:09:23.0772 0x1638  Initialize success

10:09:23.0772 0x1638  ============================================================

10:11:43.0342 0x0534  KLMD registered as C:\Windows\system32\drivers\68159747.sys

10:11:44.0316 0x0534  Deinitialize success

[lesvdavis]

Getting errors when trying to post #3. I will try again.

[lesvdavis]

#3. Part 1

10:16:06.0024 0x08b8  TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03

10:16:10.0332 0x08b8  ============================================================

10:16:10.0332 0x08b8  Current date / time: 2014/05/27 10:16:10.0332

10:16:10.0332 0x08b8  SystemInfo:

10:16:10.0332 0x08b8 

10:16:10.0332 0x08b8  OS Version: 6.1.7601 ServicePack: 1.0

10:16:10.0332 0x08b8  Product type: Workstation

10:16:10.0332 0x08b8  ComputerName: LES-PC

10:16:10.0340 0x08b8  UserName: Les

10:16:10.0340 0x08b8  Windows directory: C:\Windows

10:16:10.0340 0x08b8  System windows directory: C:\Windows

10:16:10.0340 0x08b8  Running under WOW64

10:16:10.0340 0x08b8  Processor architecture: Intel x64

10:16:10.0340 0x08b8  Number of processors: 4

10:16:10.0340 0x08b8  Page size: 0x1000

10:16:10.0340 0x08b8  Boot type: Normal boot

10:16:10.0340 0x08b8  ============================================================

10:16:10.0341 0x08b8  BG loaded

10:16:10.0469 0x08b8  System UUID: {5E570729-E8AF-109A-E14B-CEDF74BEF9BC}

10:16:10.0927 0x08b8  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:16:10.0927 0x08b8  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:16:10.0927 0x08b8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:16:10.0971 0x08b8  ============================================================

10:16:10.0971 0x08b8  \Device\Harddisk0\DR0:

10:16:10.0971 0x08b8  MBR partitions:

10:16:10.0971 0x08b8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23800

10:16:10.0972 0x08b8  \Device\Harddisk1\DR1:

10:16:11.0156 0x08b8  MBR partitions:

10:16:11.0156 0x08b8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800

10:16:11.0156 0x08b8  \Device\Harddisk2\DR2:

10:16:11.0156 0x08b8  MBR partitions:

10:16:11.0156 0x08b8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x196A8800

10:16:11.0156 0x08b8  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x196A9000, BlocksNum 0xCF75F763

10:16:11.0156 0x08b8  ============================================================

10:16:11.0160 0x08b8  C: <-> \Device\Harddisk0\DR0\Partition1

10:16:11.0178 0x08b8  F: <-> \Device\Harddisk2\DR2\Partition2

10:16:11.0192 0x08b8  D: <-> \Device\Harddisk2\DR2\Partition1

10:16:11.0206 0x08b8  E: <-> \Device\Harddisk1\DR1\Partition1

10:16:11.0206 0x08b8  ============================================================

10:16:11.0206 0x08b8  Initialize success

10:16:11.0206 0x08b8  ============================================================

10:16:24.0555 0x14ec  ============================================================

10:16:24.0555 0x14ec  Scan started

10:16:24.0555 0x14ec  Mode: Manual; SigCheck; TDLFS;

10:16:24.0555 0x14ec  ============================================================

10:16:24.0555 0x14ec  KSN ping started

10:16:38.0261 0x14ec  KSN ping finished: true

10:16:38.0349 0x14ec  ================ Scan system memory ========================

10:16:38.0349 0x14ec  System memory - ok

10:16:38.0349 0x14ec  ================ Scan services =============================

10:16:38.0382 0x14ec  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

10:16:38.0447 0x14ec  1394ohci - ok

10:16:38.0459 0x14ec  [ B41D55A432DEBCB3A6D665A9ACEF42FE, BC62EDD4FBEE37015A18984527009DEB0F1B354E64BD3B73956063223A6945F6 ] 37645424        C:\Windows\system32\drivers\24676752.sys

10:16:38.0472 0x14ec  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

10:16:38.0487 0x14ec  ACPI - ok

10:16:38.0491 0x14ec  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

10:16:38.0503 0x14ec  AcpiPmi - ok

10:16:38.0523 0x14ec  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:16:38.0536 0x14ec  AdobeFlashPlayerUpdateSvc - ok

10:16:38.0547 0x14ec  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

10:16:38.0565 0x14ec  adp94xx - ok

10:16:38.0575 0x14ec  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys

10:16:38.0590 0x14ec  adpahci - ok

10:16:38.0596 0x14ec  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

10:16:38.0608 0x14ec  adpu320 - ok

10:16:38.0614 0x14ec  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

10:16:38.0641 0x14ec  AeLookupSvc - ok

10:16:38.0653 0x14ec  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys

10:16:38.0674 0x14ec  AFD - ok

10:16:38.0678 0x14ec  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys

10:16:38.0688 0x14ec  agp440 - ok

10:16:38.0692 0x14ec  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe

10:16:38.0705 0x14ec  ALG - ok

10:16:38.0709 0x14ec  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys

10:16:38.0718 0x14ec  aliide - ok

10:16:38.0725 0x14ec  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

10:16:38.0744 0x14ec  AMD External Events Utility - ok

10:16:38.0747 0x14ec  AMD FUEL Service - ok

10:16:38.0752 0x14ec  [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193, E59E79AF44878AAC09DF5DE8CEDB9088800711553C7C7E358328274C116B46F9 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys

10:16:38.0769 0x14ec  amdhub30 - ok

10:16:38.0772 0x14ec  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys

10:16:38.0781 0x14ec  amdide - ok

10:16:38.0785 0x14ec  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys

10:16:38.0793 0x14ec  amdiox64 - ok

10:16:38.0797 0x14ec  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

10:16:38.0809 0x14ec  AmdK8 - ok

10:16:39.0010 0x14ec  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys

10:16:39.0265 0x14ec  amdkmdag - ok

10:16:39.0292 0x14ec  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys

10:16:39.0316 0x14ec  amdkmdap - ok

10:16:39.0321 0x14ec  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

10:16:39.0332 0x14ec  AmdPPM - ok

10:16:39.0337 0x14ec  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

10:16:39.0348 0x14ec  amdsata - ok

10:16:39.0355 0x14ec  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

10:16:39.0367 0x14ec  amdsbs - ok

10:16:39.0370 0x14ec  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys

10:16:39.0379 0x14ec  amdxata - ok

10:16:39.0386 0x14ec  [ 541A6C49C792ED71FB3EFF8C815CFE60, BC8D740C980CA60C06364CB75BDA323A1604C4CFAF753FD8C44D2FF312C6C7E1 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys

10:16:39.0397 0x14ec  amdxhc - ok

10:16:39.0402 0x14ec  [ A1434F35B7B171CB697D74D33F7D029F, 97688D8C388066D02036DEF388AD7D8BE55DB268185CECE88128195D87422496 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys

10:16:39.0411 0x14ec  amd_sata - ok

10:16:39.0414 0x14ec  [ E9B5A82FA268BB2D1B012030D5F4E096, 9EBE4DD2B86EE62D5E47ED85FC6271FE66A5A564227C7C8B7A576FD54A2CFACB ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys

10:16:39.0422 0x14ec  amd_xata - ok

10:16:39.0425 0x14ec  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

10:16:39.0433 0x14ec  AODDriver4.2 - ok

10:16:39.0437 0x14ec  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys

10:16:39.0463 0x14ec  AppID - ok

10:16:39.0468 0x14ec  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

10:16:39.0494 0x14ec  AppIDSvc - ok

10:16:39.0498 0x14ec  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll

10:16:39.0511 0x14ec  Appinfo - ok

10:16:39.0517 0x14ec  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll

10:16:39.0531 0x14ec  AppMgmt - ok

10:16:39.0536 0x14ec  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys

10:16:39.0546 0x14ec  arc - ok

10:16:39.0550 0x14ec  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys

10:16:39.0560 0x14ec  arcsas - ok

10:16:39.0571 0x14ec  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:16:39.0582 0x14ec  aspnet_state - ok

10:16:39.0586 0x14ec  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

10:16:39.0612 0x14ec  AsyncMac - ok

10:16:39.0615 0x14ec  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys

10:16:39.0624 0x14ec  atapi - ok

10:16:39.0630 0x14ec  [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

10:16:39.0642 0x14ec  AtiHDAudioService - ok

10:16:39.0657 0x14ec  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:16:39.0697 0x14ec  AudioEndpointBuilder - ok

10:16:39.0711 0x14ec  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

10:16:39.0751 0x14ec  AudioSrv - ok

10:16:39.0759 0x14ec  [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys

10:16:39.0770 0x14ec  Avgdiska - ok

10:16:39.0775 0x14ec  [ CA10D51653068DB6A0ADEEDDC4946C47, 6E731B28C38ED2BA48CF4855EBBF8B548D45C8DB8ABD9521E5516227CA68072B ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys

10:16:39.0783 0x14ec  Avgfwfd - ok

10:16:39.0815 0x14ec  [ E578BE6020D03900A2062778B6D52226, BCE022157B696FE21D95A4C4386264BF637803B0C32BB4DB5E9D8BA166D51F9A ] avgfws          C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

10:16:39.0852 0x14ec  avgfws - ok

10:16:39.0921 0x14ec  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

10:16:39.0997 0x14ec  AVGIDSAgent - ok

10:16:40.0011 0x14ec  [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys

10:16:40.0023 0x14ec  AVGIDSDriver - ok

10:16:40.0029 0x14ec  [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys

10:16:40.0041 0x14ec  AVGIDSHA - ok

10:16:40.0048 0x14ec  [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys

10:16:40.0060 0x14ec  Avgldx64 - ok

10:16:40.0069 0x14ec  [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys

10:16:40.0083 0x14ec  Avgloga - ok

10:16:40.0089 0x14ec  [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys

10:16:40.0099 0x14ec  Avgmfx64 - ok

10:16:40.0102 0x14ec  [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys

10:16:40.0111 0x14ec  Avgrkx64 - ok

10:16:40.0119 0x14ec  [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys

10:16:40.0132 0x14ec  Avgtdia - ok

10:16:40.0140 0x14ec  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

10:16:40.0153 0x14ec  avgwd - ok

10:16:40.0159 0x14ec  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll

10:16:40.0175 0x14ec  AxInstSV - ok

10:16:40.0186 0x14ec  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys

10:16:40.0210 0x14ec  b06bdrv - ok

10:16:40.0218 0x14ec  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

10:16:40.0235 0x14ec  b57nd60a - ok

10:16:40.0241 0x14ec  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll

10:16:40.0253 0x14ec  BDESVC - ok

10:16:40.0256 0x14ec  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys

10:16:40.0282 0x14ec  Beep - ok

10:16:40.0286 0x14ec  BelkinAPMmonitor - ok

10:16:40.0289 0x14ec  BelkinAPMRMI - ok

10:16:40.0306 0x14ec  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll

10:16:40.0332 0x14ec  BFE - ok

10:16:40.0350 0x14ec  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll

10:16:40.0394 0x14ec  BITS - ok

10:16:40.0399 0x14ec  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

10:16:40.0411 0x14ec  blbdrive - ok

10:16:40.0415 0x14ec  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

10:16:40.0427 0x14ec  bowser - ok

10:16:40.0431 0x14ec  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

10:16:40.0444 0x14ec  BrFiltLo - ok

10:16:40.0447 0x14ec  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

10:16:40.0460 0x14ec  BrFiltUp - ok

10:16:40.0465 0x14ec  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll

[lesvdavis]

#3. Part 2.

 

I am getting all sorts of weird errors when trying to post. Please let me know if you need the last 2 1/2 TDSS files and how to post them.

 

Thank you again for your wonderful and kind assistance!

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

--------------------------------
 

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

 

It appears that your Google Chrome Preferences are corrupt, follow the directs at the link below to resolve that:
https://support.google.com/chrome/answer/142059?hl=en#

-------------------------------------

Let me know how it is and what problems if any remain.

MrC

[lesvdavis]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02

Ran by Les at 2014-05-30 17:46:43 Run:1

Running from C:\Users\Les\Desktop\PopUp\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Program Files\pcreg

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-05-25] ()

2014-05-25 04:38 - 2014-05-27 11:18 - 00003684 _____ () C:\Windows\System32\Tasks\pcreg

C:\Users\Les\AppData\Local\Temp\Quarantine.exe

Task: {4E1CB343-3127-404F-8A35-64A7487E3021} - System32\Tasks\0 => Iexplore.exe 

Task: {59F155FD-F31F-41CB-B50E-762342510C11} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File

Task: {F38CC064-C0BD-4A70-BCB1-E14880C749E5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe

 

*****************

 

C:\Program Files\pcreg => Moved successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.

HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.

pcregservice => Service stopped successfully.

pcregservice => Service deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

C:\Users\Les\AppData\Local\Temp\Quarantine.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1CB343-3127-404F-8A35-64A7487E3021} => Key deleted successfully.

C:\Windows\System32\Tasks\0 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F155FD-F31F-41CB-B50E-762342510C11} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F38CC064-C0BD-4A70-BCB1-E14880C749E5} => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.

 

==== End of Fixlog ====

[lesvdavis]

I am sorry for not responding sooner, but I was in the hospital and have just returned. I Ran FRST and the log is above. I do not have Chrome set up on this computer. Do I need to do anything about its preferences?

 

Thank uou.

[MrCharlie]

I do not have Chrome set up on this computer. Do I need to do anything about its preferences?
No, not if it's not installed.

Update and run a scan with MB and let me know how it is, MrC

[lesvdavis]

Thank you so much!!!!! I have run MB and AV scans and everything seems fine so far. I cannot express how greatful I am!!!!

[MrCharlie]

Good, if there's no other problems.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC