Interpol Ransomware

[thunder834]

Posting this because I have run out of options. Would appreciate any help given as I am doing this for another person and am really pressed for time. Again, thanks in advance.

 

Desktop running windows 7 home premium was infected with a Canadian localized Interpol Ransomware.

• I tried to boot from a usb with Kickstart Hitman Pro and from a DVD with Kaspersky Rescue - none of these methods worked.
• Trying to boot from a usb by editing both the boot order (f12) and the boot order in the bios resulted in a black screen prompting me to select the type of generic usb I wished to boot from, an indicator that it was not recognising the usb. As a side note, I will mention that I tested the usb before hand on a seperate pc and was successful.
• I will also mention that booting with safemode in any fashion results in a forced restart back to regular windows.

After searching around, I came across this topic: https://forums.malwarebytes.org/index.php?showtopic=130366 and attempted the method first reccomended by MrCharlie using Farbar recovery. I went into advanced options and scanned the system, obtaining the text file FRST.txt.

 

The usb I used is currently still in the problem computer (which is still running with the FRST.txt document open after the scan) and, as every situation like this is unique, I decided to post this before continuing with any other steps.

 

My question now is, do I press the Fix button on the Farbar Recovery Software (to the right of the scan button), or do I shut down the computer, remove the usb, and recover FRST.txt and post it here before continuing.

 

As I mentioned, I am pressed for time. Thanks again in advance.

[thunder834]

Edit: Contents of FRST.txt mentioned in orginal post.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by SYSTEM on MININT-E90OBL0 on 05-06-2014 18:51:03
Running from L:\
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-15] (APN)
HKLM-x32\...\Run: [shopAtHomeWatcher] => C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [128656 2014-01-14] (ShopAtHome.com)
HKLM-x32\...\Run: [shopAtHomeUpdater] => C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [201872 2014-01-14] (ShopAtHome.com)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\BRIAN\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-09] (Google Inc.)
HKU\BRIAN\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\BRIAN\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
Startup: C:\Users\BRIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\9056597ABA2EC027A08021CC59397722\ejrshjz8.cpp (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-15] (APN LLC.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-04-23] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S4 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [1487624 2009-06-08] (Raxco Software, Inc.)
S4 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1481992 2009-06-08] (Raxco Software, Inc.)
S4 RadialpointIDSAgent; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [5832712 2009-11-02] (AVG Technologies CZ, s.r.o.)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S4 ServicepointService; C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [689464 2011-01-06] (Radialpoint Inc.)
S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S2 Winmgmt; C:\ProgramData\9056597ABA2EC027A08021CC59397722\8zjhsrje.dot [333052 2014-06-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [431176 2011-12-13] (BitDefender)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 RadialpointIDSDriver; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [132616 2009-11-02] (AVG Technologies )
S0 RadialpointIDSEH; C:\Windows\SysWow64\drivers\AVGIDSEH.sys [27144 2009-11-02] (AVG Technologies )
S3 RadialpointIDSFilter; C:\Program Files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [35848 2009-11-02] (AVG Technologies )
S3 RPPKT; C:\Windows\System32\DRIVERS\rp_pkt64.sys [59136 2012-07-21] (Radialpoint, Inc.)
S2 RPSKT; C:\Windows\System32\DRIVERS\rp_skt64.sys [71456 2012-07-21] (Radialpoint Inc.)
S1 StarOpen; No ImagePath
S4 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2011-12-13] (BitDefender S.R.L.)
S2 Radialpoint Security Services;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 18:50 - 2014-06-05 18:51 - 00000000 ____D () C:\FRST
2014-06-04 13:43 - 2014-06-04 13:44 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4068-F.txt
2014-06-03 16:04 - 2014-06-03 16:04 - 00000356 _____ () C:\ProgramData\RUNDLL32.EXE-3240-F.txt
2014-06-03 15:58 - 2014-06-03 16:02 - 00002498 _____ () C:\ProgramData\RUNDLL32.EXE-3028-F.txt
2014-06-03 14:37 - 2014-06-03 15:48 - 00031177 _____ () C:\ProgramData\RUNDLL32.EXE-2896-F.txt
2014-06-03 10:32 - 2014-06-03 11:06 - 00018652 _____ () C:\ProgramData\RUNDLL32.EXE-3084-F.txt
2014-06-03 10:28 - 2014-06-03 10:31 - 00001280 _____ () C:\ProgramData\RUNDLL32.EXE-4352-F.txt
2014-06-03 10:27 - 2014-06-03 10:28 - 00000966 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-06-03 05:59 - 2014-06-03 08:35 - 00023666 _____ () C:\ProgramData\RUNDLL32.EXE-3040-F.txt
2014-06-03 01:08 - 2014-06-03 01:36 - 00015647 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt
2014-06-02 18:04 - 2014-06-02 18:23 - 00010771 _____ () C:\ProgramData\RUNDLL32.EXE-3376-F.txt
2014-06-02 16:25 - 2014-06-02 16:57 - 00018098 _____ () C:\ProgramData\RUNDLL32.EXE-3136-F.txt
2014-06-02 12:34 - 2014-06-02 12:39 - 00003446 _____ () C:\ProgramData\RUNDLL32.EXE-3696-F.txt
2014-06-02 11:34 - 2014-06-02 11:54 - 00009962 _____ () C:\ProgramData\RUNDLL32.EXE-3808-F.txt
2014-06-02 11:02 - 2014-06-02 11:05 - 00002091 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-02 10:39 - 2014-06-02 10:59 - 00011169 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt
2014-06-02 10:36 - 2014-06-02 10:38 - 00001000 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt
2014-06-02 10:09 - 2014-06-02 10:36 - 00015363 _____ () C:\ProgramData\RUNDLL32.EXE-3604-F.txt
2014-06-02 10:07 - 2014-06-02 10:09 - 00001143 _____ () C:\ProgramData\RUNDLL32.EXE-2992-F.txt
2014-06-02 08:15 - 2014-06-02 08:39 - 00014030 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt
2014-06-02 07:34 - 2014-06-02 07:35 - 00000981 _____ () C:\ProgramData\RUNDLL32.EXE-3764-F.txt
2014-06-02 07:28 - 2014-06-02 07:33 - 00002954 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-02 06:27 - 2014-06-02 06:30 - 00002299 _____ () C:\ProgramData\RUNDLL32.EXE-2928-F.txt
2014-06-02 05:19 - 2014-06-02 06:12 - 00017099 _____ () C:\ProgramData\RUNDLL32.EXE-2204-F.txt
2014-06-02 04:25 - 2014-06-02 04:52 - 00015351 _____ () C:\ProgramData\RUNDLL32.EXE-2668-F.txt
2014-06-02 01:13 - 2014-06-02 03:37 - 00022354 _____ () C:\ProgramData\RUNDLL32.EXE-3232-F.txt
2014-06-01 23:57 - 2014-06-02 00:30 - 00018757 _____ () C:\ProgramData\RUNDLL32.EXE-3076-F.txt
2014-06-01 18:47 - 2014-06-01 18:58 - 00006143 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-06-01 18:14 - 2014-06-01 18:25 - 00006268 _____ () C:\ProgramData\RUNDLL32.EXE-2676-F.txt
2014-06-01 17:45 - 2014-06-01 17:46 - 00000775 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt
2014-06-01 17:42 - 2014-06-01 17:42 - 00000242 _____ () C:\ProgramData\RUNDLL32.EXE-4308-F.txt
2014-06-01 17:33 - 2014-06-01 17:42 - 00005190 _____ () C:\ProgramData\RUNDLL32.EXE-4188-F.txt
2014-06-01 17:25 - 2014-06-01 17:30 - 00002952 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-01 17:17 - 2014-06-01 17:23 - 00003647 _____ () C:\ProgramData\RUNDLL32.EXE-4232-F.txt
2014-06-01 17:11 - 2014-06-01 17:13 - 00001437 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt
2014-06-01 17:08 - 2014-06-01 17:09 - 00000290 _____ () C:\ProgramData\RUNDLL32.EXE-4472-F.txt
2014-06-01 17:04 - 2014-06-01 17:08 - 00002197 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-06-01 16:26 - 2014-06-01 17:01 - 00012485 _____ () C:\ProgramData\RUNDLL32.EXE-3120-F.txt
2014-06-01 16:18 - 2014-06-01 16:24 - 00003156 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-01 16:15 - 2014-06-03 05:25 - 00052593 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt
2014-06-01 16:04 - 2014-06-01 16:10 - 00003551 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-01 16:01 - 2014-06-02 10:01 - 00013220 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-06-01 15:58 - 2014-06-01 15:59 - 00000717 _____ () C:\ProgramData\RUNDLL32.EXE-5768-F.txt
2014-06-01 15:57 - 2014-06-01 15:57 - 00000482 _____ () C:\ProgramData\RUNDLL32.EXE-3116-F.txt
2014-06-01 15:54 - 2014-06-01 15:56 - 00001372 _____ () C:\ProgramData\RUNDLL32.EXE-4364-F.txt
2014-06-01 15:46 - 2014-06-01 15:54 - 00000000 ____D () C:\ProgramData\9056597ABA2EC027A08021CC59397722
2014-05-29 07:13 - 2014-05-29 07:13 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-05-29 07:13 - 2014-05-29 07:13 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\ShopAtHome
2014-05-29 07:09 - 2014-05-29 07:09 - 00010337 _____ () C:\Users\BRIAN\Documents\BARRELL OF GOODIES 2013.xlsx
2014-05-28 06:56 - 2014-05-28 06:56 - 13316096 _____ () C:\Users\BRIAN\CALVARY GOSPEL CHURCH DEC 2013 (Backup 28 May 2014  10 56 AM)CALVARY.QBB
2014-05-27 10:33 - 2014-05-27 12:47 - 00011375 _____ () C:\Users\BRIAN\Documents\SPUD BUGGY 2013.xlsx
2014-05-26 06:37 - 2014-05-26 08:38 - 00013919 _____ () C:\Users\BRIAN\Documents\CURLING CLUB SALES MARCH 2014.xlsx
2014-05-23 17:15 - 2014-05-23 17:16 - 00000000 ____D () C:\Program Files (x86)\AddThis Toolbar
2014-05-23 16:31 - 2014-05-23 16:31 - 00000134 _____ () C:\Users\BRIAN\Desktop\Internet Explorer Troubleshooting.url
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\APN
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-05-23 15:31 - 2014-05-23 15:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 15:31 - 2014-04-14 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-23 15:31 - 2014-04-14 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-23 15:31 - 2014-04-14 16:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-23 15:31 - 2014-04-14 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-23 15:30 - 2014-05-23 15:31 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-06-05 18:51 - 2014-06-05 18:50 - 00000000 ____D () C:\FRST
2014-06-05 13:59 - 2010-09-16 12:13 - 02096842 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 13:59 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 13:59 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 13:55 - 2011-02-09 09:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 13:53 - 2009-07-13 20:51 - 00153979 _____ () C:\Windows\setupact.log
2014-06-05 13:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 13:44 - 2014-06-04 13:43 - 00000168 _____ () C:\ProgramData\RUNDLL32.EXE-4068-F.txt
2014-06-04 13:43 - 2011-02-09 09:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 13:43 - 2011-02-09 09:09 - 00000000 ____D () C:\Users\BRIAN\AppData\Local\Temp
2014-06-04 13:42 - 2009-07-13 21:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 16:04 - 2014-06-03 16:04 - 00000356 _____ () C:\ProgramData\RUNDLL32.EXE-3240-F.txt
2014-06-03 16:02 - 2014-06-03 15:58 - 00002498 _____ () C:\ProgramData\RUNDLL32.EXE-3028-F.txt
2014-06-03 15:56 - 2013-11-15 02:39 - 01707364 _____ () C:\Windows\IE11_main.log
2014-06-03 15:48 - 2014-06-03 14:37 - 00031177 _____ () C:\ProgramData\RUNDLL32.EXE-2896-F.txt
2014-06-03 15:42 - 2012-04-01 01:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 15:37 - 2014-01-13 07:15 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\Skype
2014-06-03 14:54 - 2013-07-03 07:36 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-03 11:06 - 2014-06-03 10:32 - 00018652 _____ () C:\ProgramData\RUNDLL32.EXE-3084-F.txt
2014-06-03 10:31 - 2014-06-03 10:28 - 00001280 _____ () C:\ProgramData\RUNDLL32.EXE-4352-F.txt
2014-06-03 10:28 - 2014-06-03 10:27 - 00000966 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt
2014-06-03 08:35 - 2014-06-03 05:59 - 00023666 _____ () C:\ProgramData\RUNDLL32.EXE-3040-F.txt
2014-06-03 05:25 - 2014-06-01 16:15 - 00052593 _____ () C:\ProgramData\RUNDLL32.EXE-3224-F.txt
2014-06-03 01:36 - 2014-06-03 01:08 - 00015647 _____ () C:\ProgramData\RUNDLL32.EXE-4100-F.txt
2014-06-02 18:23 - 2014-06-02 18:04 - 00010771 _____ () C:\ProgramData\RUNDLL32.EXE-3376-F.txt
2014-06-02 16:57 - 2014-06-02 16:25 - 00018098 _____ () C:\ProgramData\RUNDLL32.EXE-3136-F.txt
2014-06-02 12:39 - 2014-06-02 12:34 - 00003446 _____ () C:\ProgramData\RUNDLL32.EXE-3696-F.txt
2014-06-02 11:54 - 2014-06-02 11:34 - 00009962 _____ () C:\ProgramData\RUNDLL32.EXE-3808-F.txt
2014-06-02 11:05 - 2014-06-02 11:02 - 00002091 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-02 10:59 - 2014-06-02 10:39 - 00011169 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt
2014-06-02 10:38 - 2014-06-02 10:36 - 00001000 _____ () C:\ProgramData\RUNDLL32.EXE-2460-F.txt
2014-06-02 10:36 - 2014-06-02 10:09 - 00015363 _____ () C:\ProgramData\RUNDLL32.EXE-3604-F.txt
2014-06-02 10:09 - 2014-06-02 10:07 - 00001143 _____ () C:\ProgramData\RUNDLL32.EXE-2992-F.txt
2014-06-02 10:01 - 2014-06-01 16:01 - 00013220 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-06-02 08:39 - 2014-06-02 08:15 - 00014030 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt
2014-06-02 07:35 - 2014-06-02 07:34 - 00000981 _____ () C:\ProgramData\RUNDLL32.EXE-3764-F.txt
2014-06-02 07:33 - 2014-06-02 07:28 - 00002954 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-06-02 06:30 - 2014-06-02 06:27 - 00002299 _____ () C:\ProgramData\RUNDLL32.EXE-2928-F.txt
2014-06-02 06:12 - 2014-06-02 05:19 - 00017099 _____ () C:\ProgramData\RUNDLL32.EXE-2204-F.txt
2014-06-02 04:52 - 2014-06-02 04:25 - 00015351 _____ () C:\ProgramData\RUNDLL32.EXE-2668-F.txt
2014-06-02 03:37 - 2014-06-02 01:13 - 00022354 _____ () C:\ProgramData\RUNDLL32.EXE-3232-F.txt
2014-06-02 00:30 - 2014-06-01 23:57 - 00018757 _____ () C:\ProgramData\RUNDLL32.EXE-3076-F.txt
2014-06-01 18:58 - 2014-06-01 18:47 - 00006143 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-06-01 18:25 - 2014-06-01 18:14 - 00006268 _____ () C:\ProgramData\RUNDLL32.EXE-2676-F.txt
2014-06-01 17:46 - 2014-06-01 17:45 - 00000775 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt
2014-06-01 17:42 - 2014-06-01 17:42 - 00000242 _____ () C:\ProgramData\RUNDLL32.EXE-4308-F.txt
2014-06-01 17:42 - 2014-06-01 17:33 - 00005190 _____ () C:\ProgramData\RUNDLL32.EXE-4188-F.txt
2014-06-01 17:30 - 2014-06-01 17:25 - 00002952 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-01 17:23 - 2014-06-01 17:17 - 00003647 _____ () C:\ProgramData\RUNDLL32.EXE-4232-F.txt
2014-06-01 17:13 - 2014-06-01 17:11 - 00001437 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt
2014-06-01 17:09 - 2014-06-01 17:08 - 00000290 _____ () C:\ProgramData\RUNDLL32.EXE-4472-F.txt
2014-06-01 17:08 - 2014-06-01 17:04 - 00002197 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-06-01 17:01 - 2014-06-01 16:26 - 00012485 _____ () C:\ProgramData\RUNDLL32.EXE-3120-F.txt
2014-06-01 16:24 - 2014-06-01 16:18 - 00003156 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-01 16:10 - 2014-06-01 16:04 - 00003551 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-01 15:59 - 2014-06-01 15:58 - 00000717 _____ () C:\ProgramData\RUNDLL32.EXE-5768-F.txt
2014-06-01 15:57 - 2014-06-01 15:57 - 00000482 _____ () C:\ProgramData\RUNDLL32.EXE-3116-F.txt
2014-06-01 15:56 - 2014-06-01 15:54 - 00001372 _____ () C:\ProgramData\RUNDLL32.EXE-4364-F.txt
2014-06-01 15:54 - 2014-06-01 15:46 - 00000000 ____D () C:\ProgramData\9056597ABA2EC027A08021CC59397722
2014-06-01 03:40 - 2014-01-19 03:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-01 03:40 - 2010-09-16 12:09 - 00223458 _____ () C:\Windows\PFRO.log
2014-05-31 16:38 - 2014-01-19 02:41 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-05-31 16:38 - 2014-01-19 02:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-29 07:26 - 2011-02-10 08:40 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\SoftGrid Client
2014-05-29 07:13 - 2014-05-29 07:13 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-05-29 07:13 - 2014-05-29 07:13 - 00000000 ____D () C:\Users\BRIAN\AppData\Roaming\ShopAtHome
2014-05-29 07:09 - 2014-05-29 07:09 - 00010337 _____ () C:\Users\BRIAN\Documents\BARRELL OF GOODIES 2013.xlsx
2014-05-28 06:56 - 2014-05-28 06:56 - 13316096 _____ () C:\Users\BRIAN\CALVARY GOSPEL CHURCH DEC 2013 (Backup 28 May 2014  10 56 AM)CALVARY.QBB
2014-05-28 06:56 - 2011-02-09 09:09 - 00000000 ____D () C:\users\BRIAN
2014-05-28 04:47 - 2009-07-13 21:13 - 00796684 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-27 12:47 - 2014-05-27 10:33 - 00011375 _____ () C:\Users\BRIAN\Documents\SPUD BUGGY 2013.xlsx
2014-05-27 09:21 - 2014-02-07 11:55 - 00013259 _____ () C:\Users\BRIAN\Documents\D & D FABRICATORS 2014 PAYROLL.xlsx
2014-05-26 08:38 - 2014-05-26 06:37 - 00013919 _____ () C:\Users\BRIAN\Documents\CURLING CLUB SALES MARCH 2014.xlsx
2014-05-24 17:43 - 2012-09-05 16:51 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 17:16 - 2014-05-23 17:15 - 00000000 ____D () C:\Program Files (x86)\AddThis Toolbar
2014-05-23 16:44 - 2014-02-14 03:12 - 310684512 _____ () C:\Users\BRIAN\Downloads\TXPT1212013.exe
2014-05-23 16:44 - 2014-02-12 12:21 - 309930848 _____ () C:\Users\BRIAN\Downloads\TXPT1202013.exe
2014-05-23 16:31 - 2014-05-23 16:31 - 00000134 _____ () C:\Users\BRIAN\Desktop\Internet Explorer Troubleshooting.url
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\ProgramData\APN
2014-05-23 15:33 - 2014-05-23 15:33 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-05-23 15:31 - 2014-05-23 15:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 15:31 - 2014-05-23 15:30 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-23 15:31 - 2013-04-24 15:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 09:58 - 2013-11-22 06:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-23 07:58 - 2013-07-03 07:24 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-19 02:27 - 2012-04-01 01:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-19 02:27 - 2012-04-01 01:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-19 02:27 - 2011-10-08 11:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 18:47 - 2013-08-02 03:51 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-17 18:45 - 2011-02-09 11:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-09 12:50 - 2011-02-09 09:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 12:50 - 2011-02-09 09:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 09:55 - 2011-02-15 07:53 - 00000000 ____D () C:\Users\BRIAN\Desktop\2009 clients

Some content of TEMP:
====================
C:\Users\BRIAN\AppData\Local\Temp\APNSetup.exe
C:\Users\BRIAN\AppData\Local\Temp\ApnStub.exe
C:\Users\BRIAN\AppData\Local\Temp\contentDATs.exe
C:\Users\BRIAN\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\BRIAN\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\BRIAN\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\BRIAN\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\BRIAN\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\BRIAN\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\BRIAN\AppData\Local\Temp\OfficeSetup.exe
C:\Users\BRIAN\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\BRIAN\AppData\Local\Temp\setup.exe
C:\Users\BRIAN\AppData\Local\Temp\wst.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-31 18:47:59
Restore point made on: 2014-06-01 03:47:53
Restore point made on: 2014-06-01 09:07:57
Restore point made on: 2014-06-01 15:16:16
Restore point made on: 2014-06-01 18:26:28
Restore point made on: 2014-06-01 18:58:39
Restore point made on: 2014-06-02 00:07:55
Restore point made on: 2014-06-02 00:31:13
Restore point made on: 2014-06-02 03:37:55
Restore point made on: 2014-06-02 04:53:17
Restore point made on: 2014-06-02 05:30:58
Restore point made on: 2014-06-02 06:13:11
Restore point made on: 2014-06-02 08:39:33
Restore point made on: 2014-06-02 10:32:34
Restore point made on: 2014-06-02 11:54:53
Restore point made on: 2014-06-02 16:37:04
Restore point made on: 2014-06-02 16:58:12
Restore point made on: 2014-06-02 18:23:37
Restore point made on: 2014-06-03 01:20:10
Restore point made on: 2014-06-03 01:37:12
Restore point made on: 2014-06-03 07:21:52
Restore point made on: 2014-06-03 14:47:33
Restore point made on: 2014-06-03 15:49:27

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3959.07 MB
Available physical RAM: 3175.83 MB
Total Pagefile: 3957.22 MB
Available Pagefile: 3177.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:910.41 GB) (Free:812.01 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:21 GB) (Free:9.78 GB) NTFS
Drive l: (RESCUE) (Removable) (Total:1.95 GB) (Free:1.91 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 54A10AB5)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=910 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 2 GB) (Disk ID: 7EB63169)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)


LastRegBack: 2014-06-02 04:47

==================== End Of Log ============================

[Maurice Naggar]

Hello thunder,

 

Save the attached file Fixlist.txt    to the same location where you have FRST.exe   ---- the USB-flash drive.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

 

You will need to be booted up  just as before.

 

Run FRST again but this time press the "Fix" button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST.
Please attach the Fixlog.txt  into a reply.

Fixlist.txt

[thunder834]

Thanks for the reply.

Fixlog.txt

[Maurice Naggar]

Hello,

 

That was a good run.  Next, remove and put away the USB-flash.   Restart Windows normally.

 

Then start the Malwarebytes Anti-Malware and do a Threat scan.

 

Start the Anti-Malware program.
on the Dashboard, click the Scan Now >> ( link)  button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In some cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.



Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

[thunder834]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/06/2014

Scan Time: 6:12:20 PM

Logfile: ScanLog.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.10.08

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: BRIAN

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 613653

Time Elapsed: 6 hr, 33 min, 7 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 136

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ShopAtHome.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ShopAtHome.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SearchProviderManager.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SearchProviderManager, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SearchProviderManager, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SearchProviderManager.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DC4F1329-2852-42D3-83F1-ED8DF06E3EC7}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ComObject.DeskbarEnabler.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ComObject.DeskbarEnabler, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ComObject.DeskbarEnabler, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ComObject.DeskbarEnabler.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{03E4029F-C6AE-4EA3-90D0-B5486E6E7B27}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{24A03F91-74C3-4F6B-9B90-AFCBB66550F2}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77D7FD01-77CB-4DF4-B734-8964873C4864}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03E4029F-C6AE-4EA3-90D0-B5486E6E7B27}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{24A03F91-74C3-4F6B-9B90-AFCBB66550F2}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77D7FD01-77CB-4DF4-B734-8964873C4864}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.ShopAtHome.3, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.ShopAtHome, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.IEToolbar, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.IEToolbar.1, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopAtHome.ShopAtHome.3, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

Trojan.Vundo, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [6f430e657b00b18552c978f4cf33d62a], 

Trojan.Vundo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [6f430e657b00b18552c978f4cf33d62a], 

PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}, Quarantined, [268cf47f8af1fc3a1f0caacace34a858], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E5D4A0-EB88-496F-86FB-98245CC7E2BF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37077AAC-4B01-4F6C-BC26-BA1749F82E6C}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{598C6DDE-F8F9-40F8-A285-D046EBCAC0C7}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{613AF196-98A9-47EA-B023-C482A35809A6}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{754C9F4B-EE14-4091-ADDD-7B86143B8A78}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8356EB36-940E-4D90-B333-1C4B6CD9D6A5}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8EBC7B5B-3382-41F2-BE35-8EFCB1391F1A}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{983C8B61-9671-4455-B0CA-1F3EE75A7FD3}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A098BA94-2F87-4F4F-9062-185ED50DCDB4}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A09DA3F5-AD91-4D71-A5B9-C1CD1AFAE277}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ADEE9C4F-57F7-4B98-8FB6-6998B87E66CF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF7C3D1C-67F5-4CDA-9FD7-B9194FF00067}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C4FA00B4-4C70-47B4-B81A-D5B7A2119A88}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DD0074D1-BA7D-4169-856D-BFBE6C3D6E52}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE8A03FE-E65F-4EA2-92B4-42FFAE92FEEC}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F98AABFC-EC60-465B-BFC2-AE281A1FE08D}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7AD4FE-7792-4906-8FCE-9367D1BF3C30}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E5D4A0-EB88-496F-86FB-98245CC7E2BF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37077AAC-4B01-4F6C-BC26-BA1749F82E6C}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{598C6DDE-F8F9-40F8-A285-D046EBCAC0C7}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{613AF196-98A9-47EA-B023-C482A35809A6}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{754C9F4B-EE14-4091-ADDD-7B86143B8A78}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8356EB36-940E-4D90-B333-1C4B6CD9D6A5}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8EBC7B5B-3382-41F2-BE35-8EFCB1391F1A}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{983C8B61-9671-4455-B0CA-1F3EE75A7FD3}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A098BA94-2F87-4F4F-9062-185ED50DCDB4}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A09DA3F5-AD91-4D71-A5B9-C1CD1AFAE277}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ADEE9C4F-57F7-4B98-8FB6-6998B87E66CF}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AF7C3D1C-67F5-4CDA-9FD7-B9194FF00067}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C4FA00B4-4C70-47B4-B81A-D5B7A2119A88}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DD0074D1-BA7D-4169-856D-BFBE6C3D6E52}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE8A03FE-E65F-4EA2-92B4-42FFAE92FEEC}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F98AABFC-EC60-465B-BFC2-AE281A1FE08D}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7AD4FE-7792-4906-8FCE-9367D1BF3C30}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}, Quarantined, [2d85fc770378ab8b6d045111da27d12f], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopAtHome.com Toolbar, Quarantined, [dcd6f083720972c4531f0b5723de37c9], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{76481128-CCDC-4073-8F65-B06F23B138FC}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EDB980C4-AAC0-41A8-A406-2FB4D196B0D8}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EDB980C4-AAC0-41A8-A406-2FB4D196B0D8}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{76481128-CCDC-4073-8F65-B06F23B138FC}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ShopAtHome.com, Quarantined, [ebc73b3808735adc01f42b898b77ca36], 

PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-2618832000-1614312418-3965872917-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [c2f00271c8b35bdbaf46d4dfc141a55b], 

 

Registry Values: 2

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [cfe3e68d067586b00858d16c14ee15eb], 

 

Registry Data: 0

(No malicious items detected)

 

Folders: 8

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], 

PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts, Quarantined, [4d6579fafb802610b3843163b34f1ae6], 

PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr, Quarantined, [4d6579fafb802610b3843163b34f1ae6], 

PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr\1.bin, Quarantined, [4d6579fafb802610b3843163b34f1ae6], 

PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome, Quarantined, [4d6579fafb802610b3843163b34f1ae6], 

 

Files: 53

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll, Quarantined, [a0128ee5e497aa8c87d9d46940c2b050], 

Trojan.FakeMS.SVSGen, C:\Users\BRIAN\AppData\Local\Temp\wst.dll, Quarantined, [981a92e11a61c96d3567ea82a35e2fd1], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe, Quarantined, [2c862d4632490f27c5ada7bbb74a669a], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C108646402_D1_R1048162.exe, Quarantined, [7f33a0d35d1ea29477fb352dd130ab55], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\HttpHandle302.dll, Quarantined, [842e2f440378f73fb4bd96cc41c03ac6], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe, Quarantined, [1b97a7cc5427013595dc75edd8298977], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll, Quarantined, [2d85fc770378ab8b6d045111da27d12f], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe, Quarantined, [06ac79fa1467a09686eb6ef4d52cdf21], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe, Quarantined, [8b27492a5922a393ec85bea4f01115eb], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAHPlugin.dll, Quarantined, [7a38f3806a1192a492df431f34cd08f8], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe, Quarantined, [dcd6f083720972c4531f0b5723de37c9], 

Trojan.FakeMS.SVSGen, C:\FRST\Quarantine\C\ProgramData\9056597ABA2EC027A08021CC59397722\ejrshjz8.cpp.xBAD, Quarantined, [258d78fb2f4cd2645c4091db1ee3ab55], 

Trojan.FakeMS, C:\FRST\Quarantine\C\ProgramData\9056597ABA2EC027A08021CC59397722\9056597ABA2EC027A08021CC59397722\8zjhsrje.dot, Quarantined, [f8ba2350fb807fb7c7e3ff784bb6e719], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\install.log, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\alert.html, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\autoupdate-config.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\basis.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\Exec.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\logo.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\merchants.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postinstallurl.txt, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postuninstallurl.txt, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\prefs.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\uninst.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-restaurant.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\basis.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ClearHist.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\icons.bmp, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\logo.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\minus.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\plus.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\Prefs.xml, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-alert.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-clearsearch.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-comment.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-contests.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freecoupons.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freesamples.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-go.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-grocerycoupons.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-information.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-mysah.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-options.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-wishlist.png, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAH_favicon.ico, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbCommonUtils.dll, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbHelper2.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_externalsearch.js, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_showhidetoolbar.js, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\Users\BRIAN\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe, Quarantined, [b8fa8ce7f9821c1ad420c7edb1511de3], 

PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Homepage.url, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], 

PUP.Optional.ShopAtHome.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Uninstall.lnk, Quarantined, [a909f67d2d4e003695b4b5d5976be61a], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[Maurice Naggar]

That was a lot of PUP traces, mainly for ShopatHome pest. PUP detections are Potentially Unwanted Programs. These are programs our researchers have found are sometimes added to a system without the user's knowledge or approval.

 

Suggest:

Pay close attention when installing 3rd-party programs.

It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

 

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for  member thunder834 only. If you are a casual viewer, do NOT try this on your system!
If you are not  thunder834   and have a similar problem, do NOT post here;  start your own topic

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere.  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases:  some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power  (AC power)or a UPS system


Important:  Have no other programs running.  Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts.  Accept the EULA and follow the prompts during the start phase of Combofix.
  
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.  
 

A file will be created at => C:\Combofix.txt.  

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log
and tell me, How is the system now

Re-enable your antivirus program.

 

 

Question for you:  Is the rogue Interpol pest all gone?   any signs of it?

 

 

[thunder834]

I am able to reply for the questions, but will run combofix when I can monitor it after work. Again, thanks for the assistance. I am doing this for a computer illiterate person who runs a business and, as none of my own fixes worked, it's appreciated.

 

The Interpol rogue is gone and I do not observe any signs of it.

 

After shutting off the computer via start menu, the computer installed 150 new files. The computer remained clean. 

 

I have some prior experience with combofix and will follow all steps, posting another reply in several hours with the results.

 

I will also relay all relevant information to the owner of the computer. Thanks.

[Maurice Naggar]

OK.  Take your time &  do that.

 

Those 150 new files  ( that seems like a large number) is most likely Microsoft Windows Updates.  Today is Wednesday and yesterday was MS Patch Tuesday.

[thunder834]

The system is running sluggishly, but I can only assume that it is the i3 processor and lack of care that it is slow. All signs of anything harmful is gone. I would like to know if I am clear to run adware cleaner and do a general clean up of the pc, or if you would reccomend any other steps. Thanks again.

 

ComboFix 14-06-10.01 - BRIAN 11/06/2014  18:42:10.1.4 - x64

Running from: c:\users\BRIAN\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\system

.

.

(((((((((((((((((((((((((   Files Created from 2014-05-11 to 2014-06-11  )))))))))))))))))))))))))))))))

.

.

2014-06-11 05:47 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-06-11 05:46 . 2014-06-11 05:47 -------- d-----w- C:\AdwCleaner

2014-06-10 22:10 . 2014-06-11 05:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-10 22:10 . 2014-06-10 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-06-10 22:10 . 2014-06-10 22:10 -------- d-----w- c:\programdata\Malwarebytes

2014-06-10 22:10 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-06-10 22:10 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-06-10 22:10 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-06-10 22:09 . 2014-06-10 22:09 -------- d-----w- c:\users\BRIAN\AppData\Local\Programs

2014-06-06 02:50 . 2014-06-10 05:20 -------- d-----w- C:\FRST

2014-05-24 01:15 . 2014-05-24 01:16 -------- d-----w- c:\program files (x86)\AddThis Toolbar

2014-05-23 23:31 . 2014-05-23 23:31 -------- d-----w- c:\programdata\Oracle

2014-05-23 23:31 . 2014-05-23 23:31 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-05-23 23:31 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-23 17:53 . 2013-11-22 15:07 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2014-05-19 10:27 . 2012-04-01 09:24 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-05-19 10:27 . 2011-10-08 19:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-18 02:45 . 2011-02-09 19:49 93223848 ----a-w- c:\windows\system32\MRT.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files (x86)\AddThis Toolbar\Helper.dll" [2014-05-24 361472]

.

[HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]

2014-05-24 01:16 1624576 ----a-w- c:\program files (x86)\AddThis Toolbar\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files (x86)\AddThis Toolbar\Toolbar.dll" [2014-05-24 1624576]

.

[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]

[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]

[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-11-22 15:32 222832 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-09 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdfsfltr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Trufos]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R3 HP1319EWS;HP1319EWS;c:\windows\system32\Drivers\HP1319EWS.sys;c:\windows\SYSNATIVE\Drivers\HP1319EWS.sys [x]

R3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\Drivers\HP1319FAX.sys;c:\windows\SYSNATIVE\Drivers\HP1319FAX.sys [x]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [x]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R4 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent;c:\program files (x86)\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]

R4 ServicepointService;ServicepointService;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe;c:\program files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [x]

R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

R4 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\SysWOW64\drivers\AVGIDSEH.sys;c:\windows\SysWOW64\drivers\AVGIDSEH.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]

S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-25 01:37 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:27]

.

2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 17:43]

.

2014-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 17:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-11-22 15:32 261744 ----a-w- c:\users\BRIAN\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-05-23 17:55 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m3910&r=17360211d706p0415v1i5w4721u793

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m3910&r=17360211d706p0415v1i5w4721u793

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 216.104.98.222 216.104.96.22

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll

Toolbar-Locked - (no file)

Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll

SafeBoot-scan

BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll

Toolbar-Locked - (no file)

Toolbar-{4F524A2D-5637-4300-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2618832000-1614312418-3965872917-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2618832000-1614312418-3965872917-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.13"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

.

**************************************************************************

.

Completion time: 2014-06-11  18:57:17 - machine was rebooted

ComboFix-quarantined-files.txt  2014-06-11 22:57

.

Pre-Run: 877,313,306,624 bytes free

Post-Run: 882,056,433,664 bytes free

.

- - End Of File - - CF91E5AA0FA1A8C18C36BA69038A2F30

[Maurice Naggar]

We should remove Combofix and all its associated folders. 
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
 

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
   

  c:\users\BRIAN\Desktop\ComboFix.exe /uninstall

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  
  Do a Right click within the command prompt window and select Paste.  This must show the line from Codebox above.
  Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT
 

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

 

 

You may run Junkware Removal tool to look for and remove known junk.

Close any open work documents, if any, saving your work.
Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop
http://thisisudax.org/downloads/JRT.exe


Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
The tool will open and display information and disclaimer in a Command prompt window.

I'd suggest you close all internet browsers at this point.

 Press a key on keyboard to start scanning your system.

Please be very patient as this will take several minutes to complete, depending on your system's specifications.
There are approximatly 12 phases or so in this tool.  You will see each phase listed in the Command prompt window.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.  And the command prompt will have been closed.

Please attach JRT.txt into a new reply.

[thunder834]

Learning a lot, thanks.

JRT.txt

[Maurice Naggar]

OK.  That was a worthwile run.  It removed some other adware junk.

I think we can now wrap this up.

Delete JRT.exe

Jrt.txt

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

 

 

Suggestions that you should follow:
Get and put in place our  Anti-Exploit ( free )
http://www.malwarebytes.org/products/antiexploit/

[thunder834]

Done, I've said it already, but thanks a tonne, it has been a great learning experience. Keep up what you do, it is a much needed and effective service. Let me know if anything else is needed. Once more, I owe you one.

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.