Possible Infection

Fradley777 · July 18, 2014

Hello I am on windows 7 / 64 bit

may have an infection that my malwarebytes pro isnt getting

also tried superantispyware and rogue killer and farber recovery

I have added the reports from roguekiller (SCN_07172014_151748.txt)

and the two text logs from farber (addition and FRST)

Help!

=-]

please advise~

thanx ahead

FRST.txt

Addition.txt

SCN_07172014_151748.txt

deeprybka · July 18, 2014

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

ZeroAccess:C:\$Recycle.Bin\S-1-5-21-1853351545-2815731843-4073522966-1001\$f64dea917f921406302ebfb0608ec66fZeroAccess:C:\$Recycle.Bin\S-1-5-18\$f64dea917f921406302ebfb0608ec66f

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. Banking and credit card institutions should be notified of the possible security breach.

Step 1

Please download Combofix (by sUBs) and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start Combofix.exe and follow its instructions.
Do not use the computer while the scan is running. This may cause the program to stall.
When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

Fradley777 · July 18, 2014

Hello and thank you Jurgen-

I did as you instructed, combofix ran and then rebooted and when I went to the c/combofix directory and immediatly found the combofix log, opened it and was looking it over when it blinked real fast and then a new log text window opened, I closed them both and navigated to the c/ combofix directory and this time the forlder was completely empty.....no program no files no log ...totaly empty directory ....then I looked on just c drive and found an log file called combofix.txt thats all I could find of anything combofix ... is this normal or is zeroaccess destroying the real one and giveing us a false one ?

I dont know... but here is the only one I can find pasted here

(let me know if I need to try again)

thanx again Jurgen

-----------------------

ComboFix 14-07-17.03 - The Aloha Webmaster 07/18/2014 11:08:03.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4084.2962 [GMT -10:00]
Running from: c:\users\The Aloha Webmaster\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Recent\Sexy Booty Shaking Sexy Dancing Girls DONK CLAP - YouTube.URL
c:\users\The Aloha Webmaster\AppData\Roaming\The Aloha Webmasterlog.dat
c:\users\The Aloha Webmaster\laose.exe
c:\windows\SysWow64\test
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-18 to 2014-07-18 )))))))))))))))))))))))))))))))
.
.
2014-07-18 21:17 . 2014-07-18 21:17   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB2711D1-3941-47A2-AB6B-C8086253EE89}\offreg.dll
2014-07-18 04:08 . 2014-07-18 04:10   --------   d-----w-   C:\FRST
2014-07-18 00:37 . 2014-07-18 01:24   30312   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2014-07-18 00:37 . 2014-07-18 00:37   --------   d-----w-   c:\programdata\RogueKiller
2014-07-17 22:47 . 2010-08-30 18:34   536576   ----a-w-   c:\windows\SysWow64\sqlite3.dll
2014-07-11 23:39 . 2014-07-17 23:25   --------   d-----w-   C:\AdwCleaner
2014-07-10 03:04 . 2014-07-10 03:06   --------   d-----w-   c:\users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-01 23:30 . 2014-07-01 23:26   3903624   ----a-w-   c:\windows\system32\MetaViewer64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Clearwire.lnk - c:\program files\Clearwire\Clearwire Connection Manager\Clearwire.exe [2008-12-16 2068480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/11/01 12:16;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys;c:\windows\SYSNATIVE\Drivers\NvtSp50.sys [x]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys;c:\windows\SYSNATIVE\drivers\nwdelser.sys [x]
R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys;c:\windows\SYSNATIVE\drivers\nwdelser2.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCASp50a64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl.sys [x]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [x]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys;c:\windows\SYSNATIVE\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OA001Vid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 01:37]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 01:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-31 450048]
"nwiz"="nwiz.exe" [2010-05-06 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 16416360]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 95336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clickbank.net\2.keywordwin.pay
FF - ProfilePath - c:\users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.franktycer.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-laose - c:\users\The Aloha Webmaster\laose.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2014-07-18 11:23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-18 21:23
.
Pre-Run: 32,727,851,008 bytes free
Post-Run: 35,952,201,728 bytes free
.
- - End Of File - - 2AD990C1404A066457D9D72EC80B8748
A36C5E4F47E84449FF07ED3517B43A31

deeprybka · July 18, 2014

Hi,

Start FRST with administator privileges.

Press the Scan button.
When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Fradley777 · July 18, 2014

(just a note that my website is black background and is my home page in browsers.....shows black on all other computers but on this infected machine it shows a white background in both browsers...?)

okay, done with FRST; here it is...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by The Aloha Webmaster (administrator) on MININT-TL4BGAP on 18-07-2014 12:00:32
Running from C:\Users\The Aloha Webmaster\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Clearwire, Inc.) C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ClearwireCM) C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16416360 2010-05-12] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [95336 2010-05-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [54608 2009-12-01] (ClearwireCM)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clearwire.lnk
ShortcutTarget: Clearwire.lnk -> C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe (Clearwire, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 4.2.2.1

FireFox:
========
FF ProfilePath: C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default
FF Homepage: hxxp://www.franktycer.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\artur.dubovoy@gmail.com [2014-05-30]
FF Extension: SeoQuake - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-12-16]
FF Extension: Firebug - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-15] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-10] (Adobe Systems) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-13] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-07-31] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
R3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [203392 2008-08-24] (Novatel Wireless Inc.)
R3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [7168 2010-01-05] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2010-01-05] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\Qoobox
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\ComboFix
2014-07-18 11:05 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-18 11:05 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-18 11:05 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-18 11:04 - 2014-07-18 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 10:56 - 2014-07-18 10:57 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-18 10:23 - 2014-07-18 10:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 18:08 - 2014-07-18 12:00 - 00011863 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-17 18:08 - 2014-07-18 12:00 - 00000000 ____D () C:\FRST
2014-07-17 18:07 - 2014-07-17 18:07 - 02086912 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:37 - 2014-07-17 15:24 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 14:33 - 2014-07-17 14:33 - 05336664 _____ () C:\Users\The Aloha Webmaster\Desktop\winlogon.exe
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 12:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 13:39 - 2014-07-17 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-09 17:04 - 2014-07-09 17:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-08 12:20 - 2014-07-09 18:11 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-01 13:30 - 2014-07-01 13:26 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:02 - 2014-06-19 00:07 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== One Month Modified Files and Folders =======

2014-07-18 12:01 - 2014-07-17 18:08 - 00011863 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-18 12:00 - 2014-07-17 18:08 - 00000000 ____D () C:\FRST
2014-07-18 11:33 - 2012-11-10 15:37 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 11:25 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 11:25 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\Qoobox
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\ComboFix
2014-07-18 11:23 - 2009-07-13 17:20 - 00000000 __RHD () C:\Users\Default
2014-07-18 11:20 - 2014-07-18 11:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 11:18 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-18 11:17 - 2013-03-24 19:57 - 00015064 _____ () C:\Windows\PFRO.log
2014-07-18 11:17 - 2013-01-23 07:52 - 00031530 _____ () C:\Windows\setupact.log
2014-07-18 11:17 - 2012-11-10 15:37 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 11:17 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 11:16 - 2011-11-01 08:45 - 01383870 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 11:05 - 2013-02-03 18:42 - 00006256 _____ () C:\Windows\smartkeydiagnostics.txt
2014-07-18 10:57 - 2014-07-18 10:56 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-18 10:43 - 2011-11-12 12:41 - 00000000 ____D () C:\Users\The Aloha Webmaster\Documents\Creative
2014-07-18 10:23 - 2014-07-18 10:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 18:07 - 2014-07-17 18:07 - 02086912 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-17 15:24 - 2014-07-17 14:37 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:58 - 2009-07-13 19:13 - 00755676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 14:33 - 2014-07-17 14:33 - 05336664 _____ () C:\Users\The Aloha Webmaster\Desktop\winlogon.exe
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 13:25 - 2014-07-11 13:39 - 00000000 ____D () C:\AdwCleaner
2014-07-17 13:17 - 2013-02-04 10:37 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
2014-07-16 20:05 - 2011-11-09 17:00 - 00000000 ____D () C:\Users\The Aloha Webmaster
2014-07-16 19:55 - 2014-01-23 11:11 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\The Way it Really Is
2014-07-16 11:52 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\I Like Things
2014-07-15 00:32 - 2013-12-26 06:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\MUSICIAN
2014-07-15 00:19 - 2012-10-25 08:35 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\ARTIST
2014-07-14 13:54 - 2014-05-06 08:31 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Scott Kukes
2014-07-14 11:59 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\BitcoinART
2014-07-12 22:15 - 2014-06-06 18:34 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New Beats
2014-07-11 13:57 - 2011-11-12 12:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-11 13:55 - 2014-01-30 09:36 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Charts
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-11 13:22 - 2014-05-30 19:05 - 00001780 _____ () C:\Users\The Aloha Webmaster\Desktop\#Dubstep.txt
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-10 11:02 - 2014-01-09 13:36 - 371718208 _____ () C:\Windows\MEMORY.DMP
2014-07-10 11:02 - 2012-03-29 07:03 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 18:11 - 2014-07-08 12:20 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-09 17:06 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-09 16:09 - 2011-11-13 10:43 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\AFTERFX STUFF
2014-07-08 17:42 - 2013-08-26 17:20 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Chef bernard
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-07 14:41 - 2011-11-13 07:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\AppData\Roaming\Skype
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-03 11:17 - 2011-11-10 17:16 - 00007683 _____ () C:\Users\The Aloha Webmaster\AppData\Local\Resmon.ResmonCfg
2014-07-02 21:25 - 2014-02-10 12:10 - 00000000 ____D () C:\Program Files (x86)\BTC-e Exchange MT4
2014-07-01 13:26 - 2014-07-01 13:30 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-25 11:56 - 2013-12-16 11:46 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New WORK
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:07 - 2014-06-19 00:02 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM
2014-06-18 15:28 - 2012-11-10 15:37 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 15:28 - 2012-11-10 15:37 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 11:37 - 2011-11-13 11:46 - 00000000 ____D () C:\Users\The Aloha Webmaster\Documents\MY Websites

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-12 21:57

==================== End Of Log ============================

deeprybka · July 18, 2014

Hi Frank,

nice website!

You and Combofix made a good job...

Is there a certain reason, that you don't use the newest version of Malwarebytes?

Fradley777 · July 18, 2014

does that mean we cleaned it ?

=-]

thanx for the complement on website: does it have a black background ? started showing white when I got infected...

why are all browsers on this machine still showing my site with incorrect white background (supposed to be black)

please advise-

re malwarebytes latest version:

I thought I was using the latest version.....

had trouble with actually getting it ....(due to some purchase confusion)

tried to get latest and make sure its pro and setup right but I guess not-

can you help me instal the newest version ?

thank you !

deeprybka · July 18, 2014

Yes, I saw a black background.

why are all browsers on this machine still showing my site with incorrect white background

Step by step... OK?

Step 1

Download Malwarebytes Anti-Rootkit to your desktop.

Double-click "mbar.exe" to start the tool.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start esetsmartinstaller_enu.exe with administartor privileges.
Select the option Yes, I accept the Terms of Use and click on Start.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note: This scan might take a long time! Please be patient.
When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
Now click on Finish
A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Fradley777 · July 18, 2014

I just finished step one-

the only file it found malicious was the renamed roguekiller app that I was told to rename to 'winlogon'

I actually put that file there .... a day or two ago when trying to fix etc.....

here is the log file for step one....

I am now going ont to step two and three .....okay ?

=-]

------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.18.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
The Aloha Webmaster :: MININT-TL4BGAP [administrator]

7/18/2014 12:43:03 PM
mbar-log-2014-07-18 (12-43-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 300197
Time elapsed: 12 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\The Aloha Webmaster\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [029f346cf68548ee3da8466358ac7888]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

----here is the sys log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.659000 GHz
Memory total: 4282298368, free: 2596618240

Downloaded database version: v2014.07.18.10
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
     07/18/2014 12:42:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\BcmBusCtr_64.sys
\SystemRoot\system32\DRIVERS\OA001Vid.sys
\SystemRoot\system32\DRIVERS\OA001Ufd.sys
\SystemRoot\system32\DRIVERS\drxvi314_64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\cvusbdrv.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\PCTINDIS5X64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80052f2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004632050
Lower Device Driver Name: \Driver\iaStorV\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80052f2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80052f2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80052f2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004632050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 48385DEC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 283904000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 283906048 Numsec = 28672000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Infected: C:\Users\The Aloha Webmaster\Desktop\winlogon.exe --> [Heuristics.Reserved.Word.Exploit]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Fradley777 · July 18, 2014

Have not started step two yet

I saw this in the logs (should I disable it ?)

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

do I need to disable this before step two ? is there anything I am missing other than this that needs to be disabled before step 2 ?

please advise

thanx

deeprybka · July 18, 2014

do I need to disable this before step two

It is better...but not really necessary...

Start step 2 and afterwards step 3 ...

Fradley777 · July 18, 2014

okay I am onto step 2 and 3....

meantime can you send me a link to the newest version of Malwarebytes ?

and let me know at what point I can install it...

thanx again

Fradley777 · July 19, 2014

here is the log file for step 2

(and now I am onto step 3)

log file for eset:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2ee8ea5c8a3ef64881d7c647126f9891
# engine=19247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-19 01:00:16
# local_time=2014-07-18 03:00:16 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 157275066 0 0
# scanned=239715
# found=16
# cleaned=0
# scan_time=5336
sh=228E097675F71C379FC79EE8C2765AC43056EB5B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs_11_07_2014_13_45_08.js"
sh=B4740DF908549E0FFDF7537B17415B496359039B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs_11_07_2014_13_51_49.js"
sh=B93EC665DAF27F2A0B004368EEF526B485126359 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs_16_07_2014_19_51_49.js"
sh=B93EC665DAF27F2A0B004368EEF526B485126359 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs_16_07_2014_20_04_05.js"
sh=0CF86FE30FCAB52FD2D35C4CB1C070A4754075E7 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs_17_07_2014_13_25_41.js"
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\user.js.vir"
sh=F271335CE03C0F3E2CD5703FFB07EF9488D82890 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NHT trojan" ac=I fn="C:\Users\The Aloha Webmaster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28547a87-525fd056"
sh=E051040FAC1B0268DDEC421C4C9836B9AF8307B3 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js"
sh=7E1D767DEF841189CBA5F7FDCFEE0F86F6A39DA9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js.BAK"
sh=194C9F0968F5C18F1AED841861D44280B79A0B8F ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\Desktop\Tools\Blog themes\blogtube.zip"
sh=87C05E129DD2E11A3BD057ABCC369F96C1F839B1 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\Desktop\Tools\Blog themes\blue_fusion.zip"
sh=2A5C5AB8E57E0F3F4162264B9C7376865857B2CD ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\Desktop\Tools\Blog themes\blogtube\footer.php"
sh=24D54D59E9ACCBFA935738EF6FBAB1A7CFB1B500 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F potentially unwanted application" ac=I fn="C:\Users\The Aloha Webmaster\Desktop\Tools\Blog themes\blue_fusion\footer.php"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan" ac=I fn="C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome.manifest"
sh=39FB2986C3900E0BD63CD6D073716C4B9AB066AE ft=0 fh=0000000000000000 vn="JS/Agent.NDJ trojan" ac=I fn="C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome\xulcache.jar"
sh=A14B4694E7DFA50563EB23B1BBE94D3172FD13D8 ft=1 fh=55da33a988e9a640 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\The Aloha Webmaster\Music\FRUITY LOOPS\flstudio_9.0.3(2).exe"

Fradley777 · July 19, 2014

so arent we going to delete all the 17 virus found by eset ?

okay step 3 complete-

here is the FSS log file

Farbar Service Scanner Version: 18-07-2014
Ran by The Aloha Webmaster (administrator) on 18-07-2014 at 15:18:28
Running from "C:\Users\The Aloha Webmaster\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

deeprybka · July 19, 2014

Hi Frank,
we continue...

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

fixlist.txt

After the reboot:

Step 2

Start FRST with administator privileges.

Make sure the following option is checked:
Press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

Step 3
Please runFarbar Service Scanner again.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Can you please tell me which problems still persist now?

Fradley777 · July 19, 2014

here are the files you requested

(all thruout this process I was getting a popup for updating malwarebytes (didint know if it was real or virus so I didnt do anything but at the right point I want to actually make sure I have the latest Malware bytes pro)

do you want me to see if my computer seems to be working better ?

if anything specific / please advise

heres the files:

---------------------------

fixlog:

---------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by The Aloha Webmaster at 2014-07-19 07:04:52 Run:1
Running from C:\Users\The Aloha Webmaster\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome.manifest
C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome\xulcache.jar
C:\Users\The Aloha Webmaster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28547a87-525fd056
C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js
C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js.BAK
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart
Reboot:
*****************

C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome.manifest => Moved successfully.
C:\Users\The Aloha Webmaster\Documents\XP Email profiles\4fkxcuu2.default\extensions\{1461499a-7a5b-4a83-96ba-5273bd55c55e}\chrome\xulcache.jar => Moved successfully.
C:\Users\The Aloha Webmaster\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28547a87-525fd056 => Moved successfully.
C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js => Moved successfully.
C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\prefs.js.BAK => Moved successfully.

========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" =========

The operation completed successfully.

========= End of Reg: =========

========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart =========

The operation completed successfully.

========= End of Reg: =========

The system needed a reboot.

==== End of Fixlog ====

-------------------------

FRST

-------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by The Aloha Webmaster (administrator) on MININT-TL4BGAP on 19-07-2014 07:09:40
Running from C:\Users\The Aloha Webmaster\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Clearwire, Inc.) C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [54608 2009-12-01] (ClearwireCM)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
InvalidSubkeyName: [HKU\S-1-5-21-1853351545-2815731843-4073522966-1001\Software\Microsoft\Windows\CurrentVersion\Run\410064006F00620065005500700064006100740065007200] <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clearwire.lnk
ShortcutTarget: Clearwire.lnk -> C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe (Clearwire, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187

FireFox:
========
FF ProfilePath: C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default
FF Homepage: hxxp://www.franktycer.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\artur.dubovoy@gmail.com [2014-05-30]
FF Extension: SeoQuake - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-12-16]
FF Extension: Firebug - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-15] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-10] (Adobe Systems) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-13] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-07-31] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [7168 2010-01-05] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2010-01-05] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 07:07 - 2014-07-19 07:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-18 15:18 - 2014-07-18 15:18 - 00002418 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:13 - 2014-07-18 13:16 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:42 - 2014-07-18 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:57 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:39 - 2014-07-18 12:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\Qoobox
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\ComboFix
2014-07-18 11:05 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-18 11:05 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-18 11:05 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-18 11:04 - 2014-07-18 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 10:56 - 2014-07-18 10:57 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 18:08 - 2014-07-19 07:10 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-17 18:08 - 2014-07-19 07:09 - 00000000 ____D () C:\FRST
2014-07-17 18:07 - 2014-07-19 07:04 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:37 - 2014-07-17 15:24 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 12:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 13:39 - 2014-07-17 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-09 17:04 - 2014-07-09 17:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-08 12:20 - 2014-07-09 18:11 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-01 13:30 - 2014-07-01 13:26 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:02 - 2014-06-19 00:07 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== One Month Modified Files and Folders =======

2014-07-19 07:10 - 2014-07-17 18:08 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-19 07:10 - 2011-11-01 08:45 - 01402045 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 07:09 - 2014-07-17 18:08 - 00000000 ____D () C:\FRST
2014-07-19 07:07 - 2014-07-19 07:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 07:07 - 2013-01-23 07:52 - 00031754 _____ () C:\Windows\setupact.log
2014-07-19 07:07 - 2012-11-10 15:37 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 07:07 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 07:06 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:06 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-19 07:04 - 2014-07-17 18:07 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-18 21:17 - 2014-07-18 12:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 21:17 - 2013-03-24 19:57 - 00015762 _____ () C:\Windows\PFRO.log
2014-07-18 15:34 - 2013-02-03 18:42 - 00006440 _____ () C:\Windows\smartkeydiagnostics.txt
2014-07-18 15:33 - 2012-11-10 15:37 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 15:18 - 2014-07-18 15:18 - 00002418 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:16 - 2014-07-18 13:13 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:57 - 2014-07-18 12:40 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\Qoobox
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\ComboFix
2014-07-18 11:23 - 2009-07-13 17:20 - 00000000 __RHD () C:\Users\Default
2014-07-18 11:20 - 2014-07-18 11:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 11:18 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 10:57 - 2014-07-18 10:56 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-18 10:43 - 2011-11-12 12:41 - 00000000 ____D () C:\Users\The Aloha Webmaster\Documents\Creative
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 15:24 - 2014-07-17 14:37 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:58 - 2009-07-13 19:13 - 00755676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 13:25 - 2014-07-11 13:39 - 00000000 ____D () C:\AdwCleaner
2014-07-17 13:17 - 2013-02-04 10:37 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
2014-07-16 20:05 - 2011-11-09 17:00 - 00000000 ____D () C:\Users\The Aloha Webmaster
2014-07-16 19:55 - 2014-01-23 11:11 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\The Way it Really Is
2014-07-16 11:52 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\I Like Things
2014-07-15 00:32 - 2013-12-26 06:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\MUSICIAN
2014-07-15 00:19 - 2012-10-25 08:35 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\ARTIST
2014-07-14 13:54 - 2014-05-06 08:31 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Scott Kukes
2014-07-14 11:59 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\BitcoinART
2014-07-12 22:15 - 2014-06-06 18:34 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New Beats
2014-07-11 13:57 - 2011-11-12 12:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-11 13:55 - 2014-01-30 09:36 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Charts
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-11 13:22 - 2014-05-30 19:05 - 00001780 _____ () C:\Users\The Aloha Webmaster\Desktop\#Dubstep.txt
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-10 11:02 - 2014-01-09 13:36 - 371718208 _____ () C:\Windows\MEMORY.DMP
2014-07-10 11:02 - 2012-03-29 07:03 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 18:11 - 2014-07-08 12:20 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-09 17:06 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-09 16:09 - 2011-11-13 10:43 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\AFTERFX STUFF
2014-07-08 17:42 - 2013-08-26 17:20 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Chef bernard
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-07 14:41 - 2011-11-13 07:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\AppData\Roaming\Skype
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-03 11:17 - 2011-11-10 17:16 - 00007683 _____ () C:\Users\The Aloha Webmaster\AppData\Local\Resmon.ResmonCfg
2014-07-02 21:25 - 2014-02-10 12:10 - 00000000 ____D () C:\Program Files (x86)\BTC-e Exchange MT4
2014-07-01 13:26 - 2014-07-01 13:30 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-25 11:56 - 2013-12-16 11:46 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New WORK
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:07 - 2014-06-19 00:02 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-12 21:57

==================== End Of Log ============================

---------------------------

addition

--------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by The Aloha Webmaster at 2014-07-19 07:11:06
Running from C:\Users\The Aloha Webmaster\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects 7.0 (x32 Version: 7.0.0.244 - Adobe Systems, Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.2 - Adobe Systems) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AnalogX SongTime Calc (HKLM-x32\...\AnalogX SongTime Calc) (Version: - AnalogX)
AndreaMosaic 3.33.0 (HKLM-x32\...\AndreaMosaic) (Version: - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Blender (HKLM\...\Blender) (Version: 2.62-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BTC-e Exchange MT4 (HKLM-x32\...\BTC-e Exchange MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Camtasia Studio 5 (HKLM-x32\...\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}) (Version: 5.1.0 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
CLEAR Connection Manager (HKLM\...\{077AA014-B568-4FF8-B360-9ACE1A1F4571}) (Version: 1.05.0035.0 - Clearwire)
Clearwire Connection Manager (HKLM\...\{8CDCBB23-BC24-4920-B15F-FF994260C6FE}) (Version: 4.4.37 - Clearwire)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
Easy Article Rewriter Pro (HKLM-x32\...\{9F450D3B-3168-4745-8752-28DBECF27C93}) (Version: 1.0.0 - Black Web Solutions)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 435 Series Printer Uninstall (HKLM\...\EPSON WorkForce 435 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Keyword Advantage (HKLM-x32\...\KeywordAdvantage) (Version: - )
Keyword Pad v1.0.112706 (HKLM-x32\...\Keyword Pad_is1) (Version: 1.0 - Softnik Technologies)
KeywordMap Pro version 1.10.1100 (HKLM-x32\...\{C63770FF-99B3-4D07-AA04-79140EC1E84E}_is1) (Version: 1.10.1100 - MarketBold, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Mozilla Thunderbird (8.0) (HKLM-x32\...\Mozilla Thunderbird (8.0)) (Version: 8.0 (en-US) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.15 (HKLM-x32\...\MultiBit 0.5.15) (Version: 0.5.15 - )
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}) (Version: 5.1.6 - MySQL AB)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12154 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.1.0.0 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Pixeur v3.2 (HKLM-x32\...\Pixeur_is1) (Version: - Veign, LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Windows Driver Package - Motorola (NN_PCIX) Net (12/05/2008 5.3.31.0) (HKLM\...\30890BDCC6BAA63105B40E6193CC2EA0FB0EC190) (Version: 12/05/2008 5.3.31.0 - Motorola)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordFlood (remove only) (HKLM-x32\...\WordFlood) (Version: - )
XMind (HKLM-x32\...\XMind) (Version: 3.2.1 - XMind Ltd.)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-13 16:34 - 2014-07-18 11:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {2D4C5E97-E2AC-4EEE-A84B-0C3A4EE3A010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {36B84121-456D-4C32-B614-6EB27E4E6D3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {58586E1D-8D3F-463D-B130-ADC268A40292} - System32\Tasks\{F70458D7-513E-485D-B4DF-F102F387F135} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {F5E76E01-E16D-4459-A422-E628CF905792} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-12-08 04:14 - 2009-12-08 04:14 - 06810728 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2009-11-09 12:00 - 2009-11-09 12:00 - 00107856 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
2014-05-01 09:29 - 2014-05-01 09:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-13 11:03 - 2009-07-13 15:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-01-17 16:19 - 2011-11-21 13:17 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-11-09 20:06 - 2013-12-29 07:49 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Microsoft Usbccid Smartcard Reader (WUDF)
Description: Microsoft Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 07:08:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (07/19/2014 07:09:15 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.105 did not allow the name to be claimed by
this computer.

Error: (07/19/2014 07:07:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Error: (07/19/2014 06:59:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Error: (07/18/2014 09:17:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Error: (07/18/2014 02:27:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

Error: (07/18/2014 02:27:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (07/18/2014 02:26:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

Error: (07/18/2014 02:26:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (07/18/2014 00:59:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Error: (07/18/2014 11:17:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Microsoft Office Sessions:
=========================
Error: (07/19/2014 07:08:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (07/19/2014 07:07:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

CodeIntegrity Errors:
===================================
Date: 2014-07-18 11:15:27.888
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-18 11:15:27.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4083.92 MB
Available physical RAM: 2585.03 MB
Total Pagefile: 8166.03 MB
Available Pagefile: 6681.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:135.38 GB) (Free:33.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 48385DEC)
Partition 1: (Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

-----------------

FSS

-----------------

Farbar Service Scanner Version: 18-07-2014
Ran by The Aloha Webmaster (administrator) on 19-07-2014 at 07:15:08
Running from "C:\Users\The Aloha Webmaster\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

deeprybka · July 19, 2014

Now it starts to get interesting... :huh:

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

fixlist.txt

After the reboot:

Step 2

Start FRST with administator privileges.

Press the Scan button.
When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Fradley777 · July 19, 2014

is it ok that I am running these scans today with malwarebytes running (with all the check boxes in 'protection page' are all enabled)...

is this right ?

deeprybka · July 19, 2014

is it ok that I am running these scans today with malwarebytes running (with all the check boxes in 'protection page' are all enabled)...
is this right ?

No problem... it is OK...

Fradley777 · July 19, 2014

here the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by The Aloha Webmaster (administrator) on MININT-TL4BGAP on 19-07-2014 07:09:40
Running from C:\Users\The Aloha Webmaster\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Clearwire, Inc.) C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [54608 2009-12-01] (ClearwireCM)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
InvalidSubkeyName: [HKU\S-1-5-21-1853351545-2815731843-4073522966-1001\Software\Microsoft\Windows\CurrentVersion\Run\410064006F00620065005500700064006100740065007200] <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clearwire.lnk
ShortcutTarget: Clearwire.lnk -> C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe (Clearwire, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187

FireFox:
========
FF ProfilePath: C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default
FF Homepage: hxxp://www.franktycer.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\artur.dubovoy@gmail.com [2014-05-30]
FF Extension: SeoQuake - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-12-16]
FF Extension: Firebug - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-15] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-10] (Adobe Systems) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-13] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-07-31] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [7168 2010-01-05] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2010-01-05] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 07:07 - 2014-07-19 07:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-18 15:18 - 2014-07-18 15:18 - 00002418 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:13 - 2014-07-18 13:16 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:42 - 2014-07-18 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:57 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:39 - 2014-07-18 12:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\Qoobox
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\ComboFix
2014-07-18 11:05 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-18 11:05 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-18 11:05 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-18 11:04 - 2014-07-18 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 10:56 - 2014-07-18 10:57 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 18:08 - 2014-07-19 07:10 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-17 18:08 - 2014-07-19 07:09 - 00000000 ____D () C:\FRST
2014-07-17 18:07 - 2014-07-19 07:04 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:37 - 2014-07-17 15:24 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 12:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 13:39 - 2014-07-17 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-09 17:04 - 2014-07-09 17:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-08 12:20 - 2014-07-09 18:11 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-01 13:30 - 2014-07-01 13:26 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:02 - 2014-06-19 00:07 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== One Month Modified Files and Folders =======

2014-07-19 07:10 - 2014-07-17 18:08 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-19 07:10 - 2011-11-01 08:45 - 01402045 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 07:09 - 2014-07-17 18:08 - 00000000 ____D () C:\FRST
2014-07-19 07:07 - 2014-07-19 07:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 07:07 - 2013-01-23 07:52 - 00031754 _____ () C:\Windows\setupact.log
2014-07-19 07:07 - 2012-11-10 15:37 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 07:07 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 07:06 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:06 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-19 07:04 - 2014-07-17 18:07 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-18 21:17 - 2014-07-18 12:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 21:17 - 2013-03-24 19:57 - 00015762 _____ () C:\Windows\PFRO.log
2014-07-18 15:34 - 2013-02-03 18:42 - 00006440 _____ () C:\Windows\smartkeydiagnostics.txt
2014-07-18 15:33 - 2012-11-10 15:37 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 15:18 - 2014-07-18 15:18 - 00002418 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:16 - 2014-07-18 13:13 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:57 - 2014-07-18 12:40 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\Qoobox
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\ComboFix
2014-07-18 11:23 - 2009-07-13 17:20 - 00000000 __RHD () C:\Users\Default
2014-07-18 11:20 - 2014-07-18 11:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 11:18 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 10:57 - 2014-07-18 10:56 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-18 10:43 - 2011-11-12 12:41 - 00000000 ____D () C:\Users\The Aloha Webmaster\Documents\Creative
2014-07-17 18:10 - 2014-07-17 18:10 - 00023466 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 15:24 - 2014-07-17 14:37 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:58 - 2009-07-13 19:13 - 00755676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 13:25 - 2014-07-11 13:39 - 00000000 ____D () C:\AdwCleaner
2014-07-17 13:17 - 2013-02-04 10:37 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
2014-07-16 20:05 - 2011-11-09 17:00 - 00000000 ____D () C:\Users\The Aloha Webmaster
2014-07-16 19:55 - 2014-01-23 11:11 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\The Way it Really Is
2014-07-16 11:52 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\I Like Things
2014-07-15 00:32 - 2013-12-26 06:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\MUSICIAN
2014-07-15 00:19 - 2012-10-25 08:35 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\ARTIST
2014-07-14 13:54 - 2014-05-06 08:31 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Scott Kukes
2014-07-14 11:59 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\BitcoinART
2014-07-12 22:15 - 2014-06-06 18:34 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New Beats
2014-07-11 13:57 - 2011-11-12 12:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-11 13:55 - 2014-01-30 09:36 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Charts
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-11 13:22 - 2014-05-30 19:05 - 00001780 _____ () C:\Users\The Aloha Webmaster\Desktop\#Dubstep.txt
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-10 11:02 - 2014-01-09 13:36 - 371718208 _____ () C:\Windows\MEMORY.DMP
2014-07-10 11:02 - 2012-03-29 07:03 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 18:11 - 2014-07-08 12:20 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-09 17:06 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-09 16:09 - 2011-11-13 10:43 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\AFTERFX STUFF
2014-07-08 17:42 - 2013-08-26 17:20 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Chef bernard
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-07 14:41 - 2011-11-13 07:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\AppData\Roaming\Skype
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-03 11:17 - 2011-11-10 17:16 - 00007683 _____ () C:\Users\The Aloha Webmaster\AppData\Local\Resmon.ResmonCfg
2014-07-02 21:25 - 2014-02-10 12:10 - 00000000 ____D () C:\Program Files (x86)\BTC-e Exchange MT4
2014-07-01 13:26 - 2014-07-01 13:30 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-25 11:56 - 2013-12-16 11:46 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New WORK
2014-06-23 15:19 - 2014-06-23 15:19 - 00000244 _____ () C:\Users\The Aloha Webmaster\Desktop\tutorials and FL support.URL
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:07 - 2014-06-19 00:02 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-12 21:57

==================== End Of Log ============================

deeprybka · July 19, 2014

Hi,

no I need the Fixlog.txt and after reboot a fresh FRST-Scan.

Don't make the fix twice! Search for Fixlog.txt

Fradley777 · July 19, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by The Aloha Webmaster at 2014-07-19 07:50:31 Run:2
Running from C:\Users\The Aloha Webmaster\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
InvalidSubkeyName: [HKU\S-1-5-21-1853351545-2815731843-4073522966-1001\Software\Microsoft\Windows\CurrentVersion\Run\410064006F00620065005500700064006100740065007200] <===== ATTENTION
Reboot:
*****************

[HKU\S-1-5-21-1853351545-2815731843-4073522966-1001\Software\Microsoft\Windows\CurrentVersion\Run\410064006F00620065005500700064006100740065007200] => No subkey with invalid name found.

The system needed a reboot.

==== End of Fixlog ====

Fradley777 · July 19, 2014

sorry... its early in hawaii...havent had my coffee yet.... =-]

deeprybka · July 19, 2014

you are in Hawaii?

OK, run FRST-Scan please...

Fradley777 · July 19, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by The Aloha Webmaster (administrator) on MININT-TL4BGAP on 19-07-2014 08:13:20
Running from C:\Users\The Aloha Webmaster\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Clearwire, Inc.) C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [54608 2009-12-01] (ClearwireCM)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
InvalidSubkeyName: [HKU\S-1-5-21-1853351545-2815731843-4073522966-1001\Software\Microsoft\Windows\CurrentVersion\Run\410064006F00620065005500700064006100740065007200] <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clearwire.lnk
ShortcutTarget: Clearwire.lnk -> C:\Program Files\Clearwire\Clearwire Connection Manager\Clearwire.exe (Clearwire, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\The Aloha Webmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187

FireFox:
========
FF ProfilePath: C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default
FF Homepage: hxxp://www.franktycer.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\artur.dubovoy@gmail.com [2014-05-30]
FF Extension: SeoQuake - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-12-16]
FF Extension: Firebug - C:\Users\The Aloha Webmaster\AppData\Roaming\Mozilla\Firefox\Profiles\yf5yfknr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-15] (SUPERAntiSpyware.com) [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-10] (Adobe Systems) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2009-11-09] (SmithMicro Inc.)
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2009-11-09] (SmithMicro Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-13] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6810728 2009-12-08] ()
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2009-11-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2009-07-31] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [203392 2008-08-24] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2009-11-09] (Smith Micro Inc.)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [7168 2010-01-05] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2010-01-05] (QUALCOMM Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]
S0 PBADRV; system32\DRIVERS\PBADRV.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 08:10 - 2014-07-19 08:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-18 15:18 - 2014-07-19 07:15 - 00002264 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:13 - 2014-07-18 13:16 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:42 - 2014-07-18 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:57 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:39 - 2014-07-18 12:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\Qoobox
2014-07-18 11:05 - 2014-07-18 11:23 - 00000000 ____D () C:\ComboFix
2014-07-18 11:05 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-18 11:05 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-18 11:05 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-18 11:05 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-18 11:04 - 2014-07-18 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 10:56 - 2014-07-18 10:57 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-17 18:10 - 2014-07-19 07:11 - 00025354 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-17 18:08 - 2014-07-19 08:13 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-17 18:08 - 2014-07-19 08:13 - 00000000 ____D () C:\FRST
2014-07-17 18:07 - 2014-07-19 07:04 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:37 - 2014-07-17 15:24 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 12:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-11 13:39 - 2014-07-17 13:25 - 00000000 ____D () C:\AdwCleaner
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-09 17:04 - 2014-07-09 17:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-08 12:20 - 2014-07-09 18:11 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-01 13:30 - 2014-07-01 13:26 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk
2014-06-19 00:02 - 2014-07-19 08:12 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM

==================== One Month Modified Files and Folders =======

2014-07-19 08:13 - 2014-07-17 18:08 - 00012627 _____ () C:\Users\The Aloha Webmaster\Downloads\FRST.txt
2014-07-19 08:13 - 2014-07-17 18:08 - 00000000 ____D () C:\FRST
2014-07-19 08:12 - 2014-06-19 00:02 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Old BITCOIN COM
2014-07-19 08:10 - 2014-07-19 08:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-19 08:10 - 2013-01-23 07:52 - 00031922 _____ () C:\Windows\setupact.log
2014-07-19 08:10 - 2012-11-10 15:37 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 08:10 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 08:09 - 2011-11-01 08:45 - 01415124 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 07:58 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:58 - 2009-07-13 18:45 - 00021504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:38 - 2013-12-06 11:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\bitcoin domains
2014-07-19 07:33 - 2012-11-10 15:37 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 07:15 - 2014-07-18 15:18 - 00002264 _____ () C:\Users\The Aloha Webmaster\Downloads\FSS.txt
2014-07-19 07:11 - 2014-07-17 18:10 - 00025354 _____ () C:\Users\The Aloha Webmaster\Downloads\Addition.txt
2014-07-19 07:04 - 2014-07-19 07:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\Downloads\FRST-OlderVersion
2014-07-19 07:04 - 2014-07-17 18:07 - 02089984 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FRST64.exe
2014-07-18 21:17 - 2014-07-18 12:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-18 21:17 - 2013-03-24 19:57 - 00015762 _____ () C:\Windows\PFRO.log
2014-07-18 15:34 - 2013-02-03 18:42 - 00006440 _____ () C:\Windows\smartkeydiagnostics.txt
2014-07-18 15:14 - 2014-07-18 15:14 - 00415232 _____ (Farbar) C:\Users\The Aloha Webmaster\Downloads\FSS.exe
2014-07-18 15:02 - 2014-07-18 15:02 - 00002574 _____ () C:\Users\The Aloha Webmaster\Downloads\eset-scan-results-export-to-text.txt
2014-07-18 13:25 - 2014-07-18 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-18 13:16 - 2014-07-18 13:13 - 02347384 _____ (ESET) C:\Users\The Aloha Webmaster\Downloads\esetsmartinstaller_enu.exe
2014-07-18 12:58 - 2014-07-18 12:58 - 00002526 _____ () C:\Users\The Aloha Webmaster\Desktop\aaaaaa.txt
2014-07-18 12:57 - 2014-07-18 12:40 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\mbar
2014-07-18 12:41 - 2014-07-18 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 12:40 - 2014-07-18 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\The Aloha Webmaster\Downloads\mbar-1.07.0.1012.exe
2014-07-18 11:23 - 2014-07-18 11:23 - 00017888 _____ () C:\ComboFix.txt
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\Qoobox
2014-07-18 11:23 - 2014-07-18 11:05 - 00000000 ____D () C:\ComboFix
2014-07-18 11:23 - 2009-07-13 17:20 - 00000000 __RHD () C:\Users\Default
2014-07-18 11:20 - 2014-07-18 11:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 11:18 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-18 11:09 - 2014-07-18 11:09 - 00000676 _____ () C:\Users\The Aloha Webmaster\Desktop\wwwwwwwww.txt
2014-07-18 10:57 - 2014-07-18 10:56 - 05221938 ____R (Swearware) C:\Users\The Aloha Webmaster\Downloads\ComboFix.exe
2014-07-18 10:43 - 2011-11-12 12:41 - 00000000 ____D () C:\Users\The Aloha Webmaster\Documents\Creative
2014-07-17 15:24 - 2014-07-17 14:37 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-17 15:19 - 2014-07-17 15:19 - 00004382 _____ () C:\Users\The Aloha Webmaster\Desktop\SCN_07172014_151748.txt
2014-07-17 14:58 - 2009-07-13 19:13 - 00755676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:37 - 2014-07-17 14:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 13:33 - 2014-07-17 13:33 - 00000711 _____ () C:\Users\The Aloha Webmaster\Desktop\AdwCleaner - Shortcut.lnk
2014-07-17 13:25 - 2014-07-11 13:39 - 00000000 ____D () C:\AdwCleaner
2014-07-17 13:17 - 2013-02-04 10:37 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
2014-07-16 20:05 - 2011-11-09 17:00 - 00000000 ____D () C:\Users\The Aloha Webmaster
2014-07-16 19:55 - 2014-01-23 11:11 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\The Way it Really Is
2014-07-16 11:52 - 2011-11-13 14:42 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\I Like Things
2014-07-15 00:32 - 2013-12-26 06:06 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\MUSICIAN
2014-07-15 00:19 - 2012-10-25 08:35 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\ARTIST
2014-07-14 13:54 - 2014-05-06 08:31 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Scott Kukes
2014-07-14 11:59 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\BitcoinART
2014-07-12 22:15 - 2014-06-06 18:34 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New Beats
2014-07-11 13:57 - 2011-11-12 12:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-11 13:55 - 2014-01-30 09:36 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Charts
2014-07-11 13:34 - 2014-07-11 13:34 - 01348263 _____ () C:\Users\The Aloha Webmaster\Downloads\AdwCleaner.exe
2014-07-11 13:22 - 2014-05-30 19:05 - 00001780 _____ () C:\Users\The Aloha Webmaster\Desktop\#Dubstep.txt
2014-07-10 11:02 - 2014-07-10 11:02 - 00760480 _____ () C:\Windows\Minidump\071014-20436-01.dmp
2014-07-10 11:02 - 2014-01-09 13:36 - 371718208 _____ () C:\Windows\MEMORY.DMP
2014-07-10 11:02 - 2012-03-29 07:03 - 00000000 ____D () C:\Windows\Minidump
2014-07-09 18:11 - 2014-07-08 12:20 - 00002741 _____ () C:\Users\The Aloha Webmaster\Desktop\DUBstructure.txt
2014-07-09 17:06 - 2014-07-09 17:04 - 00000000 ____D () C:\Users\The Aloha Webmaster\.lilypond-fonts.cache-2
2014-07-09 16:09 - 2011-11-13 10:43 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\AFTERFX STUFF
2014-07-08 17:42 - 2013-08-26 17:20 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\Chef bernard
2014-07-08 10:33 - 2014-07-08 10:33 - 00762392 _____ () C:\Windows\Minidump\070814-22292-01.dmp
2014-07-07 18:40 - 2014-07-07 18:40 - 00000248 _____ () C:\Users\The Aloha Webmaster\Desktop\Workout.URL
2014-07-07 14:41 - 2011-11-13 07:54 - 00000000 ____D () C:\Users\The Aloha Webmaster\AppData\Roaming\Skype
2014-07-04 22:38 - 2014-07-04 22:38 - 00005867 _____ () C:\Users\The Aloha Webmaster\Desktop\Audio Quotes.lnk
2014-07-04 22:30 - 2014-07-04 22:30 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\MIDI.lnk
2014-07-03 11:17 - 2011-11-10 17:16 - 00007683 _____ () C:\Users\The Aloha Webmaster\AppData\Local\Resmon.ResmonCfg
2014-07-02 21:25 - 2014-02-10 12:10 - 00000000 ____D () C:\Program Files (x86)\BTC-e Exchange MT4
2014-07-01 13:26 - 2014-07-01 13:30 - 03903624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-06-25 11:56 - 2013-12-16 11:46 - 00000000 ____D () C:\Users\The Aloha Webmaster\Desktop\New WORK
2014-06-22 20:01 - 2014-06-22 20:01 - 00001767 _____ () C:\Users\The Aloha Webmaster\Desktop\FLs interface.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-12 21:57

==================== End Of Log ============================

Possible Infection

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information