Jump to content

Looks like I'm infected!


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02

Ran by Owner (administrator) on OWNER-PC on 04-09-2014 12:21:26

Running from C:\Users\Owner\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Windows\SysWOW64\PSIService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

() C:\Users\Owner\AppData\Local\Idle~_~Crawler\Idle~_~Crawler.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(SHARP CORPORATION) C:\Windows\System32\spool\drivers\x64\3\SH5XRCV.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe

(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe

(Veodin) C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinKeyRocket.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Veodin) C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinEventEngine.exe

(Veodin) C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinOfficeEngine.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(The Chromium Authors) C:\Users\Owner\AppData\Local\Idle~_~Crawler\Chrome-bin\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)

HKLM\...\Run: [sH5XRCV] => C:\Windows\system32\spool\drivers\x64\3\SH5XRCV.exe [102400 2006-10-19] (SHARP CORPORATION)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2009-12-08] (SHARP CORPORATION)

HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [819712 2009-12-08] (SHARP CORPORATION)

HKLM-x32\...\Run: [indexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2009-12-08] (SHARP CORPORATION)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM-x32\...\Run: [fst_us_243] => [X]

Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-22] (Microsoft Corporation)

HKU\S-1-5-21-3867535192-1906888371-588904125-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\S-1-5-21-3867535192-1906888371-588904125-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3867535192-1906888371-588904125-1000\...\Run: [VeodinKeyRocket] => "C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veodin\KeyRocket.appref-ms"

HKU\S-1-5-21-3867535192-1906888371-588904125-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-29] (Google Inc.)

HKU\S-1-5-21-3867535192-1906888371-588904125-1000\...\Run: [Whitesmoke Search Protect] => C:\Users\Owner\AppData\Local\whitesmoke\whitesmoke\1.3.12.7\whitesmoke.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=A4ECE23158D21404AA1F&form=CONMHP&conlogo=CT3210127

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://widow1.factualdata.com/ginny/main.aspx?BWLOGIN(LOGIN())

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {D859BEA1-96BB-414D-A35B-251668FEFC19} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {D859BEA1-96BB-414D-A35B-251668FEFC19} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {D859BEA1-96BB-414D-A35B-251668FEFC19} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.13.1

Tcpip\..\Interfaces\{65A2AC56-A776-44DC-AF6A-1262A634F2C2}: [NameServer] 8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn

FF HKLM-x32\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn

FF HKLM-x32\...\Firefox\Extensions: [copytolightning@corel.com] - C:\Program Files (x86)\WordPerfect Lightning\Programs\FirefoxExtension

FF Extension: Copy To Wordperfect Lightning - C:\Program Files (x86)\WordPerfect Lightning\Programs\FirefoxExtension [2012-06-02]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-12]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1&ltmpl=default&ltmplcache=2", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN28442087749163249&UM=2"

CHR DefaultSearchKeyword: Default -> EC583D9A1CF8975971041CD6C9066C7F82D8E7312F28327208C16DA75D366DE6


CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Popup Blocker Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\allcegfcagkffchiajgmnmegdkbnblcj [2014-03-04]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-24]

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-17]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-18]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-18]

CHR Extension: (Save to Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoibeabfchdpckcmamaadeccohilbkp [2012-11-29]

CHR Extension: (KeyRocket for Gmail™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2012-12-21]

CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-02]

CHR Extension: (JavaScript Popup Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-03-04]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Checker Plus for Gmail™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-03-17]

CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-08-29]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-18]

CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Owner\AppData\Local\newhb2.crx [2013-09-27]

CHR HKCU\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Owner\AppData\Local\newhb2.crx [2013-09-27]

CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Owner\AppData\Local\newhb2.crx [2013-09-27]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe [610960 2013-01-07] (Citrix Online, a division of Citrix Systems, Inc.)

R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)

R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS [116272 2009-08-29] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS [1742896 2009-08-29] (Symantec Corporation)

R1 SRTSP; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS [504880 2009-08-29] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS [32304 2009-08-29] (Symantec Corporation)

R1 {28adf4b8-c584-49b0-8a98-f01d03d9f022}w64; C:\Windows\System32\drivers\{28adf4b8-c584-49b0-8a98-f01d03d9f022}w64.sys [61112 2014-07-03] (StdLib)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-04 12:21 - 2014-09-04 12:21 - 00023853 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-04 12:21 - 2014-09-04 12:21 - 00000000 ____D () C:\FRST

2014-09-04 12:20 - 2014-09-04 12:21 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-04 11:56 - 2014-09-04 12:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-04 11:55 - 2014-09-04 11:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-04 11:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-04 11:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-04 11:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-04 11:53 - 2014-09-04 11:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.2.1012.exe

2014-09-03 15:48 - 2014-07-03 16:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{28adf4b8-c584-49b0-8a98-f01d03d9f022}w64.sys

2014-09-03 15:02 - 2014-09-03 15:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan

2014-09-03 14:58 - 2014-09-03 14:58 - 00000000 ____D () C:\Program Files (x86)\predm

2014-09-03 14:46 - 2014-09-03 14:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Idle~_~Crawler

2014-09-03 14:46 - 2014-09-03 14:46 - 00004586 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner

2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro

2014-09-03 14:45 - 2014-09-03 14:45 - 00004026 _____ () C:\Windows\System32\Tasks\LaunchSignup

2014-09-03 14:42 - 2014-09-04 12:10 - 00001340 _____ () C:\Windows\Tasks\LERJFJX.job

2014-09-03 14:42 - 2014-09-03 14:42 - 01506152 _____ (esc) C:\Users\Owner\AppData\Roaming\LERJFJX.exe

2014-09-03 14:42 - 2014-09-03 14:42 - 00004366 _____ () C:\Windows\System32\Tasks\LERJFJX

2014-09-03 14:41 - 2014-09-04 12:10 - 00001338 _____ () C:\Windows\Tasks\PKFZBI.job

2014-09-03 14:41 - 2014-09-03 16:09 - 00000000 ____D () C:\Program Files (x86)\globalUpdate

2014-09-03 14:41 - 2014-09-03 14:41 - 01994088 _____ (esc) C:\Users\Owner\AppData\Roaming\PKFZBI.exe

2014-09-03 14:41 - 2014-09-03 14:41 - 00004364 _____ () C:\Windows\System32\Tasks\PKFZBI

2014-09-03 14:41 - 2014-09-03 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate

2014-09-03 14:38 - 2014-09-03 14:38 - 00000000 ____D () C:\Users\Owner\Desktop\PShop

2014-09-03 09:42 - 2014-09-02 19:07 - 00000000 ____D () C:\Users\Owner\Desktop\cracked dll

2014-09-03 09:42 - 2014-09-02 19:04 - 00000950 _____ () C:\Users\Owner\Desktop\Install note.txt

2014-09-03 09:42 - 2014-09-02 19:04 - 00000000 ____D () C:\Users\Owner\Desktop\Adobe CS6

2014-09-03 09:42 - 2014-09-02 18:37 - 00000000 ____D () C:\Users\Owner\Desktop\Photoshop_CS6_13_0_1_update

2014-09-03 08:56 - 2014-09-03 09:13 - 1453743302 _____ () C:\Users\Owner\Desktop\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (Cracked dll).rar

2014-09-01 02:18 - 2014-09-01 02:18 - 00002086 _____ () C:\Users\Owner\AppData\Roaming\LERJFJX

2014-09-01 02:18 - 2014-09-01 02:18 - 00001248 _____ () C:\Users\Owner\AppData\Roaming\PKFZBI

2014-08-29 03:17 - 2014-09-04 12:09 - 00006556 _____ () C:\Windows\PFRO.log

2014-08-28 14:26 - 2014-08-28 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-28 09:06 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 09:06 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 09:06 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-18 09:32 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-18 09:32 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-18 09:32 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-18 09:32 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-18 09:32 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-18 09:32 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-18 09:32 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-18 09:32 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-14 08:05 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-14 08:05 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-14 08:05 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-14 08:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-14 08:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-14 08:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-14 08:05 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-14 08:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-14 08:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-14 08:04 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-14 08:04 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-14 08:04 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-14 08:04 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-14 08:04 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-14 08:04 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-14 08:04 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-14 08:04 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-14 08:04 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-14 08:04 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-14 08:04 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-14 08:04 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-14 08:04 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-14 08:04 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-14 08:04 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-14 08:04 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-14 08:04 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-14 08:04 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-14 08:04 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-14 08:04 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-14 08:04 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-14 08:04 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-14 08:04 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-14 08:04 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-14 08:04 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-14 08:04 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-14 08:04 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-14 08:04 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-14 08:04 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-14 08:04 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-14 08:04 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-14 08:04 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-14 08:04 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-14 08:04 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-14 08:04 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-14 08:04 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-14 08:04 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-14 08:04 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-14 08:04 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-14 08:04 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-14 08:04 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-14 08:04 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-14 08:04 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-14 08:04 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-14 08:04 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-14 08:04 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-14 08:04 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-14 08:04 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-14 08:04 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-14 08:04 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-14 08:04 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-14 08:04 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-14 08:04 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-14 08:04 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-14 08:04 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-14 08:04 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-14 08:04 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-14 08:01 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-14 08:01 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-13 13:57 - 2014-09-03 15:21 - 00000000 ____D () C:\Users\Owner\Desktop\Diarte

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-04 12:21 - 2014-09-04 12:21 - 00023853 _____ () C:\Users\Owner\Desktop\FRST.txt

2014-09-04 12:21 - 2014-09-04 12:21 - 00000000 ____D () C:\FRST

2014-09-04 12:21 - 2014-09-04 12:20 - 02104832 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-09-04 12:19 - 2014-09-04 11:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-04 12:19 - 2009-07-13 22:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-04 12:19 - 2009-07-13 22:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-04 12:15 - 2012-03-26 18:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2014-09-04 12:15 - 2012-03-26 17:48 - 01254381 _____ () C:\Windows\WindowsUpdate.log

2014-09-04 12:15 - 2009-07-13 23:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-04 12:13 - 2012-04-18 10:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment

2014-09-04 12:12 - 2012-04-25 12:37 - 00000000 ___RD () C:\Users\Owner\Google Drive

2014-09-04 12:10 - 2014-09-03 14:42 - 00001340 _____ () C:\Windows\Tasks\LERJFJX.job

2014-09-04 12:10 - 2014-09-03 14:41 - 00001338 _____ () C:\Windows\Tasks\PKFZBI.job

2014-09-04 12:10 - 2012-04-25 12:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-04 12:09 - 2014-08-29 03:17 - 00006556 _____ () C:\Windows\PFRO.log

2014-09-04 12:09 - 2014-03-09 02:00 - 00002271 _____ () C:\Windows\setupact.log

2014-09-04 12:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-04 12:08 - 2013-09-24 17:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSite

2014-09-04 11:56 - 2012-04-25 12:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-04 11:55 - 2014-09-04 11:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-04 11:55 - 2014-09-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-04 11:54 - 2014-09-04 11:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.2.1012.exe

2014-09-04 11:40 - 2013-06-03 10:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-04 10:19 - 2014-05-17 15:37 - 00000000 ____D () C:\Users\Owner\Desktop\Eddards

2014-09-03 16:09 - 2014-09-03 14:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate

2014-09-03 15:48 - 2009-07-13 20:34 - 00000505 _____ () C:\Windows\win.ini

2014-09-03 15:21 - 2014-08-13 13:57 - 00000000 ____D () C:\Users\Owner\Desktop\Diarte

2014-09-03 15:02 - 2014-09-03 15:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan

2014-09-03 14:58 - 2014-09-03 14:58 - 00000000 ____D () C:\Program Files (x86)\predm

2014-09-03 14:51 - 2014-07-02 08:52 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job

2014-09-03 14:50 - 2014-09-03 14:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Idle~_~Crawler

2014-09-03 14:46 - 2014-09-03 14:46 - 00004586 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner

2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro

2014-09-03 14:45 - 2014-09-03 14:45 - 00004026 _____ () C:\Windows\System32\Tasks\LaunchSignup

2014-09-03 14:42 - 2014-09-03 14:42 - 01506152 _____ (esc) C:\Users\Owner\AppData\Roaming\LERJFJX.exe

2014-09-03 14:42 - 2014-09-03 14:42 - 00004366 _____ () C:\Windows\System32\Tasks\LERJFJX

2014-09-03 14:41 - 2014-09-03 14:41 - 01994088 _____ (esc) C:\Users\Owner\AppData\Roaming\PKFZBI.exe

2014-09-03 14:41 - 2014-09-03 14:41 - 00004364 _____ () C:\Windows\System32\Tasks\PKFZBI

2014-09-03 14:41 - 2014-09-03 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate

2014-09-03 14:38 - 2014-09-03 14:38 - 00000000 ____D () C:\Users\Owner\Desktop\PShop

2014-09-03 14:38 - 2014-07-28 17:13 - 00000000 ____D () C:\Users\Owner\Desktop\DuVall

2014-09-03 09:13 - 2014-09-03 08:56 - 1453743302 _____ () C:\Users\Owner\Desktop\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (Cracked dll).rar

2014-09-02 19:07 - 2014-09-03 09:42 - 00000000 ____D () C:\Users\Owner\Desktop\cracked dll

2014-09-02 19:04 - 2014-09-03 09:42 - 00000950 _____ () C:\Users\Owner\Desktop\Install note.txt

2014-09-02 19:04 - 2014-09-03 09:42 - 00000000 ____D () C:\Users\Owner\Desktop\Adobe CS6

2014-09-02 18:37 - 2014-09-03 09:42 - 00000000 ____D () C:\Users\Owner\Desktop\Photoshop_CS6_13_0_1_update

2014-09-02 13:31 - 2014-07-24 11:51 - 00000000 ____D () C:\Users\Owner\Desktop\Kennedy-Tolbert

2014-09-02 10:27 - 2013-06-17 11:27 - 00000000 ____D () C:\Users\Owner\Desktop\Closed Borrower Files

2014-09-02 09:20 - 2014-07-02 08:52 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner

2014-09-02 09:20 - 2012-03-27 10:56 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2014-09-01 19:13 - 2012-07-14 13:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HP Support Assistant

2014-09-01 19:13 - 2012-03-30 15:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate

2014-09-01 02:18 - 2014-09-01 02:18 - 00002086 _____ () C:\Users\Owner\AppData\Roaming\LERJFJX

2014-09-01 02:18 - 2014-09-01 02:18 - 00001248 _____ () C:\Users\Owner\AppData\Roaming\PKFZBI

2014-08-29 09:42 - 2012-04-18 10:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google

2014-08-29 03:18 - 2009-07-13 22:45 - 00353960 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-28 14:26 - 2014-08-28 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-28 14:25 - 2012-04-25 12:35 - 00000000 ____D () C:\Program Files (x86)\Google

2014-08-25 16:32 - 2014-07-02 09:48 - 00000000 ____D () C:\Users\Owner\Desktop\Guptill

2014-08-25 14:42 - 2013-04-02 12:23 - 00000000 ____D () C:\Users\Owner\Desktop\Credit Reports

2014-08-25 12:28 - 2014-03-19 15:44 - 00000000 ____D () C:\Users\Owner\Desktop\Forms

2014-08-22 20:07 - 2014-08-28 09:06 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 19:45 - 2014-08-28 09:06 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 18:59 - 2014-08-28 09:06 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-19 06:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 14:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-18 14:23 - 2012-04-19 12:17 - 00008806 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat

2014-08-18 14:23 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-08-18 09:43 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-18 09:40 - 2012-03-27 11:37 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-18 09:37 - 2012-04-25 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-12 15:48 - 2013-04-02 12:27 - 00000000 ____D () C:\Users\Owner\Desktop\Home Pics

2014-08-11 11:15 - 2013-06-18 16:17 - 00000000 ____D () C:\Users\Owner\Desktop\Personal Files

2014-08-05 09:20 - 2012-03-27 11:11 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

Files to move or delete:

====================

C:\Users\Owner\g2ax_customer_downloadhelper_win32_x86.exe

C:\Users\Owner\gotomypc_635.exe

 

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe

C:\Users\Owner\AppData\Local\Temp\GUREE68.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\optprosetup.exe

C:\Users\Owner\AppData\Local\Temp\res.dll

C:\Users\Owner\AppData\Local\Temp\whtsmksetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-27 13:17

 

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Here are my results! Thank you so much for your help!!

 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2014  11:08:23
 
¤¤¤ Bad processes : 4 ¤¤¤
[suspicious.Path] VeodinKeyRocket.exe -- C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinKeyRocket.exe[-] -> KILLED [TermProc]
[suspicious.Path] Idle~_~Crawler.exe -- C:\Users\Owner\AppData\Local\Idle~_~Crawler\Idle~_~Crawler.exe[7] -> KILLED [TermProc]
[suspicious.Path] VeodinEventEngine.exe -- C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinEventEngine.exe[-] -> KILLED [TermThr]
[suspicious.Path] VeodinOfficeEngine.exe -- C:\Users\Owner\AppData\Local\Apps\2.0\ME7JYDGM.C2M\E6N9V24G.57G\keyrocket_b5867eb738db6c5c_0001.0001_09a866afcaf845ea\VeodinOfficeEngine.exe[-] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 13 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Windows\CurrentVersion\Run | VeodinKeyRocket : "C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veodin\KeyRocket.appref-ms"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Windows\CurrentVersion\Run | Whitesmoke Search Protect : C:\Users\Owner\AppData\Local\whitesmoke\whitesmoke\1.3.12.7\whitesmoke.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Windows\CurrentVersion\Run | VeodinKeyRocket : "C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veodin\KeyRocket.appref-ms"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Windows\CurrentVersion\Run | Whitesmoke Search Protect : C:\Users\Owner\AppData\Local\whitesmoke\whitesmoke\1.3.12.7\whitesmoke.exe  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4C465A8-0FC8-4BD8-9922-FAB91FB3FC12} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4C465A8-0FC8-4BD8-9922-FAB91FB3FC12} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4C465A8-0FC8-4BD8-9922-FAB91FB3FC12} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=COSP&ptag=A4ECE23158D21404AA1F&form=CONMHP&conlogo=CT3210127  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3867535192-1906888371-588904125-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=COSP&ptag=A4ECE23158D21404AA1F&form=CONMHP&conlogo=CT3210127  -> FOUND
 
¤¤¤ Scheduled tasks : 7 ¤¤¤
[suspicious.Path] LERJFJX.job -- C:\Users\Owner\AppData\Roaming\LERJFJX.exe (/infocmdline=vMfx3bFE/Zw9ARfk/0dMM7bGdXNcRr4T8Zrmh7DZ9qfMsVrKsLDoIHNADI8IFylmwkt+SptzgeHT11Yvpa0np0jUr0C4rvZj0FhksvjjvUZu3JaOwg94wQABj2U/NuUQaX+hv7RsHz2xcCtlKbqYZn+3kyQ9ryRZnUDaF0sfLleXY4xCgVgRI9WfcHpTVyjWw+y08ytabIV7vvEXDSmj228n0PDMruX4agE0x54Szln2s/7efhffkrr/Gpy5zzaNhH++nHyyNGzWniUs8WbY9QiCS2rVK9o/MRKTO89lf/KlzqvecCQVD2WiqAzmcCVhrW6KHyTPLuvEdzAjfD68MbxrlC/H5iZi8NXWULx9oT7p4m1fWoZcVy1u9nbk5MopwGDV6WGp8S8C0JD2ixJtlgLF+pehYWesf/E8xS5mIyUFq3hofuY1J/xcmdSz2uzI3NIuFmdt4bg8LKdrirVBd22DuJQINJLzylCxbMubAFiY0vwYK/rNsIFEpj8spA+2) -> FOUND
[suspicious.Path] PKFZBI.job -- C:\Users\Owner\AppData\Roaming\PKFZBI.exe (/infocmdline=sU1rcSi4oIBeAY3shKuNN3bi4O5od58y2AwoEyT1j5o80ZAv9O1uwSOnxzoH4sLXY6jT4e1D5NIhdz5Wv9CfA+bwKYPD0JXzcERqaEnCmZQI2n6R0DTXo1QV7yrQcc+BbuH5Wk7SEBiQhvnIvxsXXL79eG8t9/fDRP0RmrNaOnohfYmYyeRt1KcWMh8jAncPe6LiMld7Vla5acQAADp2F0FtMO9WSz8iCL2Nzv5mAkE04p26jt2Hf4sYnqEWzL8TAmckPiYUlMjFlzQNPfr9DIWY/yg28G0yIxihjomcSZkrS0aMWr/CYtvDgC1hImpH6paa6P4EqcGORXBS/pVEO10p2PLE9/Wa+eWgbwYfRQW8/T5G2BC1JbzsfPdB1Xg9rULX368/mIzMGTXuB4IEKrTnMI5jyzbYbFKOXRPNvd5bdQzCAGqMRxp5nrBh1uMarY0tY8T+YvdCRom1z1IPD2ubhZkNYpCoJehgrxi4alBtZirbvcJBvv/or/gdIERH) -> FOUND
[suspicious.Path] \\Idle~_~Crawler Runner -- "%LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe" -> FOUND
[suspicious.Path] \\LERJFJX -- C:\Users\Owner\AppData\Roaming\LERJFJX.exe (/infocmdline=vMfx3bFE/Zw9ARfk/0dMM7bGdXNcRr4T8Zrmh7DZ9qfMsVrKsLDoIHNADI8IFylmwkt+SptzgeHT11Yvpa0np0jUr0C4rvZj0FhksvjjvUZu3JaOwg94wQABj2U/NuUQaX+hv7RsHz2xcCtlKbqYZn+3kyQ9ryRZnUDaF0sfLleXY4xCgVgRI9WfcHpTVyjWw+y08ytabIV7vvEXDSmj228n0PDMruX4agE0x54Szln2s/7efhffkrr/Gpy5zzaNhH++nHyyNGzWniUs8WbY9QiCS2rVK9o/MRKTO89lf/KlzqvecCQVD2WiqAzmcCVhrW6KHyTPLuvEdzAjfD68MbxrlC/H5iZi8NXWULx9oT7p4m1fWoZcVy1u9nbk5MopwGDV6WGp8S8C0JD2ixJtlgLF+pehYWesf/E8xS5mIyUFq3hofuY1J/xcmdSz2uzI3NIuFmdt4bg8LKdrirVBd22DuJQINJLzylCxbMubAFiY0vwYK/rNsIFEpj8spA+2) -> FOUND
[suspicious.Path] \\PKFZBI -- C:\Users\Owner\AppData\Roaming\PKFZBI.exe (/infocmdline=sU1rcSi4oIBeAY3shKuNN3bi4O5od58y2AwoEyT1j5o80ZAv9O1uwSOnxzoH4sLXY6jT4e1D5NIhdz5Wv9CfA+bwKYPD0JXzcERqaEnCmZQI2n6R0DTXo1QV7yrQcc+BbuH5Wk7SEBiQhvnIvxsXXL79eG8t9/fDRP0RmrNaOnohfYmYyeRt1KcWMh8jAncPe6LiMld7Vla5acQAADp2F0FtMO9WSz8iCL2Nzv5mAkE04p26jt2Hf4sYnqEWzL8TAmckPiYUlMjFlzQNPfr9DIWY/yg28G0yIxihjomcSZkrS0aMWr/CYtvDgC1hImpH6paa6P4EqcGORXBS/pVEO10p2PLE9/Wa+eWgbwYfRQW8/T5G2BC1JbzsfPdB1Xg9rULX368/mIzMGTXuB4IEKrTnMI5jyzbYbFKOXRPNvd5bdQzCAGqMRxp5nrBh1uMarY0tY8T+YvdCRom1z1IPD2ubhZkNYpCoJehgrxi4alBtZirbvcJBvv/or/gdIERH) -> FOUND
[suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> FOUND
[suspicious.Path] \Microsoft\Windows\Maintenance\Idle~_~Crawler Update -- "%LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe" (--Update) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 ATA Device +++++
--- User ---
[MBR] 8fde11b0f206b02cd913e2cc03ff388a
[bSP] 68833a3e6ec31f5d16f6eae6869700e4 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206911 | Size: 942853 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1931169792 | Size: 10914 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Link to post
Share on other sites

¤¤¤ HOSTS File : 6 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

 

Your host file contains entries that are used to by-pass Adobe products activation. AKA: Piracy

In my initial post to you, there's a warning covering Piracy.

If this is true and you what help on this forum, please uninstall the Adobe products and restore the original host file.

MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.