Jump to content

Malicious Website Blocked


bralston9
 Share

Recommended Posts

I have Skype, but haven't used that program for about 2 months now.

 

I had Utorrent, but you just helped me remove it, remember. When I tried to uninstall it my explorer.exe would crash once I rebooted the machine. But I no longer have Utorrent from what I can see.

 

Here are a few things that caught my eye, I'm not sure if this is anything or not, but I will show you what I felt it may be.

 

Two things that caught my attention from my hijackthis log was..

 

1, I have two instances of "mctadmin.exe". I know its a network service but I show a local service and not sure that is right.

2, C:\Windows\SysWOW64\DllHost.exe
While DllHost.exe is legit, I believe its supposed to be in "C:\Windows\System32" location and I don't think it should be running all the time. But I could be wrong.

 

3  Roguekiller scan showed this. And a lot ha s happened from this reference. I'm seeing these 2 processes showing up a lot in many of the scans , as you will see in the log below.. Again, not sure if this is anything, but wanted to point it out.

 

[suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
[suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

 

ESET even scanned these 2 items above and said...

 

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan

 

Look at my Malwarebytes log just from last night. Keep in mind, I had no programs running at all last night other than my desktop, and my normal programs that start with windows such as Malwarebyte and Norton Anti-virus.

 

I received:

 

24 Malicious Website Protection, on port 6881, Outbound, C:\Windows\explorer.exe

3 Quarantined Trojans

 

 

 

Malwarebytes Log results:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10/2/2014 4:11:36 AM, SYSTEM, ROB, Protection, Malware Protection, Starting,
Protection, 10/2/2014 4:11:36 AM, SYSTEM, ROB, Protection, Malware Protection, Started,
Protection, 10/2/2014 4:11:36 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 4:11:44 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 4:13:40 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 91.212.124.179, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 4:13:40 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 91.212.124.179, 6881, Outbound, C:\Windows\explorer.exe,
Protection, 10/2/2014 4:16:05 AM, SYSTEM, ROB, Protection, Malware Protection, Starting,
Protection, 10/2/2014 4:16:05 AM, SYSTEM, ROB, Protection, Malware Protection, Started,
Protection, 10/2/2014 4:16:05 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 4:16:11 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Protection, 10/2/2014 4:21:06 AM, SYSTEM, ROB, Protection, Malware Protection, Starting,
Protection, 10/2/2014 4:21:06 AM, SYSTEM, ROB, Protection, Malware Protection, Started,
Protection, 10/2/2014 4:21:06 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 4:21:12 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 4:23:07 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 91.212.124.179, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 4:23:07 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 91.212.124.179, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 4:48:24 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 188.211.239.11, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 4:48:24 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 188.211.239.11, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 5:04:22 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 77.78.213.116, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 5:04:22 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 77.78.213.116, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:02:56 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 178.152.0.144, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:02:56 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 178.152.0.144, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:14:28 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 46.119.136.55, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:14:28 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 46.119.136.55, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:40:36 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 178.152.14.251, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 6:40:36 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 178.152.14.251, 6881, Outbound, C:\Windows\explorer.exe,
Update, 10/2/2014 6:57:02 AM, SYSTEM, ROB, Scheduler, Malware Database, 2014.10.2.3, 2014.10.2.4,
Protection, 10/2/2014 6:57:03 AM, SYSTEM, ROB, Protection, Refresh, Starting,
Protection, 10/2/2014 6:57:03 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 6:57:03 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 6:57:07 AM, SYSTEM, ROB, Protection, Refresh, Success,
Protection, 10/2/2014 6:57:07 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 6:57:07 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 7:15:49 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 109.163.235.236, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 7:15:49 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 109.163.235.236, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 7:42:58 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 41.35.54.148, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 7:42:58 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 41.35.54.148, 6881, Outbound, C:\Windows\explorer.exe,
Update, 10/2/2014 7:57:29 AM, SYSTEM, ROB, Scheduler, Malware Database, 2014.10.2.4, 2014.10.2.5,
Protection, 10/2/2014 7:57:29 AM, SYSTEM, ROB, Protection, Refresh, Starting,
Protection, 10/2/2014 7:57:29 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 7:57:29 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 7:57:33 AM, SYSTEM, ROB, Protection, Refresh, Success,
Protection, 10/2/2014 7:57:33 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 7:57:33 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 10:25:57 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 50.56.68.37, 50962, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 10:25:57 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 50.56.68.37, 50962, Outbound, C:\Windows\explorer.exe,
Update, 10/2/2014 11:09:19 AM, SYSTEM, ROB, Scheduler, Malware Database, 2014.10.2.5, 2014.10.2.6,
Protection, 10/2/2014 11:09:19 AM, SYSTEM, ROB, Protection, Refresh, Starting,
Protection, 10/2/2014 11:09:19 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopping,
Protection, 10/2/2014 11:09:19 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Stopped,
Protection, 10/2/2014 11:09:23 AM, SYSTEM, ROB, Protection, Refresh, Success,
Protection, 10/2/2014 11:09:23 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Starting,
Protection, 10/2/2014 11:09:23 AM, SYSTEM, ROB, Protection, Malicious Website Protection, Started,
Detection, 10/2/2014 11:10:29 AM, User, ROB, Protection, Malware Protection, File, Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3163.exe, Quarantine, [5f8fd837e99374c2540a2a4723deca36]
Detection, 10/2/2014 11:11:49 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 95.31.245.135, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 11:11:49 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 95.31.245.135, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 11:25:32 AM, User, ROB, Protection, Malware Protection, File, Trojan.Agent.FSAVXGen, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF790.exe, Quarantine, [20cea16e91eba393d7736526827fe818]
Detection, 10/2/2014 11:40:34 AM, SYSTEM, ROB, Protection, Malware Protection, File, Trojan.Ransom.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpBB5C.exe, Quarantine, [826c848b0c70f6408494af18bf42a55b]
Detection, 10/2/2014 11:47:48 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 41.35.2.240, 6881, Outbound, C:\Windows\explorer.exe,
Detection, 10/2/2014 11:47:48 AM, SYSTEM, ROB, Protection, Malicious Website Protection, IP, 41.35.2.240, 6881, Outbound, C:\Windows\explorer.exe,

(end)

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

 

 

 

 

 

I thought we already removed this: C:\ProgramData\Microsoft\Secure\

 

But perhaps not. Please restart the computer one more time then run FRST and scan again but make sure you place a check mark in the Additions.txt check box and post back both new logs on your next reply.

Link to post
Share on other sites

Here are the rescans of FRST64

 

FRST scan Results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by User (administrator) on ROB on 03-10-2014 11:48:09
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Malwarebytes Corporation) D:\Applications\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Applications\Malwarebytes Anti-Malware\mbamservice.exe
(DeviceVM) C:\ASUS.SYS\CONFIG\DVMExportService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Malwarebytes Corporation) D:\Applications\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
() C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6695C8063D96CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0D221D00-A6ED-477C-8A91-41F3B660A832} https://www.marylandsail.org/Reserved.ReportViewerWebControl.axd?ReportSession=bbpc1b45cekodluuvmc0xx45&ControlID=bbd4500f36b74b9ca7b4d7329129cf7f&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r7deajc8.default-1412349577657
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> E:\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Applications\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Applications\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\User\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r7deajc8.default-1412349577657\searchplugins\safesearch.xml
FF Extension: New Tab Tools - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r7deajc8.default-1412349577657\Extensions\newtabtools@darktrojan.net.xpi [2014-10-03]
FF Extension: Status-4-Evar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r7deajc8.default-1412349577657\Extensions\status4evar@caligonstudios.com.xpi [2014-10-03]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\r7deajc8.default-1412349577657\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-10-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-08-02] (Adobe Systems) [File not signed]
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 MBAMScheduler; D:\Applications\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Applications\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDES; C:\ASUS.SYS\CONFIG\DVMExportService.exe [315392 2009-02-18] (DeviceVM) [File not signed]
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141002.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\ENG64.SYS [129752 2014-09-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141002.025\EX64.SYS [2137304 2014-09-25] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ALSysIO; \??\C:\Users\User\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 11:48 - 2014-10-03 11:48 - 00017031 _____ () C:\Users\User\Desktop\FRST.txt
2014-10-03 11:47 - 2014-10-03 11:47 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-10-03 11:44 - 2014-10-03 11:44 - 00000000 ___HD () C:\dvmexp
2014-10-03 11:18 - 2014-10-03 11:18 - 02953988 _____ () C:\Users\User\Desktop\Untitled-3.psd
2014-10-03 11:17 - 2014-10-03 11:17 - 03048240 _____ () C:\Users\User\Desktop\Untitled-2.psd
2014-10-03 11:17 - 2014-10-03 11:17 - 01086510 _____ () C:\Users\User\Desktop\Untitled-1.psd
2014-10-02 19:56 - 2014-10-02 19:57 - 00000000 _____ () C:\netstat
2014-10-02 16:27 - 2014-10-03 11:44 - 00000616 _____ () C:\Windows\setupact.log
2014-10-02 16:27 - 2014-10-02 16:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 04:11 - 2014-10-02 04:11 - 00000000 ____D () C:\NPE
2014-10-02 04:09 - 2014-10-02 04:16 - 00000000 ____D () C:\Users\User\AppData\Local\NPE
2014-10-02 03:34 - 2014-10-02 03:34 - 00039712 _____ () C:\Users\User\Desktop\Result.txt
2014-10-02 03:33 - 2014-10-02 03:33 - 00401920 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2014-10-02 03:16 - 2014-10-02 03:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-02 03:14 - 2014-10-02 03:14 - 00000000 ____D () C:\Users\User\Desktop\mbam anti root kit
2014-10-02 03:12 - 2014-10-02 03:12 - 00002631 _____ () C:\Users\User\Desktop\FSS.txt
2014-10-02 03:11 - 2014-10-02 03:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
2014-10-02 03:09 - 2014-10-02 03:09 - 00415232 _____ (Farbar) C:\Users\User\Desktop\FSS.exe
2014-10-01 14:01 - 2014-10-01 14:01 - 05582345 _____ (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-10-01 11:40 - 2014-10-01 11:35 - 00021634 _____ () C:\Users\User\Desktop\ComboFix.txt
2014-10-01 11:30 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-30 12:59 - 2014-10-03 00:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-09-30 10:07 - 2014-09-30 10:07 - 00000000 ____D () C:\Users\User\Documents\Updater
2014-09-30 09:32 - 2014-09-30 09:32 - 00004914 _____ () C:\Users\User\Desktop\JavaRa.log
2014-09-30 09:30 - 2014-09-30 09:30 - 00000000 ____D () C:\Users\User\Desktop\RemoveJave
2014-09-30 09:22 - 2014-09-30 09:22 - 00448512 _____ (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2014-09-30 09:21 - 2014-09-30 09:21 - 00165800 _____ () C:\Users\User\Desktop\JavaRa-1.16-20-1-14.zip
2014-09-29 15:44 - 2014-09-29 15:44 - 00001194 _____ () C:\Users\User\Desktop\AdwCleaner[s3].txt
2014-09-29 15:39 - 2014-09-29 15:39 - 00000695 _____ () C:\Users\User\Desktop\JRT.txt
2014-09-29 15:35 - 2014-09-29 15:35 - 00006169 _____ () C:\Users\User\Desktop\RKreport_SCN_09292014_153456.log
2014-09-29 11:37 - 2014-09-29 11:37 - 00001022 _____ () C:\Users\User\Desktop\AdwCleaner[s2].txt
2014-09-29 11:30 - 2014-10-02 11:42 - 00009975 _____ () C:\Users\User\Desktop\hijackthis.log
2014-09-29 10:39 - 2014-10-03 11:48 - 00000000 ____D () C:\FRST
2014-09-29 10:39 - 2014-10-03 11:47 - 02109440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-29 10:37 - 2014-09-29 10:37 - 00000200 _____ () C:\Users\User\Desktop\eset.txt
2014-09-29 10:17 - 2014-09-29 10:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-29 10:16 - 2014-09-29 10:16 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2014-09-29 10:07 - 2014-09-29 10:07 - 00000954 _____ () C:\Users\User\Desktop\AdwCleaner[s1].txt
2014-09-29 10:00 - 2014-09-29 15:42 - 00000000 ____D () C:\AdwCleaner
2014-09-29 09:59 - 2014-09-29 09:59 - 01373475 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-09-29 09:52 - 2014-09-29 09:52 - 01699276 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-09-28 03:22 - 2014-09-28 03:22 - 00006284 _____ () C:\Users\User\Desktop\RKreport_SCN_09282014_032009.log
2014-09-28 03:15 - 2014-09-28 03:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-28 03:15 - 2014-09-26 12:03 - 05472344 _____ () C:\Users\User\Desktop\RogueKillerX64.exe
2014-09-28 02:54 - 2014-10-01 11:34 - 00000000 ____D () C:\Windows\ERDNT
2014-09-28 02:53 - 2014-09-28 02:53 - 00000627 _____ () C:\Users\User\Desktop\NTREGOPT.lnk
2014-09-28 02:53 - 2014-09-28 02:53 - 00000614 _____ () C:\Users\User\Desktop\ERUNT.lnk
2014-09-28 02:53 - 2014-09-28 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-09-28 02:48 - 2014-09-29 15:31 - 00002574 _____ () C:\Users\User\Desktop\Rkill.txt
2014-09-28 02:47 - 2014-09-28 02:47 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2014-09-27 13:08 - 2014-09-27 13:08 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam_premium.exe
2014-09-27 10:03 - 2014-09-29 15:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-27 09:39 - 2014-09-27 09:39 - 00001394 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-09-27 09:15 - 2014-09-27 09:15 - 00001279 _____ () C:\Windows\system32\Drivers\etc\hosts.new
2014-09-27 06:36 - 2014-09-27 06:36 - 00000275 _____ () C:\Users\User\Documents\Sites.txt
2014-09-26 14:57 - 2014-09-26 14:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\HijackThis.exe
2014-09-26 13:17 - 2014-09-26 13:22 - 00166080 _____ () C:\Users\User\AppData\Local\census.cache
2014-09-26 13:17 - 2014-09-26 13:21 - 00171782 _____ () C:\Users\User\AppData\Local\ars.cache
2014-09-26 12:59 - 2014-10-03 11:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 12:59 - 2014-10-02 03:14 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-26 12:59 - 2014-09-27 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-26 12:59 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-26 12:59 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-26 12:27 - 2014-09-26 12:27 - 00000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
2014-09-26 12:24 - 2014-09-26 12:24 - 00000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2014-09-26 12:24 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-09-25 20:20 - 2013-09-09 22:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-09-25 19:46 - 2014-09-25 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-25 19:18 - 2014-09-25 19:18 - 00000259 _____ () C:\Users\User\Documents\flush.bat
2014-09-25 19:13 - 2014-09-25 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 11:40 - 2014-09-24 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Mouse Auto Clicker
2014-09-24 10:55 - 2014-09-24 11:11 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-09-24 10:55 - 2014-09-24 10:55 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-09-24 10:49 - 2014-09-27 09:01 - 00001163 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-23 00:14 - 2014-09-23 00:14 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-09-10 22:10 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:10 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:10 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:10 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:10 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:10 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:10 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:10 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:10 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:10 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:10 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:10 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:10 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 20:37 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:37 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 20:37 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 20:37 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 20:37 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 11:47 - 2010-03-15 06:52 - 02053849 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 11:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 11:13 - 2012-04-04 02:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 11:10 - 2009-07-14 00:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 11:10 - 2009-07-14 00:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 11:07 - 2009-07-14 01:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 23:18 - 2013-07-29 14:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-10-02 12:51 - 2010-03-22 09:07 - 00000013 _____ () C:\Windows\SysWOW64\WinSys32.crc
2014-10-02 12:51 - 2010-03-22 09:06 - 00000000 ____D () C:\Program Files (x86)\CoffeeCup Software
2014-10-01 11:34 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-30 09:31 - 2010-09-15 02:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-29 15:32 - 2010-03-19 01:42 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-27 20:30 - 2010-08-02 04:26 - 00000000 ____D () C:\Users\User\Documents\CoffeeCup Software
2014-09-27 17:05 - 2010-03-18 19:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-27 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-27 08:10 - 2012-03-18 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-09-27 07:51 - 2010-03-22 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlobalSCAPE
2014-09-27 07:51 - 2010-03-22 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
2014-09-27 07:51 - 2010-03-15 22:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-26 17:29 - 2011-10-17 11:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-26 01:02 - 2014-04-30 19:12 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-09-25 21:57 - 2010-04-20 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 21:57 - 2010-03-21 05:38 - 00000000 ____D () C:\Program Files\Core Temp
2014-09-25 20:44 - 2010-03-19 20:25 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 20:16 - 2010-03-19 16:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\DivX
2014-09-25 19:43 - 2014-03-23 04:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 19:31 - 2014-08-20 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 18:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 11:14 - 2010-03-22 09:15 - 00000000 ____D () C:\Windows\ulead.dat
2014-09-24 11:05 - 2010-04-02 15:52 - 00000000 ____D () C:\Windows\Sun
2014-09-24 10:55 - 2014-08-23 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-23 19:52 - 2013-05-06 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-09-23 13:53 - 2014-02-15 13:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-09-23 13:53 - 2014-02-15 13:07 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-09-23 00:09 - 2014-02-15 07:42 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-23 00:09 - 2014-02-15 07:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-09-23 00:09 - 2014-02-15 07:42 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-09-17 20:50 - 2013-06-29 16:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 20:48 - 2014-08-24 07:44 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-09-16 00:17 - 2014-05-04 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-09-16 00:17 - 2010-03-19 16:31 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-09-16 00:17 - 2010-03-19 16:29 - 00000000 ____D () C:\ProgramData\DivX
2014-09-14 16:14 - 2012-06-14 20:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-09-11 03:18 - 2014-03-12 15:14 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-09-11 03:18 - 2014-03-12 15:14 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-09-10 22:12 - 2010-03-18 22:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 22:09 - 2013-07-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:09 - 2010-03-19 06:56 - 00778700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:08 - 2010-03-19 01:54 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 03:47 - 2012-04-04 02:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 03:47 - 2012-04-04 02:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 03:47 - 2011-05-19 13:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-04 19:53 - 2013-07-29 14:17 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 07:36

==================== End Of Log ============================

 

 

Addition scan results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by User at 2014-10-03 11:48:28
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.30 - )
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
CuteFTP 5.0 XP (HKLM-x32\...\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}) (Version:  - GlobalSCAPE, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.17 - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Gate Tools (HKLM-x32\...\{32394A59-A39C-4C90-A9A5-F16B0C7442E1}) (Version: 1.0.0.8 - DeviceVM, Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.69 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 1.00.000 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Super Mouse Auto Clicker 4.0 (HKLM-x32\...\{39062735-0291-4C52-919E-5A80BA98E8C2}_is1) (Version:  - Advanced Mouse Auto Clicker, Ltd.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.00.41 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-10-2014 02:49:56 10-2-2014
03-10-2014 14:35:27 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-01 11:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0409E46E-9A7B-45F6-8EA5-E5A6E7A29601} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {1095D286-6DC9-4858-8C7D-C6F676722A25} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {14FC4DEC-5A8B-46B5-8FC9-E4F4082384F4} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1A72BF03-715C-47CE-9F2C-68652854CE50} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-06-26] ()
Task: {1D8516F0-3A5F-4305-BE26-A7ECDCC2F1CA} - System32\Tasks\{5B991EA9-717B-411B-BD92-AED72BC3778F} => F:\Badge-Hunter\_Badge-Hunter\Pigg Viewer\PiggViewer.exe
Task: {3C0BEF3E-6CCD-4ACF-AE7D-8AF773F29093} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7E62997A-6B25-4F05-8903-45D34E83094B} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {8C8FAAFD-C2AF-45F6-9FD2-92493C6B529F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {91E3B3EF-DC64-44CF-B8F2-389E8F048F76} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {999A33F5-4BDC-4CC0-BA4F-14218DD32D02} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {ADFA4EE4-58E7-4F1F-BB04-4A9326C9A42B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {B36F9891-D12B-4077-9482-6779FA5957F8} - System32\Tasks\{F960AB63-2FD4-47C9-8E87-30897397ABC5} => F:\Badge-Hunter\_Badge-Hunter\Pigg Viewer\PiggViewer.exe
Task: {B487F45A-F8C8-4C40-82FA-7F9130AD5DCB} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-01] ()
Task: {B778753A-08CE-450A-916A-FB9B6EEF1D6F} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C344C444-4BE9-4CEF-8E67-0E322CC92C80} - System32\Tasks\{7ABCAD73-9DA7-478A-8247-0F0B5D0DE0B5} => F:\Badge-Hunter\_Badge-Hunter\Pigg Viewer\PiggViewer.exe
Task: {DE74249A-C9E6-4FA7-8830-0E243FA4DA32} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {E1F8E3E3-6F40-4757-A471-64CCD4DAFFEA} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EAD69145-3FAF-4EF5-B45D-D270A507CAC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {EB656F93-B469-4248-8604-655852F6424F} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-15 22:16 - 2009-04-02 00:27 - 00090112 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-09-24 10:47 - 2014-09-24 10:47 - 03149312 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-09-24 10:47 - 2014-09-24 10:47 - 02500096 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-03-15 22:16 - 2009-06-26 16:08 - 06036992 _____ () C:\Program Files\ASUS\Six Engine\SixEngine.exe
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-15 22:16 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files\ASUS\Six Engine\ASUSSERVICE.DLL
2010-03-15 22:16 - 2009-04-20 13:55 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll
2010-03-15 22:16 - 2009-04-20 13:55 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
2014-09-25 19:13 - 2014-09-25 19:13 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Ai Nap => "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cpu Level Up help => "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: QFan Help => "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoundMAX => "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TurboV => "C:\Program Files\ASUS\TurboV\TurboV.exe"
MSCONFIG\startupreg: ussshreg => C:\PROGRA~2\ULEADS~1.0\Ussshreg.exe /r

========================= Accounts: ==========================

Administrator (S-1-5-21-1921376680-3579367563-697631650-500 - Administrator - Disabled)
Guest (S-1-5-21-1921376680-3579367563-697631650-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1921376680-3579367563-697631650-1002 - Limited - Enabled)
User (S-1-5-21-1921376680-3579367563-697631650-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 04:39:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/02/2014 10:52:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/02/2014 10:52:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/02/2014 09:32:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/01/2014 07:20:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/30/2014 04:09:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2014 04:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NST.exe, version: 12.11.0.16, time stamp: 0x524cbb5e
Faulting module name: COMM.DLL, version: 5.2.0.12, time stamp: 0x529e3f5d
Exception code: 0xc0000005
Fault offset: 0x0005a616
Faulting process id: 0x780
Faulting application start time: 0xNST.exe0
Faulting application path: NST.exe1
Faulting module path: NST.exe2
Report Id: NST.exe3

Error: (09/29/2014 04:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NST.exe, version: 12.11.0.16, time stamp: 0x524cbb5e
Faulting module name: COMM.DLL, version: 5.2.0.12, time stamp: 0x529e3f5d
Exception code: 0xc0000005
Fault offset: 0x0005a616
Faulting process id: 0x78c
Faulting application start time: 0xNST.exe0
Faulting application path: NST.exe1
Faulting module path: NST.exe2
Report Id: NST.exe3


System errors:
=============
Error: (10/03/2014 11:44:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/03/2014 11:02:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/03/2014 10:58:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/03/2014 10:58:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:57:02 AM on ‎10/‎3/‎2014 was unexpected.

Error: (10/02/2014 11:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/02/2014 08:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/02/2014 04:27:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/02/2014 04:21:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/02/2014 04:21:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Creative Audio Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/02/2014 01:09:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (09/27/2014 05:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-01 11:34:19.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-01 11:34:19.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 18%
Total physical RAM: 12279.12 MB
Available physical RAM: 9949.61 MB
Total Pagefile: 13301.3 MB
Available Pagefile: 10772.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Primary SSD) (Fixed) (Total:74.43 GB) (Free:27.33 GB) NTFS
Drive d: (Secondary SSD) (Fixed) (Total:74.53 GB) (Free:73.94 GB) NTFS
Drive e: (Raptor) (Fixed) (Total:139.73 GB) (Free:49.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: E58790AF)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: BAF3B852)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 6B67CF7A)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

I had Internet Explorer installed, but I removed it from the Turn Windows features on or off by unchecking the box for Internet explorer.

 

I did not uninstall it from Add or Remove Programs.

 

Didn't have Chrome, so no problem there, and I did reset Firefox to factory settings. But I did readd Adblock Plus so I can surf the web.

Link to post
Share on other sites

  • Root Admin

Please uninstall the LogMeIn software for now. We'll reinstall it later on if you still want it.

 

Now run the following fix. It's the weekend so my response may be limited but will try to check back on you as soon as I can. If I've not replied by Sunday evening please send me a Private Message reminder.

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

fixlist.txt

Link to post
Share on other sites

 

Please uninstall the LogMeIn software for now. We'll reinstall it later on if you still want it.

 

I don't see any way to uninstall this. I looked in my Add or Remove Programs and it's not there. I do however have a folder named LogMein located in "C:\Program Files (x86)\LogMeIn" with a single unknown file with no extension called "LogMeIn_uninstall_in_progress"

 

So I'm thinking the uninstalled failed and never completely removed it from the machine a long time ago, as I recall a Norton Rep logged into our computer about a year ago to fix an update issue we had. So I have no idea how to remove it at this point. Any ideas on what I can do to correct this?

 

 

Here is the scan results you asked for...

 

 

FRST64 Fixlog results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014

Ran by User at 2014-10-04 10:43:15 Run:2

Running from C:\Users\User\Desktop

Loaded Profile: User (Available profiles: User)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

C:\ProgramData\Microsoft\Secure

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\User\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)

S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)

S4 LMIRfsClientNP; No ImagePath

S3 ALSysIO; \??\C:\Users\User\AppData\Local\Temp\ALSysIO64.sys [X]

S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

EmptyTemp:

Reboot:

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider]" => Key not found.

"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.

"C:\ProgramData\Microsoft\Secure" directory move:

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.

Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.

Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

"HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.

C:\Users\User\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => Moved successfully.

CouponPrinterService => Service stopped successfully.

CouponPrinterService => Service deleted successfully.

SkypeUpdate => Service deleted successfully.

LMIRfsClientNP => Service deleted successfully.

ALSysIO => Service deleted successfully.

LMIInfo => Service deleted successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

"C:\Program Files\Microsoft Security Client" => Not Found

EmptyTemp: => Removed 666.3 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-04 10:44:38)<=

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.

C:\ProgramData\Microsoft\Secure => Is moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

OK, maybe I was a bit hasty to say I had no way to uninstall it....lol

 

Here are my completed steps...

 

1. By typing Internet Options in the search bar of windows, Then going to the Programs tab, and then chose Manage Ad-ons. I was able to disable the ActiveX for LogMein there.

2. Then I went to Device Manager, noticed I had a display device for LogMein, so I uninstalled that. then a reboot.

3. CLeared my System Event log.

4. Rebooted the machien once again.

5. Re-Ran the FRST64 scan again and LogMein, is no longer showing up, nor am I getting a Device error or System error for LogMein.

 

Here are the scan results for FRST64 after cleaning up the LogMein errors I was receiving.

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Looks pretty good now over all.

Are you still getting IP blocks or seeing any other signs of an infection?

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Since you had me run that last fixlist for FRST, I haven't had any IP inbound or outbound blocks, so all looks good :)

 

 

Secutiry Check results:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton AntiVirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Norton AntiVirus Engine 21.6.0.32 NAV.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Just an update....

 

I wanted to thank you very much for your time in helping me clear up this issue.

A couple things before I go...

1. Is there a way to set all the correct folders back to hidden? I would do them individually, but can't remember exactly which folders they were.

2. As far as clean up from my desktop, I can just put them all to the recycle bin correct?

Link to post
Share on other sites

  • Root Admin

That's great news. At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.