viruscrunch16 Posted October 26, 2014 ID:896582 Share Posted October 26, 2014 Good Day , i am really desperate now that i had force shutdown my laptop 5 times because of the freeze/lag my laptop gets when scanning not only MBAM but also my antivirus ( Avast ). Mostly they lag in these files: msvcrt.dll( only MBAM causes this), mvcp60.dll(both), mvcp100.dll(both), there are many more programs that they lag when scanning. First I tried hiding msvcrt.dll and it worked, then it lagged(as in i hardly can move my mouse cursor) again in mvcp60.dll so i deleted it, but in the next scan it lagged in mvcp100.dll, deleted it too, then there was this other program, that i cant remember, it lagged there too.... Can anyone help me with this problem, and pls. be patient with me cuz i am not expert in this.Thanks in advance . Link to post Share on other sites More sharing options...
Maniac Posted October 26, 2014 ID:896589 Share Posted October 26, 2014 Hello viruscrunch16! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
viruscrunch16 Posted October 26, 2014 Author ID:896618 Share Posted October 26, 2014 hi i can't reply much often because our internet is not that fast, how long til i get bumped for not replying in this thread? Link to post Share on other sites More sharing options...
Maniac Posted October 26, 2014 ID:896643 Share Posted October 26, 2014 Three days. If you give me more details about how long time you need, could be more. Link to post Share on other sites More sharing options...
viruscrunch16 Posted October 27, 2014 Author ID:896911 Share Posted October 27, 2014 HI I was done downloading the FRST.exe and the scan here are the results.... ___FRST.txt log_____ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014Ran by Win 7 (administrator) on WIN7-PC on 27-10-2014 11:24:43Running from C:\Users\Win 7\DownloadsLoaded Profiles: Win 7 & (Available profiles: Win 7)Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeStartup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dllHKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dllShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x956F53A3E9FDCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbclStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - {38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtCtB0B0CzzyC0EtGyEzyyDzztGtCtD0C0EtGtByB0EzztGtB0FtC0B0BtAyE0CyC0C0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtC0D0C0CzzyBtGzztBzyyDtGyByBtCyEtGzzyBtA0DtGtAzzyCyDtDyEyDyDtDyD0C0A2Q&cr=1364401586&ir=SearchScopes: HKCU - {808CBB34-480E-4919-ADB6-C0EF9B3003CA} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13337&tm=327&src=ds&p={searchTerms}SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - {B2DF85AF-97B1-48FB-93D9-FC43B6CD6057} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=SearchScopes: HKCU - {D87EC373-43E6-4BB7-93BB-617243B31EC2} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}SearchScopes: HKCU - {E9D6D35D-B34D-4370-8681-14D0E296E86E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyD0F0FtB0EzztAtCtB0BtN0D0Tzu0SyBzytCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1073193372&ir=BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: [NameServer] 8.8.8.8,8.8.4.4 FireFox:========FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.defaultFF DefaultSearchEngine: Yahoo! (Avast)FF DefaultSearchUrl: https://ph.search.yahoo.com/yhs/searchFF SearchEngineOrder.1: Yahoo! (Avast)FF SelectedSearchEngine: Yahoo! (Avast)FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbclFF Keyword.URL: https://ph.search.yahoo.com/yhs/searchFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo-avast.xmlFF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo_ff.xmlFF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-08] Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-08]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-08]CHR Extension: (Google Search) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-08]CHR Extension: (Avast Online Security) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-07]CHR Extension: (Google Wallet) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-08]CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-08]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-23] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-10-23] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-23] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-23] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-23] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-10-23] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-23] ()S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-19] (LogMeIn, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-19] (Realtek Semiconductor Corporation )S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 11:24 - 2014-10-27 11:26 - 00015746 _____ () C:\Users\Win 7\Downloads\FRST.txt2014-10-27 11:24 - 2014-10-27 11:24 - 00000000 ____D () C:\FRST2014-10-27 11:20 - 2014-10-27 11:23 - 01104896 _____ (Farbar) C:\Users\Win 7\Downloads\FRST.exe2014-10-27 00:46 - 2014-10-27 01:53 - 422105353 _____ () C:\Users\Win 7\Downloads\Warm Bodies (2013) Full Movie - HD 1080p BluRay.flv2014-10-26 23:20 - 2014-10-27 00:46 - 527801708 _____ () C:\Users\Win 7\Downloads\Lucy (2014) Full Movie - HD 720p.flv2014-10-26 16:47 - 2014-10-27 11:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-26 16:46 - 2014-10-26 16:46 - 00001026 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-26 16:46 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-26 16:46 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-26 16:46 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-26 15:34 - 2014-10-26 16:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Win 7\Downloads\mbam-setup-2.0.3.1025.exe2014-10-26 15:24 - 2014-10-26 15:24 - 00000000 ____D () C:\Users\Win 7\.idlerc2014-10-26 13:35 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Skype2014-10-26 13:34 - 2014-10-27 11:11 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Skype2014-10-26 13:34 - 2014-10-26 13:34 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\Program Files\Common Files\Skype2014-10-26 09:21 - 2014-10-26 10:04 - 26222592 _____ () C:\Users\Win 7\Downloads\SkypeSetup_6.16.0.105.msi2014-10-26 09:20 - 2014-10-26 09:20 - 00000000 ____D () C:\Windows\system32\appmgmt2014-10-25 20:08 - 2014-10-25 20:09 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll2014-10-24 20:34 - 2014-10-24 20:34 - 00000000 ____D () C:\Program Files\Common Files\Steam2014-10-24 20:17 - 2014-10-24 20:22 - 01142392 _____ () C:\Users\Win 7\Downloads\SteamSetup.exe2014-10-23 16:57 - 2014-10-27 11:08 - 00090354 _____ () C:\Windows\PFRO.log2014-10-23 16:56 - 2014-10-23 16:56 - 00002069 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk2014-10-23 16:56 - 2014-10-23 16:56 - 00002009 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk2014-10-23 16:56 - 2014-10-23 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-10-23 16:55 - 2014-10-23 16:55 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-10-23 16:55 - 2014-10-23 16:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-10-15 19:15 - 2014-10-15 19:16 - 00000682 _____ () C:\Users\Win 7\Documents\cc_20141015_191546.reg2014-10-11 22:46 - 2014-10-11 23:06 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\WordWeb2014-10-11 22:44 - 2014-10-11 23:04 - 00001860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk2014-10-11 22:43 - 2014-10-11 23:04 - 00000000 ____D () C:\Program Files\WordWeb2014-10-11 22:43 - 2014-09-14 08:50 - 02935936 ____N (WordWeb Software) C:\Windows\wweb32.dll2014-10-11 22:36 - 2014-10-11 22:41 - 21947320 _____ () C:\Users\Win 7\Downloads\wordweb7.exe2014-10-11 22:17 - 2014-10-11 22:17 - 00049216 _____ () C:\Users\Win 7\Downloads\file crack-oald8.7z2014-10-11 22:12 - 2014-10-11 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.42014-10-11 22:05 - 2014-10-11 22:11 - 00000000 ____D () C:\Python342014-10-11 21:33 - 2014-10-11 21:41 - 24408064 _____ () C:\Users\Win 7\Downloads\python-3.4.1.msi2014-10-11 19:28 - 2014-10-11 19:28 - 00009792 _____ () C:\Users\Win 7\Documents\cc_20141011_192755.reg2014-10-11 19:16 - 2014-10-27 11:09 - 00004985 _____ () C:\Windows\setupact.log2014-10-11 19:16 - 2014-10-11 19:16 - 00000000 _____ () C:\Windows\setuperr.log2014-10-09 22:30 - 2014-10-09 22:30 - 00117552 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys2014-10-09 22:30 - 2014-10-09 22:30 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys2014-10-09 22:30 - 2014-10-09 22:30 - 00011696 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys2014-10-09 22:29 - 2014-10-09 22:30 - 00019504 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmdebug.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00118784 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G60I32.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00054960 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys2014-10-09 22:29 - 2014-10-09 22:29 - 00025008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys2014-10-09 22:21 - 2014-10-09 22:21 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00111856 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMW32.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00035888 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll2014-10-09 22:21 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIjpn.dll2014-10-09 22:20 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIdeu.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00284016 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMon.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00079208 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUI.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00023960 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMondeu.dll2014-10-09 22:20 - 2014-10-09 22:20 - 00009632 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonjpn.dll2014-10-09 22:19 - 2014-10-09 22:20 - 00423208 _____ (ThinPrint GmbH) C:\Windows\system32\TPSvc.dll2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 ____D () C:\ProgramData\Weskysoft2014-10-09 21:57 - 2014-10-09 21:57 - 00001030 _____ () C:\Users\Win 7\Desktop\DllSuite.lnk2014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 20142014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Program Files\DLLSuite2014-10-09 21:50 - 2014-10-09 21:56 - 16578402 _____ ( ) C:\Users\Win 7\Downloads\DLLSuite_Setup.exe2014-10-09 21:15 - 2013-04-11 16:12 - 00017344 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe2014-10-08 22:14 - 2014-10-08 22:15 - 00004672 _____ () C:\Users\Win 7\Documents\cc_20141008_221441.reg2014-10-08 22:05 - 2014-10-26 15:16 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-08 22:05 - 2014-10-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-10-08 21:57 - 2014-10-27 11:09 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-08 21:57 - 2014-10-27 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-08 21:56 - 2014-10-08 21:56 - 00895120 _____ (Google Inc.) C:\Users\Win 7\Downloads\ChromeSetup.exe2014-10-08 21:41 - 2014-10-08 21:42 - 00244136 _____ () C:\Users\Win 7\Downloads\Firefox Setup Stub 32.0.3.exe2014-10-08 21:34 - 2014-10-08 21:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk2014-10-08 21:34 - 2014-10-08 21:36 - 00001950 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk2014-10-08 21:33 - 2014-10-08 21:33 - 00000000 ____D () C:\Program Files\Adobe2014-10-08 21:18 - 2014-10-26 17:10 - 00000000 ____D () C:\Users\Win 7\Documents\Janet Ocab2014-10-08 21:12 - 2014-10-08 21:12 - 00001314 _____ () C:\Users\Win 7\Documents\cc_20141008_211207.reg2014-10-08 21:10 - 2014-10-08 21:10 - 00069648 _____ () C:\Users\Win 7\Documents\cc_20141008_211010.reg2014-10-08 20:52 - 2014-10-08 20:52 - 00000931 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-10-08 20:52 - 2014-10-08 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-08 20:51 - 2014-10-23 15:26 - 00000000 ____D () C:\Program Files\CCleaner2014-10-08 20:44 - 2014-10-08 20:49 - 04945978 _____ () C:\Users\Win 7\Downloads\CCleaner 4.07.4369 Busi_Pro (ChezzyB0x).zip2014-10-08 13:06 - 2014-10-23 16:55 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-10-08 13:06 - 2014-10-23 16:55 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-10-08 13:06 - 2014-10-23 16:54 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-10-08 13:06 - 2014-10-23 16:54 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-10-08 13:02 - 2014-10-08 13:04 - 00000000 ____D () C:\ProgramData\AVAST Software2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Dropbox2014-10-07 21:53 - 2014-10-07 21:53 - 01187697 _____ () C:\Windows\unins000.exe2014-10-07 21:53 - 2014-10-07 21:53 - 00001231 _____ () C:\Windows\unins000.dat2014-10-07 21:36 - 2014-10-07 22:43 - 00000000 ____D () C:\Windows\onhax-temp2014-10-06 21:43 - 2014-10-26 15:17 - 00000000 ____D () C:\Program Files\RAR Password Unlocker2014-10-06 21:23 - 2014-10-06 21:25 - 03220905 _____ () C:\Users\Win 7\Downloads\RAR Password Unlocker.rar2014-10-05 21:22 - 2014-10-05 21:27 - 00000000 ____D () C:\Users\Win 7\Games2014-10-05 21:21 - 2014-10-05 21:21 - 00000000 ____D () C:\Users\Win 7\Documents\Book PDFs ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-27 11:12 - 2013-10-06 04:09 - 01376486 _____ () C:\Windows\WindowsUpdate.log2014-10-27 11:09 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-27 07:48 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\vlc2014-10-27 07:46 - 2014-02-14 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-27 07:42 - 2014-04-24 22:35 - 00000000 ____D () C:\Program Files\Settings Manager2014-10-26 23:21 - 2014-07-12 07:46 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Settings Manager2014-10-26 23:20 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\Websave2014-10-26 22:43 - 2014-07-30 20:13 - 00000000 ____D () C:\Users\Win 7\Documents\Adrian Ocab2014-10-26 19:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding2014-10-26 17:11 - 2013-10-06 04:16 - 00000000 ____D () C:\Users\Win 72014-10-26 15:21 - 2013-10-06 04:53 - 00000000 ____D () C:\Windows\system32\RTCOM2014-10-26 15:16 - 2014-02-14 10:18 - 00001083 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-10-26 15:16 - 2014-02-14 10:18 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-10-26 15:16 - 2013-10-06 04:17 - 00001413 _____ () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-26 14:12 - 2014-03-01 22:12 - 00000294 _____ () C:\Windows\Tasks\SaveSense.job2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ___RD () C:\Program Files\Skype2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ____D () C:\ProgramData\Skype2014-10-26 13:07 - 2013-10-06 04:20 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-26 01:59 - 2014-03-01 22:07 - 00000166 _____ () C:\Users\Win 7\AppData\Roaming\WB.CFG2014-10-23 17:02 - 2014-02-14 11:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-10-23 17:02 - 2014-02-14 11:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-10-23 16:55 - 2014-04-27 17:35 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweeb2014-10-11 21:45 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-10-09 22:26 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI2014-10-08 22:20 - 2014-02-14 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-10-08 22:20 - 2013-10-06 04:28 - 00000000 ____D () C:\Program Files\WinRAR2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-10-08 22:10 - 2013-10-06 04:26 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Google2014-10-08 22:04 - 2013-10-06 05:11 - 00000000 ____D () C:\Program Files\Google2014-10-08 21:51 - 2014-07-12 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-10-08 21:39 - 2013-10-06 04:28 - 00000990 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-10-08 21:39 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\ProgramData\Adobe2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-08 21:33 - 2013-10-06 04:29 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Adobe2014-10-08 21:16 - 2014-09-20 19:10 - 00000396 __RSH () C:\ProgramData\ntuser.pol2014-10-08 21:06 - 2014-04-16 12:50 - 00000000 ____D () C:\Windows\Minidump2014-10-08 21:06 - 2013-10-06 05:06 - 00000000 ____D () C:\Windows\Panther2014-10-08 13:07 - 2014-03-09 18:19 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\AVAST Software2014-10-08 13:04 - 2013-10-06 04:20 - 00000000 ____D () C:\Program Files\AVAST Software2014-10-08 12:59 - 2009-07-14 10:04 - 00002577 _____ () C:\Windows\system32\config.nt2014-10-05 21:49 - 2013-10-29 04:31 - 00000000 ____D () C:\Users\Win 7\Downloads\Vanguard2014-10-05 17:09 - 2009-07-14 12:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP:====================C:\Users\Win 7\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 00:48 ==================== End Of Log ============================ _____ADDITION.txt log____ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014Ran by Win 7 at 2014-10-27 11:27:39Running from C:\Users\Win 7\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Avast License by ZeNiX [2012-06-29] (HKLM\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version: - )Avast Pro Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.13 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)Python 3.4.1 (HKLM\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-10-2014 11:01:43 Windows Backup23-10-2014 07:36:51 avast! antivirus system restore point26-10-2014 01:18:32 Removed Skype™ 5.526-10-2014 05:33:07 Installed Skype™ 6.1626-10-2014 11:03:24 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {512DF5DE-C2AF-4642-95B1-BC2CE4809513} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {6DD5CAB8-07A7-42CE-AEB2-DD4EBA25FDC3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)Task: {7352BBCD-1A25-41D7-9E1E-AFD10A4280A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)Task: {94FA5128-A5CD-475D-9447-5DF7F04BAC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)Task: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTIONTask: {C212E93C-5146-48C1-8B4A-1F48DCEB01C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)Task: {D173A1C9-5D1E-4B1F-8FC2-3F12B8785737} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-10-23 15:21 - 2014-10-07 23:49 - 00217600 _____ () C:\Program Files\AVAST Software\Avast\USERENV.dll2014-10-27 07:45 - 2014-10-27 07:45 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll2014-10-23 16:55 - 2014-10-23 16:55 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-10-08 22:04 - 2014-10-07 12:22 - 09008456 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\pdf.dll2014-10-08 22:04 - 2014-10-07 12:22 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\ffmpegsumo.dll2014-10-09 20:00 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-10-09 20:00 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:538DC028 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: msiserver => 3MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -sMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ========================= Accounts: ========================== Administrator (S-1-5-21-4157116677-2462151510-724841161-500 - Administrator - Disabled)Guest (S-1-5-21-4157116677-2462151510-724841161-501 - Limited - Disabled)Win 7 (S-1-5-21-4157116677-2462151510-724841161-1000 - Administrator - Enabled) => C:\Users\Win 7 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/27/2014 00:05:27 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\fd97d04c-f56a-4ce3-ba7d-dd4c72d762a5.dmp Error: (10/26/2014 07:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Updater.exe, version: 6.8.0.112, time stamp: 0x533db3abFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x006f00c4Faulting process id: 0x240Faulting application start time: 0xUpdater.exe0Faulting application path: Updater.exe1Faulting module path: Updater.exe2Report Id: Updater.exe3 Error: (10/23/2014 05:50:50 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\abbad8e7-8306-4202-ae3d-2583726dd803.dmp Error: (10/23/2014 05:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 05:09:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 04:59:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/23/2014 03:36:47 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {fd52f1f1-e546-4a7b-b27a-5d590ec055ea} Error: (10/23/2014 03:14:20 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )Description: Update Windows license and product key tokens failed with 0x80070005. Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Win7-PC)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Win7-PC)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. System errors:=============Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 11:09:23 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Error: (10/27/2014 11:09:01 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: RT_INIT_OK Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 07:57:42 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_NUM Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_COMPLETE Error: (10/27/2014 07:42:48 AM) (Source: RTL8192Ce) (EventID: 0) (User: )Description: OID_SCAN_REQUEST Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Atom CPU N455 @ 1.66GHzPercentage of memory in use: 87%Total physical RAM: 1013.42 MBAvailable physical RAM: 129.9 MBTotal Pagefile: 2037.42 MBAvailable Pagefile: 548.29 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1905.42 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:98.02 GB) (Free:78.11 GB) NTFSDrive d: (Storage Area) (Fixed) (Total:134.76 GB) (Free:37.58 GB) NTFSDrive f: (ADRIAN) (Fixed) (Total:3.73 GB) (Free:2.56 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A884B3F9)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=134.8 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 3.7 GB) (Disk ID: FC00FEC8)Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ i hope I get the reply soon... Thanks Link to post Share on other sites More sharing options...
viruscrunch16 Posted October 27, 2014 Author ID:896924 Share Posted October 27, 2014 oops i forgot my malwarebytes log scan here it is.. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/27/2014Scan Time: 11:17:22 AMLogfile: aaa.txtAdministrator: No Version: 2.00.3.1025Malware Database: v2014.10.26.08Rootkit Database: v2014.10.22.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7CPU: x86File System: NTFSUser: Win 7 Scan Type: Hyper ScanResult: CompletedObjects Scanned: 284402Time Elapsed: 19 min, 5 sec Memory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 32PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd0202ch"), Replaced,[7c4527f06a122a0cfe19ec77cc390ff1]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn application exits. *out:config */), Replaced,[e8d918ffde9e3ff776a14a19f31202fe]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (lication is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.u), Replaced,[378a8a8dbac2d85e7f98164d1de814ec]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (.update.lastUpdateTime.addon-background-update-ti), Replaced,[536e2beccfad9e98c6519ac942c332ce]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn a), Replaced,[2899af68b1cbca6c9b7c570ca461f10f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn a), Replaced,[7051d4434e2e48eecc4b342f9273de22]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn), Replaced,[9e233add4c308bab1700e182d33232ce]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn ), Replaced,[17aaa3746f0dbd794ccb194aaf567090]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);user_pref("app.update.migrated.updateDir", true);user_pref("browser.bookmarks.restore_default_bookmarks", false);user_pref("browser.cache.disk.capacity", 358400);user_pref("browser.cache.disk.smart_size.first_run", false);user_pref("brows), Replaced,[4a777b9caece84b28c8bf76cb35251af]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (k.smart_size.first_run", false);user_pref("browser.cach), Replaced,[d0f12ee926569d9920f7ec77778e9a66]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn applica), Replaced,[962b18ff4b3146f01601d2918e77dc24]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits. *out:con), Replaced,[645d5bbcf983df57f126e97a5ea738c8]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e application is runn application exits. *out), Replaced,[edd47b9ce795bc7a1ef94f1461a4c13f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[645db5623b4133030413085b72938080]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);user_pref("app.update.migrated.updateDir", true);user_pref("browser.bookmarks.restore_default_bookmarks", false);user_pref("browser.cache.disk.capacity", 358400);user_pref("browser.cache.disk.smart_size.first_run", fals), Replaced,[ad1473a45a22a98dbc5b243fb2534fb1]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (6689);user_pref("app.update.migrated.updateDir", true);u), Replaced,[2b9641d6ec90af87be59b2b10500b947]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (o this file while the application is runn application e), Replaced,[4c751cfb463665d18f88bda66a9b639d]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn app), Replaced,[af1254c398e454e2a1766df6eb1a8d73]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[dbe6d83f0a729a9c0d0a80e3c04536ca]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-backgrou), Replaced,[b011be59116bcd696bac43207293da26]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ile while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-u), Replaced,[a61b140395e7a690f81ff56e31d48b75]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (f("app.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[566b4acd1f5ddf5730e7c0a350b56e92]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (to this file while the application is runn application exits.), Replaced,[8839fb1cc8b40234d54298cbe12412ee]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( this file while the application is runn applica), Replaced,[754c4acdb0cc2c0a958243205fa6c33d]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn applicati), Replaced,[0cb5cb4c710bd0666aada2c11de88e72]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (his file while the application is runn application e), Replaced,[517062b53943bc7a37e0b0b35ea77a86]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits. *out:config */ user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-b), Replaced,[3190fe19730934025abd0e5551b4e818]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (p.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[c3feb6610775a78fd74001628b7ac13f]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn applica), Replaced,[a31e33e4eb91f83ee23585de9570fc04]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn a), Replaced,[3d848c8b83f98da948cfe97a2fd6e51b]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (anges to this file while the application is runn applic), Replaced,[5d64987f87f576c043d4e97a8a7b1ee2]PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn application exits.), Replaced,[cef38f8865173204d93eafb49273de22] Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted October 28, 2014 ID:897984 Share Posted October 28, 2014 Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
viruscrunch16 Posted October 29, 2014 Author ID:898236 Share Posted October 29, 2014 Hi this is the fixlog.txt content Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014Ran by Win 7 at 2014-10-29 17:34:48 Run:1Running from C:\Users\Win 7\DownloadsLoaded Profile: Win 7 (Available profiles: Win 7)Boot Mode: Normal ============================================== Content of fixlist:*****************StartIFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeHKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dllHKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dllGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}SearchScopes: HKCU - {38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA} URL = http://start.mysearc...=1364401586&ir=SearchScopes: HKCU - {808CBB34-480E-4919-ADB6-C0EF9B3003CA} URL = http://start.mysearc...=1073193372&ir=SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}SearchScopes: HKCU - {B2DF85AF-97B1-48FB-93D9-FC43B6CD6057} URL = http://start.mysearc...=1073193372&ir=SearchScopes: HKCU - {E9D6D35D-B34D-4370-8681-14D0E296E86E} URL = http://start.mysearc...=1073193372&ir=CHR dev: Chrome dev build detected! <======= ATTENTION2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweebTask: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTIONTask: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONc:\program files\settings managerC:\Program Files\Settings ManagerEnd***************** "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully."HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.C:\Windows\system32\GroupPolicy\Machine => Moved successfully.C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully."HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key deleted successfully."HKCR\CLSID\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key deleted successfully."HKCR\CLSID\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully."HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key deleted successfully."HKCR\CLSID\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key deleted successfully."HKCR\CLSID\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key not found.CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.C:\ProgramData\saafeeweeb => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense" => Key deleted successfully.C:\Windows\Tasks\SaveSense.job => Moved successfully.c:\program files\settings manager => Moved successfully."C:\Program Files\Settings Manager" => File/Directory not found. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted October 29, 2014 ID:898778 Share Posted October 29, 2014 Well done! Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
viruscrunch16 Posted October 30, 2014 Author ID:898982 Share Posted October 30, 2014 Here it is... Running combofix scared me to death btw... ComboFix 14-10-29.01 - Win 7 10/30/2014 8:40.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1013.357 [GMT 8:00]Running from: c:\users\Win 7\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.htmlc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.jsonc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.htmlc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.jsonc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.htmlc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.jsonc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.htmlc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.jsc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.jsonc:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.jsc:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkmknlenppbnjpbfjghjjmdjddadomhk_0.localstoragec:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ppmpjjklcmpaealfmgmcpdbhadejpcom_0.localstoragec:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Preferences..((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-30 )))))))))))))))))))))))))))))))..2014-10-30 01:00 . 2014-10-30 01:01 -------- d-----w- c:\users\Win 7\AppData\Local\temp2014-10-30 01:00 . 2014-10-30 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp2014-10-27 12:15 . 2014-10-27 12:15 -------- d-----w- c:\program files\Skype2014-10-27 03:24 . 2014-10-29 09:46 -------- d-----w- C:\FRST2014-10-26 19:35 . 2014-10-27 18:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A4E143-82F9-4AB5-867B-00C637E27B76}\offreg.dll2014-10-26 09:01 . 2014-10-26 09:01 -------- d-----w- c:\users\Win 7\AppData\Local\ElevatedDiagnostics2014-10-26 08:47 . 2014-10-30 00:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-10-26 08:46 . 2014-10-01 03:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-26 08:46 . 2014-10-01 03:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-10-26 08:46 . 2014-10-01 03:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\programdata\Malwarebytes2014-10-26 07:24 . 2014-10-26 07:24 -------- d-----w- c:\users\Win 7\.idlerc2014-10-26 05:35 . 2014-10-26 05:35 -------- d-----w- c:\users\Win 7\AppData\Local\Skype2014-10-26 05:34 . 2014-10-27 12:26 -------- d-----w- c:\users\Win 7\AppData\Roaming\Skype2014-10-26 05:34 . 2014-10-26 05:34 -------- d-----w- c:\program files\Common Files\Skype2014-10-25 12:08 . 2014-10-25 12:09 348160 ----a-w- c:\windows\system32\msvcr71.dll2014-10-24 12:34 . 2014-10-24 12:34 -------- d-----w- c:\program files\Common Files\Steam2014-10-23 08:55 . 2014-10-23 08:55 291352 ----a-w- c:\windows\system32\aswBoot.exe2014-10-23 08:55 . 2014-10-23 08:55 43152 ----a-w- c:\windows\avastSS.scr2014-10-11 14:46 . 2014-10-11 15:06 -------- d-----w- c:\users\Win 7\AppData\Roaming\WordWeb2014-10-11 14:43 . 2014-09-14 00:50 2935936 ------w- c:\windows\wweb32.dll2014-10-11 14:43 . 2014-10-11 15:04 -------- d-----w- c:\program files\WordWeb2014-10-11 14:05 . 2014-10-11 14:11 -------- d-----w- C:\Python342014-10-09 14:30 . 2014-10-09 14:30 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys2014-10-09 14:30 . 2014-10-09 14:30 11696 ----a-w- c:\windows\system32\drivers\vmmouse.sys2014-10-09 14:30 . 2014-10-09 14:30 117552 ----a-w- c:\windows\system32\drivers\vmhgfs.sys2014-10-09 14:29 . 2014-10-09 14:30 19504 ----a-w- c:\windows\system32\drivers\vmdebug.sys2014-10-09 14:29 . 2014-10-09 14:29 54960 ----a-w- c:\windows\system32\drivers\vmci.sys2014-10-09 14:29 . 2014-10-09 14:29 25008 ----a-w- c:\windows\system32\drivers\vmaudio.sys2014-10-09 14:29 . 2014-10-09 14:29 118784 ----a-w- c:\windows\system32\drivers\E1G60I32.sys2014-10-09 14:28 . 2014-10-09 14:29 368749 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll2014-10-09 14:21 . 2014-10-09 14:21 16432 ----a-w- c:\windows\system32\vmx_mode.dll2014-10-09 14:21 . 2014-10-09 14:21 173232 ----a-w- c:\windows\system32\vmx_fb.dll2014-10-09 14:21 . 2014-10-09 14:21 35888 ----a-w- c:\windows\system32\vmhgfs.dll2014-10-09 14:21 . 2014-10-09 14:21 111856 ----a-w- c:\windows\system32\TPVMW32.dll2014-10-09 14:21 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIjpn.dll2014-10-09 14:20 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIdeu.dll2014-10-09 14:20 . 2014-10-09 14:20 79208 ----a-w- c:\windows\system32\TPVMMonUI.dll2014-10-09 14:20 . 2014-10-09 14:20 9632 ----a-w- c:\windows\system32\TPVMMonjpn.dll2014-10-09 14:20 . 2014-10-09 14:20 23960 ----a-w- c:\windows\system32\TPVMMondeu.dll2014-10-09 14:20 . 2014-10-09 14:20 284016 ----a-w- c:\windows\system32\TPVMMon.dll2014-10-09 14:19 . 2014-10-09 14:20 423208 ----a-w- c:\windows\system32\TPSvc.dll2014-10-09 14:01 . 2014-10-09 14:01 -------- d-----w- c:\programdata\Weskysoft2014-10-09 13:57 . 2014-10-09 13:57 -------- d-----w- c:\program files\DLLSuite2014-10-09 13:15 . 2014-10-09 13:15 -------- d-----w- c:\programdata\Logs2014-10-09 13:15 . 2013-04-11 08:12 17344 ----a-w- c:\windows\system32\roboot.exe2014-10-08 12:51 . 2014-10-23 07:26 -------- d-----w- c:\program files\CCleaner2014-10-08 05:06 . 2014-10-23 08:55 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys2014-10-08 05:06 . 2014-10-23 08:55 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-10-08 05:06 . 2014-10-23 08:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-10-08 05:06 . 2014-10-23 08:55 422760 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-10-08 05:06 . 2014-10-23 08:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-10-08 05:06 . 2014-10-23 08:55 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-10-08 05:06 . 2014-10-23 08:54 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-10-08 05:06 . 2014-10-23 08:54 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys2014-10-08 05:02 . 2014-10-08 05:04 -------- d-----w- c:\programdata\AVAST Software2014-10-07 14:43 . 2014-10-07 14:43 -------- d-----w- c:\users\Win 7\AppData\Roaming\Dropbox2014-10-07 13:53 . 2014-10-07 13:53 1187697 ----a-w- c:\windows\unins000.exe2014-10-07 13:36 . 2014-10-07 14:43 -------- d-----w- c:\windows\onhax-temp2014-10-06 13:43 . 2014-10-26 07:17 -------- d-----w- c:\program files\RAR Password Unlocker2014-10-05 13:22 . 2014-10-05 13:27 -------- d-----w- c:\users\Win 7\Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-23 09:02 . 2014-02-14 03:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-10-23 09:02 . 2014-02-14 03:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-10-23 08:55 . 2014-04-27 09:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-08-16 12:57 . 2014-08-26 03:53 24224 ----a-w- c:\program files\Sony.vshost.exe2014-08-15 03:06 . 2014-08-26 03:53 32768 ----a-w- c:\program files\Chrome Update.exe2014-08-15 03:02 . 2014-08-26 03:53 33792 ----a-w- c:\program files\Sony.exe2014-08-11 23:11 . 2014-08-26 03:53 251392 ----a-w- c:\program files\Survey Killer.exe2010-08-28 14:36 . 2014-08-26 03:53 96256 ----a-w- c:\program files\WebKitBrowser.dll2010-08-28 14:36 . 2014-08-26 03:53 131072 ----a-w- c:\program files\WebKit.Interop.dll2010-08-28 07:41 . 2014-08-26 03:53 8002048 ----a-w- c:\program files\WebKit.dll2010-08-28 06:29 . 2014-08-26 03:53 1059328 ----a-w- c:\program files\JavaScriptCore.dll2009-12-11 02:19 . 2014-08-26 03:53 862208 ----a-w- c:\program files\CFLite.dll2009-12-11 02:16 . 2014-08-26 03:53 121344 ----a-w- c:\program files\objc.dll2009-12-11 01:58 . 2014-08-26 03:53 13911552 ----a-w- c:\program files\icudt40.dll2009-12-11 01:56 . 2014-08-26 03:53 1245184 ----a-w- c:\program files\icuin40.dll2009-12-11 01:55 . 2014-08-26 03:53 1079296 ----a-w- c:\program files\icuuc40.dll2009-12-11 01:40 . 2014-08-26 03:53 49664 ----a-w- c:\program files\pthreadVC2.dll2009-12-11 01:34 . 2014-08-26 03:53 225280 ----a-w- c:\program files\libcurl.dll2009-12-11 01:25 . 2014-08-26 03:53 200704 ----a-w- c:\program files\ssleay32.dll2009-12-11 01:25 . 2014-08-26 03:53 1017344 ----a-w- c:\program files\libeay32.dll2009-12-10 08:53 . 2014-08-26 03:53 61952 ----a-w- c:\program files\libexslt.dll2009-12-10 08:52 . 2014-08-26 03:53 170496 ----a-w- c:\program files\libxslt.dll2009-12-10 08:43 . 2014-08-26 03:53 1919488 ----a-w- c:\program files\libxml2.dll2009-12-10 01:48 . 2014-08-26 03:53 412160 ----a-w- c:\program files\SQLite3.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-10-23 08:55 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2014-07-05 80000].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-23 5223016]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2010-10-01 15:43 173592 ----a-w- c:\windows\System32\hkcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2010-10-01 15:43 141848 ----a-w- c:\windows\System32\igfxtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]2011-06-16 14:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]2010-10-01 15:43 150552 ----a-w- c:\windows\System32\igfxpers.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2010-03-11 01:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-23 91496]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-21 194664]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-10-23 26136]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-10-23 787800]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-23 422760]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-23 24184]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-23 70384]S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-30 114904]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-07 322664]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016]S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-10-29 10:07 1087304 ----a-w- c:\program files\Google\Chrome\Application\40.0.2202.3\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-14 09:02].2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57].2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57]..------- Supplementary Scan -------.uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbclmStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbclmSearch Bar = https://www.yahoo.com?fr=hp-avast&type=avastbclIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\3535A424F514355535: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\A616E65647F5F6361626: NameServer = 208.67.222.222,208.67.220.220FF - ProfilePath - c:\users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\FF - prefs.js: browser.search.defaulturl - hxxps://ph.search.yahoo.com/yhs/searchFF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbclFF - prefs.js: keyword.URL - hxxps://ph.search.yahoo.com/yhs/search.- - - - ORPHANS REMOVED - - - -.Toolbar-10 - (no file)MSConfigStartUp-RtHDVBg - c:\program files\Realtek\Audio\HDA\RtHDVBg.exeMSConfigStartUp-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-10-30 09:05:28ComboFix-quarantined-files.txt 2014-10-30 01:05.Pre-Run: 81,033,146,368 bytes freePost-Run: 80,869,654,528 bytes free.- - End Of File - - 47E79FB51C3513904B7F3621B47CAB6AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Maniac Posted October 31, 2014 ID:900303 Share Posted October 31, 2014 Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Full Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Step 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.In your next reply, post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2015 Root Admin ID:925722 Share Posted January 3, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts