Jump to content

Recommended Posts

Good Day  ^_^ , i am really desperate now that i had force shutdown my laptop 5 times because of the freeze/lag my laptop gets when scanning not only MBAM but also my antivirus ( Avast ). Mostly they lag in these files: msvcrt.dll( only MBAM causes this), mvcp60.dll(both), mvcp100.dll(both), there are many more programs that they lag when scanning.


 


    First I tried hiding msvcrt.dll and it worked, then it lagged(as in i hardly can move my mouse cursor) again in mvcp60.dll so i deleted it, but in the next scan it lagged in mvcp100.dll, deleted it too, then there was this other program, that i cant remember, it lagged there too.... Can anyone help me with this problem, and pls. be patient with me cuz i am not expert in this.


Thanks in advance .


   :mellow:


Link to post
Share on other sites

Hello viruscrunch16! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

HI  ^_^ I was done downloading the FRST.exe and the scan here are the results....

 

___FRST.txt log_____

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by Win 7 (administrator) on WIN7-PC on 27-10-2014 11:24:43
Running from C:\Users\Win 7\Downloads
Loaded Profiles: Win 7 &  (Available profiles: Win 7)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-4157116677-2462151510-724841161-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x956F53A3E9FDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {D87EC373-43E6-4BB7-93BB-617243B31EC2} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\searchplugins\yahoo_ff.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-08]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-08]
CHR Extension: (Google Search) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-08]
CHR Extension: (Avast Online Security) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-08]
CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-10-23] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-10-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-10-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-10-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-10-23] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-19] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-19] (Realtek Semiconductor Corporation                           )
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 11:24 - 2014-10-27 11:26 - 00015746 _____ () C:\Users\Win 7\Downloads\FRST.txt
2014-10-27 11:24 - 2014-10-27 11:24 - 00000000 ____D () C:\FRST
2014-10-27 11:20 - 2014-10-27 11:23 - 01104896 _____ (Farbar) C:\Users\Win 7\Downloads\FRST.exe
2014-10-27 00:46 - 2014-10-27 01:53 - 422105353 _____ () C:\Users\Win 7\Downloads\Warm Bodies (2013) Full Movie - HD 1080p BluRay.flv
2014-10-26 23:20 - 2014-10-27 00:46 - 527801708 _____ () C:\Users\Win 7\Downloads\Lucy (2014) Full Movie - HD 720p.flv
2014-10-26 16:47 - 2014-10-27 11:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 16:46 - 2014-10-26 16:46 - 00001026 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-26 16:46 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 16:46 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 16:46 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 15:34 - 2014-10-26 16:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Win 7\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-26 15:24 - 2014-10-26 15:24 - 00000000 ____D () C:\Users\Win 7\.idlerc
2014-10-26 13:35 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Skype
2014-10-26 13:34 - 2014-10-27 11:11 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Skype
2014-10-26 13:34 - 2014-10-26 13:34 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-26 13:34 - 2014-10-26 13:34 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-26 09:21 - 2014-10-26 10:04 - 26222592 _____ () C:\Users\Win 7\Downloads\SkypeSetup_6.16.0.105.msi
2014-10-26 09:20 - 2014-10-26 09:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-25 20:08 - 2014-10-25 20:09 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-10-24 20:34 - 2014-10-24 20:34 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-10-24 20:17 - 2014-10-24 20:22 - 01142392 _____ () C:\Users\Win 7\Downloads\SteamSetup.exe
2014-10-23 16:57 - 2014-10-27 11:08 - 00090354 _____ () C:\Windows\PFRO.log
2014-10-23 16:56 - 2014-10-23 16:56 - 00002069 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-10-23 16:56 - 2014-10-23 16:56 - 00002009 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2014-10-23 16:56 - 2014-10-23 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-23 16:55 - 2014-10-23 16:55 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-23 16:55 - 2014-10-23 16:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-15 19:15 - 2014-10-15 19:16 - 00000682 _____ () C:\Users\Win 7\Documents\cc_20141015_191546.reg
2014-10-11 22:46 - 2014-10-11 23:06 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\WordWeb
2014-10-11 22:44 - 2014-10-11 23:04 - 00001860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk
2014-10-11 22:43 - 2014-10-11 23:04 - 00000000 ____D () C:\Program Files\WordWeb
2014-10-11 22:43 - 2014-09-14 08:50 - 02935936 ____N (WordWeb Software) C:\Windows\wweb32.dll
2014-10-11 22:36 - 2014-10-11 22:41 - 21947320 _____ () C:\Users\Win 7\Downloads\wordweb7.exe
2014-10-11 22:17 - 2014-10-11 22:17 - 00049216 _____ () C:\Users\Win 7\Downloads\file crack-oald8.7z
2014-10-11 22:12 - 2014-10-11 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-10-11 22:05 - 2014-10-11 22:11 - 00000000 ____D () C:\Python34
2014-10-11 21:33 - 2014-10-11 21:41 - 24408064 _____ () C:\Users\Win 7\Downloads\python-3.4.1.msi
2014-10-11 19:28 - 2014-10-11 19:28 - 00009792 _____ () C:\Users\Win 7\Documents\cc_20141011_192755.reg
2014-10-11 19:16 - 2014-10-27 11:09 - 00004985 _____ () C:\Windows\setupact.log
2014-10-11 19:16 - 2014-10-11 19:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-09 22:30 - 2014-10-09 22:30 - 00117552 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmhgfs.sys
2014-10-09 22:30 - 2014-10-09 22:30 - 00063920 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx_svga.sys
2014-10-09 22:30 - 2014-10-09 22:30 - 00011696 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmmouse.sys
2014-10-09 22:29 - 2014-10-09 22:30 - 00019504 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmdebug.sys
2014-10-09 22:29 - 2014-10-09 22:29 - 00118784 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G60I32.sys
2014-10-09 22:29 - 2014-10-09 22:29 - 00054960 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys
2014-10-09 22:29 - 2014-10-09 22:29 - 00025008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmaudio.sys
2014-10-09 22:21 - 2014-10-09 22:21 - 00173232 _____ (VMware, Inc.) C:\Windows\system32\vmx_fb.dll
2014-10-09 22:21 - 2014-10-09 22:21 - 00111856 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMW32.dll
2014-10-09 22:21 - 2014-10-09 22:21 - 00035888 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
2014-10-09 22:21 - 2014-10-09 22:21 - 00016432 _____ (VMware, Inc.) C:\Windows\system32\vmx_mode.dll
2014-10-09 22:21 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIjpn.dll
2014-10-09 22:20 - 2014-10-09 22:21 - 00009104 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUIdeu.dll
2014-10-09 22:20 - 2014-10-09 22:20 - 00284016 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMon.dll
2014-10-09 22:20 - 2014-10-09 22:20 - 00079208 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonUI.dll
2014-10-09 22:20 - 2014-10-09 22:20 - 00023960 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMondeu.dll
2014-10-09 22:20 - 2014-10-09 22:20 - 00009632 _____ (ThinPrint GmbH) C:\Windows\system32\TPVMMonjpn.dll
2014-10-09 22:19 - 2014-10-09 22:20 - 00423208 _____ (ThinPrint GmbH) C:\Windows\system32\TPSvc.dll
2014-10-09 22:01 - 2014-10-09 22:01 - 00000000 ____D () C:\ProgramData\Weskysoft
2014-10-09 21:57 - 2014-10-09 21:57 - 00001030 _____ () C:\Users\Win 7\Desktop\DllSuite.lnk
2014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2014
2014-10-09 21:57 - 2014-10-09 21:57 - 00000000 ____D () C:\Program Files\DLLSuite
2014-10-09 21:50 - 2014-10-09 21:56 - 16578402 _____ ( ) C:\Users\Win 7\Downloads\DLLSuite_Setup.exe
2014-10-09 21:15 - 2013-04-11 16:12 - 00017344 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe
2014-10-08 22:14 - 2014-10-08 22:15 - 00004672 _____ () C:\Users\Win 7\Documents\cc_20141008_221441.reg
2014-10-08 22:05 - 2014-10-26 15:16 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 22:05 - 2014-10-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-08 21:57 - 2014-10-27 11:09 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 21:57 - 2014-10-27 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 21:56 - 2014-10-08 21:56 - 00895120 _____ (Google Inc.) C:\Users\Win 7\Downloads\ChromeSetup.exe
2014-10-08 21:41 - 2014-10-08 21:42 - 00244136 _____ () C:\Users\Win 7\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-08 21:34 - 2014-10-08 21:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-10-08 21:34 - 2014-10-08 21:36 - 00001950 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-10-08 21:33 - 2014-10-08 21:33 - 00000000 ____D () C:\Program Files\Adobe
2014-10-08 21:18 - 2014-10-26 17:10 - 00000000 ____D () C:\Users\Win 7\Documents\Janet Ocab
2014-10-08 21:12 - 2014-10-08 21:12 - 00001314 _____ () C:\Users\Win 7\Documents\cc_20141008_211207.reg
2014-10-08 21:10 - 2014-10-08 21:10 - 00069648 _____ () C:\Users\Win 7\Documents\cc_20141008_211010.reg
2014-10-08 20:52 - 2014-10-08 20:52 - 00000931 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-08 20:52 - 2014-10-08 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-08 20:51 - 2014-10-23 15:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-08 20:44 - 2014-10-08 20:49 - 04945978 _____ () C:\Users\Win 7\Downloads\CCleaner 4.07.4369 Busi_Pro (ChezzyB0x).zip
2014-10-08 13:06 - 2014-10-23 16:55 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-08 13:06 - 2014-10-23 16:55 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-08 13:06 - 2014-10-23 16:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-08 13:06 - 2014-10-23 16:55 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-08 13:06 - 2014-10-23 16:55 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-08 13:06 - 2014-10-23 16:55 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-08 13:06 - 2014-10-23 16:54 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-08 13:06 - 2014-10-23 16:54 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-10-08 13:02 - 2014-10-08 13:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Dropbox
2014-10-07 21:53 - 2014-10-07 21:53 - 01187697 _____ () C:\Windows\unins000.exe
2014-10-07 21:53 - 2014-10-07 21:53 - 00001231 _____ () C:\Windows\unins000.dat
2014-10-07 21:36 - 2014-10-07 22:43 - 00000000 ____D () C:\Windows\onhax-temp
2014-10-06 21:43 - 2014-10-26 15:17 - 00000000 ____D () C:\Program Files\RAR Password Unlocker
2014-10-06 21:23 - 2014-10-06 21:25 - 03220905 _____ () C:\Users\Win 7\Downloads\RAR Password Unlocker.rar
2014-10-05 21:22 - 2014-10-05 21:27 - 00000000 ____D () C:\Users\Win 7\Games
2014-10-05 21:21 - 2014-10-05 21:21 - 00000000 ____D () C:\Users\Win 7\Documents\Book PDFs
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 11:15 - 2009-07-14 12:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 11:12 - 2013-10-06 04:09 - 01376486 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 11:09 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 07:48 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\vlc
2014-10-27 07:46 - 2014-02-14 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 07:42 - 2014-04-24 22:35 - 00000000 ____D () C:\Program Files\Settings Manager
2014-10-26 23:21 - 2014-07-12 07:46 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Settings Manager
2014-10-26 23:20 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\Websave
2014-10-26 22:43 - 2014-07-30 20:13 - 00000000 ____D () C:\Users\Win 7\Documents\Adrian Ocab
2014-10-26 19:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
2014-10-26 17:11 - 2013-10-06 04:16 - 00000000 ____D () C:\Users\Win 7
2014-10-26 15:21 - 2013-10-06 04:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-26 15:16 - 2014-02-14 10:18 - 00001083 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-26 15:16 - 2014-02-14 10:18 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-26 15:16 - 2013-10-06 04:17 - 00001413 _____ () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 14:12 - 2014-03-01 22:12 - 00000294 _____ () C:\Windows\Tasks\SaveSense.job
2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ___RD () C:\Program Files\Skype
2014-10-26 13:34 - 2013-10-06 05:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-26 13:07 - 2013-10-06 04:20 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-26 01:59 - 2014-03-01 22:07 - 00000166 _____ () C:\Users\Win 7\AppData\Roaming\WB.CFG
2014-10-23 17:02 - 2014-02-14 11:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-23 17:02 - 2014-02-14 11:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-23 16:55 - 2014-04-27 17:35 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweeb
2014-10-11 21:45 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-09 22:26 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-08 22:20 - 2014-02-14 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-08 22:20 - 2013-10-06 04:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-08 22:17 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-08 22:10 - 2013-10-06 04:26 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Google
2014-10-08 22:04 - 2013-10-06 05:11 - 00000000 ____D () C:\Program Files\Google
2014-10-08 21:51 - 2014-07-12 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-08 21:39 - 2013-10-06 04:28 - 00000990 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-08 21:39 - 2013-10-06 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-08 21:34 - 2013-10-06 04:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-08 21:33 - 2013-10-06 04:29 - 00000000 ____D () C:\Users\Win 7\AppData\Local\Adobe
2014-10-08 21:16 - 2014-09-20 19:10 - 00000396 __RSH () C:\ProgramData\ntuser.pol
2014-10-08 21:06 - 2014-04-16 12:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 21:06 - 2013-10-06 05:06 - 00000000 ____D () C:\Windows\Panther
2014-10-08 13:07 - 2014-03-09 18:19 - 00000000 ____D () C:\Users\Win 7\AppData\Roaming\AVAST Software
2014-10-08 13:04 - 2013-10-06 04:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-08 12:59 - 2009-07-14 10:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-10-05 21:49 - 2013-10-29 04:31 - 00000000 ____D () C:\Users\Win 7\Downloads\Vanguard
2014-10-05 17:09 - 2009-07-14 12:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Win 7\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 00:48
 
==================== End Of Log ============================
 
_____ADDITION.txt log____
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by Win 7 at 2014-10-27 11:27:39
Running from C:\Users\Win 7\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Avast License by ZeNiX [2012-06-29] (HKLM\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version:  - )
Avast Pro Antivirus (HKLM\...\Avast) (Version: 10.0.2206 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)
DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.13 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Python 3.4.1 (HKLM\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-10-2014 11:01:43 Windows Backup
23-10-2014 07:36:51 avast! antivirus system restore point
26-10-2014 01:18:32 Removed Skype™ 5.5
26-10-2014 05:33:07 Installed Skype™ 6.16
26-10-2014 11:03:24 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {512DF5DE-C2AF-4642-95B1-BC2CE4809513} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6DD5CAB8-07A7-42CE-AEB2-DD4EBA25FDC3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)
Task: {7352BBCD-1A25-41D7-9E1E-AFD10A4280A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)
Task: {94FA5128-A5CD-475D-9447-5DF7F04BAC78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-08] (Google Inc.)
Task: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTION
Task: {C212E93C-5146-48C1-8B4A-1F48DCEB01C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {D173A1C9-5D1E-4B1F-8FC2-3F12B8785737} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-23 15:21 - 2014-10-07 23:49 - 00217600 _____ () C:\Program Files\AVAST Software\Avast\USERENV.dll
2014-10-27 07:45 - 2014-10-27 07:45 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102601\algo.dll
2014-10-23 16:55 - 2014-10-23 16:55 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-08 22:04 - 2014-10-07 12:22 - 09008456 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\pdf.dll
2014-10-08 22:04 - 2014-10-07 12:22 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.13\ffmpegsumo.dll
2014-10-09 20:00 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-09 20:00 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:538DC028
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: msiserver => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4157116677-2462151510-724841161-500 - Administrator - Disabled)
Guest (S-1-5-21-4157116677-2462151510-724841161-501 - Limited - Disabled)
Win 7 (S-1-5-21-4157116677-2462151510-724841161-1000 - Administrator - Enabled) => C:\Users\Win 7
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2014 00:05:27 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\fd97d04c-f56a-4ce3-ba7d-dd4c72d762a5.dmp
 
Error: (10/26/2014 07:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 6.8.0.112, time stamp: 0x533db3ab
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x006f00c4
Faulting process id: 0x240
Faulting application start time: 0xUpdater.exe0
Faulting application path: Updater.exe1
Faulting module path: Updater.exe2
Report Id: Updater.exe3
 
Error: (10/23/2014 05:50:50 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.13;lang=;guid=F13992ECA1624D3A8566CB3062895A98;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\abbad8e7-8306-4202-ae3d-2583726dd803.dmp
 
Error: (10/23/2014 05:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/23/2014 05:09:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/23/2014 04:59:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/23/2014 03:36:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fd52f1f1-e546-4a7b-b27a-5d590ec055ea}
 
Error: (10/23/2014 03:14:20 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0x80070005.
 
Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Win7-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (10/23/2014 03:13:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Win7-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
 
System errors:
=============
Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_NUM
 
Error: (10/27/2014 11:09:25 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_COMPLETE
 
Error: (10/27/2014 11:09:23 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_REQUEST
 
Error: (10/27/2014 11:09:01 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: RT_INIT_OK
 
Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_NUM
 
Error: (10/27/2014 07:57:43 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_COMPLETE
 
Error: (10/27/2014 07:57:42 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_REQUEST
 
Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_NUM
 
Error: (10/27/2014 07:42:49 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_COMPLETE
 
Error: (10/27/2014 07:42:48 AM) (Source: RTL8192Ce) (EventID: 0) (User: )
Description: OID_SCAN_REQUEST
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Atom CPU N455 @ 1.66GHz
Percentage of memory in use: 87%
Total physical RAM: 1013.42 MB
Available physical RAM: 129.9 MB
Total Pagefile: 2037.42 MB
Available Pagefile: 548.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.42 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:98.02 GB) (Free:78.11 GB) NTFS
Drive d: (Storage Area) (Fixed) (Total:134.76 GB) (Free:37.58 GB) NTFS
Drive f: (ADRIAN) (Fixed) (Total:3.73 GB) (Free:2.56 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A884B3F9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: FC00FEC8)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End Of Log ============================
 
 
i hope I get the reply soon... Thanks
Link to post
Share on other sites

oops i forgot my malwarebytes log scan here it is..

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/27/2014
Scan Time: 11:17:22 AM
Logfile: aaa.txt
Administrator: No
 
Version: 2.00.3.1025
Malware Database: v2014.10.26.08
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Win 7
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 284402
Time Elapsed: 19 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 32
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd0202ch");), Replaced,[7c4527f06a122a0cfe19ec77cc390ff1]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn application exits.
 *
out:config
 */
), Replaced,[e8d918ffde9e3ff776a14a19f31202fe]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (lication is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.u), Replaced,[378a8a8dbac2d85e7f98164d1de814ec]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (.update.lastUpdateTime.addon-background-update-ti), Replaced,[536e2beccfad9e98c6519ac942c332ce]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn a), Replaced,[2899af68b1cbca6c9b7c570ca461f10f]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn a), Replaced,[7051d4434e2e48eecc4b342f9273de22]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e changes to this file while the application is runn), Replaced,[9e233add4c308bab1700e182d33232ce]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn ), Replaced,[17aaa3746f0dbd794ccb194aaf567090]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);
user_pref("app.update.migrated.updateDir", true);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("brows), Replaced,[4a777b9caece84b28c8bf76cb35251af]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (k.smart_size.first_run", false);
user_pref("browser.cach), Replaced,[d0f12ee926569d9920f7ec77778e9a66]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (s to this file while the application is runn applica), Replaced,[962b18ff4b3146f01601d2918e77dc24]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits.
 *
out:con), Replaced,[645d5bbcf983df57f126e97a5ea738c8]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (e application is runn application exits.
 *
out), Replaced,[edd47b9ce795bc7a1ef94f1461a4c13f]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[645db5623b4133030413085b72938080]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-update-timer", 1405167050);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",h-engine-update-timer", 1405166689);
user_pref("app.update.migrated.updateDir", true);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.smart_size.first_run", fals), Replaced,[ad1473a45a22a98dbc5b243fb2534fb1]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (6689);
user_pref("app.update.migrated.updateDir", true);
u), Replaced,[2b9641d6ec90af87be59b2b10500b947]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (o this file while the application is runn application e), Replaced,[4c751cfb463665d18f88bda66a9b639d]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn app), Replaced,[af1254c398e454e2a1766df6eb1a8d73]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.update.lasf("app.update.lastUpdateTime.), Replaced,[dbe6d83f0a729a9c0d0a80e3c04536ca]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-backgrou), Replaced,[b011be59116bcd696bac43207293da26]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ile while the application is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-background-u), Replaced,[a61b140395e7a690f81ff56e31d48b75]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (f("app.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[566b4acd1f5ddf5730e7c0a350b56e92]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (to this file while the application is runn application exits.), Replaced,[8839fb1cc8b40234d54298cbe12412ee]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( this file while the application is runn applica), Replaced,[754c4acdb0cc2c0a958243205fa6c33d]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn applicati), Replaced,[0cb5cb4c710bd0666aada2c11de88e72]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (his file while the application is runn application e), Replaced,[517062b53943bc7a37e0b0b35ea77a86]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn application exits.
 *
out:config
 */
 
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1405166930);
user_pref("app.update.lasf("app.update.lastUpdateTime.blocklist-b), Replaced,[3190fe19730934025abd0e5551b4e818]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (p.update.lasf("app.update.lastUpdateTime.blocklist-bac), Replaced,[c3feb6610775a78fd74001628b7ac13f]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (nges to this file while the application is runn applica), Replaced,[a31e33e4eb91f83ee23585de9570fc04]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: ( changes to this file while the application is runn a), Replaced,[3d848c8b83f98da948cfe97a2fd6e51b]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (anges to this file while the application is runn applic), Replaced,[5d64987f87f576c043d4e97a8a7b1ee2]
PUP.Optional.MySearchDial.A, C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\prefs.js, Good: (), Bad: (ges to this file while the application is runn application exits.), Replaced,[cef38f8865173204d93eafb49273de22]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Hi this is the fixlog.txt content ^_^

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014

Ran by Win 7 at 2014-10-29 17:34:48 Run:1

Running from C:\Users\Win 7\Downloads

Loaded Profile: Win 7 (Available profiles: Win 7)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll

HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}

SearchScopes: HKCU - {38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA} URL = http://start.mysearc...=1364401586&ir=

SearchScopes: HKCU - {808CBB34-480E-4919-ADB6-C0EF9B3003CA} URL = http://start.mysearc...=1073193372&ir=

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}

SearchScopes: HKCU - {B2DF85AF-97B1-48FB-93D9-FC43B6CD6057} URL = http://start.mysearc...=1073193372&ir=

SearchScopes: HKCU - {E9D6D35D-B34D-4370-8681-14D0E296E86E} URL = http://start.mysearc...=1073193372&ir=

CHR dev: Chrome dev build detected! <======= ATTENTION

2014-10-23 14:52 - 2014-03-27 17:12 - 00000000 ____D () C:\ProgramData\saafeeweeb

Task: {A6C121AC-EA8C-4175-83BB-5B29F18078C9} - \SaveSense No Task File <==== ATTENTION

Task: C:\Windows\Tasks\SaveSense.job => C:\Users\WIN7~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

c:\program files\settings manager

C:\Program Files\Settings Manager

End

*****************

 

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.

"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key deleted successfully.

"HKCR\CLSID\{38DBC5C1-1AEB-4F04-A5EC-DE03E8BAC1DA}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key deleted successfully.

"HKCR\CLSID\{808CBB34-480E-4919-ADB6-C0EF9B3003CA}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully.

"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key deleted successfully.

"HKCR\CLSID\{B2DF85AF-97B1-48FB-93D9-FC43B6CD6057}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key deleted successfully.

"HKCR\CLSID\{E9D6D35D-B34D-4370-8681-14D0E296E86E}" => Key not found.

CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.

C:\ProgramData\saafeeweeb => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C121AC-EA8C-4175-83BB-5B29F18078C9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense" => Key deleted successfully.

C:\Windows\Tasks\SaveSense.job => Moved successfully.

c:\program files\settings manager => Moved successfully.

"C:\Program Files\Settings Manager" => File/Directory not found.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

Well done! :)

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here it is... Running combofix scared me to death btw... 

 

ComboFix 14-10-29.01 - Win 7 10/30/2014   8:40.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1013.357 [GMT 8:00]

Running from: c:\users\Win 7\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\background.html

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\content.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\lsdb.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\manifest.json

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dkmlhkdhhopeohnfpoipmgffljmbfidc\1.1\sKBE.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\background.html

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\content.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\lsdb.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\LwtZBhJVZ.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\112\manifest.json

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\background.html

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\content.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\lsdb.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\manifest.json

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mkmknlenppbnjpbfjghjjmdjddadomhk\3.7\xwfGfSGrNVF.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\background.html

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\content.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\lsdb.js

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\manifest.json

c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ppmpjjklcmpaealfmgmcpdbhadejpcom\1.0\nSRcXSUhez.js

c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkmknlenppbnjpbfjghjjmdjddadomhk_0.localstorage

c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ppmpjjklcmpaealfmgmcpdbhadejpcom_0.localstorage

c:\users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-30  )))))))))))))))))))))))))))))))

.

.

2014-10-30 01:00 . 2014-10-30 01:01 -------- d-----w- c:\users\Win 7\AppData\Local\temp

2014-10-30 01:00 . 2014-10-30 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-27 12:15 . 2014-10-27 12:15 -------- d-----w- c:\program files\Skype

2014-10-27 03:24 . 2014-10-29 09:46 -------- d-----w- C:\FRST

2014-10-26 19:35 . 2014-10-27 18:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A4E143-82F9-4AB5-867B-00C637E27B76}\offreg.dll

2014-10-26 09:01 . 2014-10-26 09:01 -------- d-----w- c:\users\Win 7\AppData\Local\ElevatedDiagnostics

2014-10-26 08:47 . 2014-10-30 00:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-26 08:46 . 2014-10-01 03:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-26 08:46 . 2014-10-01 03:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-26 08:46 . 2014-10-01 03:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-10-26 08:46 . 2014-10-26 08:46 -------- d-----w- c:\programdata\Malwarebytes

2014-10-26 07:24 . 2014-10-26 07:24 -------- d-----w- c:\users\Win 7\.idlerc

2014-10-26 05:35 . 2014-10-26 05:35 -------- d-----w- c:\users\Win 7\AppData\Local\Skype

2014-10-26 05:34 . 2014-10-27 12:26 -------- d-----w- c:\users\Win 7\AppData\Roaming\Skype

2014-10-26 05:34 . 2014-10-26 05:34 -------- d-----w- c:\program files\Common Files\Skype

2014-10-25 12:08 . 2014-10-25 12:09 348160 ----a-w- c:\windows\system32\msvcr71.dll

2014-10-24 12:34 . 2014-10-24 12:34 -------- d-----w- c:\program files\Common Files\Steam

2014-10-23 08:55 . 2014-10-23 08:55 291352 ----a-w- c:\windows\system32\aswBoot.exe

2014-10-23 08:55 . 2014-10-23 08:55 43152 ----a-w- c:\windows\avastSS.scr

2014-10-11 14:46 . 2014-10-11 15:06 -------- d-----w- c:\users\Win 7\AppData\Roaming\WordWeb

2014-10-11 14:43 . 2014-09-14 00:50 2935936 ------w- c:\windows\wweb32.dll

2014-10-11 14:43 . 2014-10-11 15:04 -------- d-----w- c:\program files\WordWeb

2014-10-11 14:05 . 2014-10-11 14:11 -------- d-----w- C:\Python34

2014-10-09 14:30 . 2014-10-09 14:30 63920 ----a-w- c:\windows\system32\drivers\vmx_svga.sys

2014-10-09 14:30 . 2014-10-09 14:30 11696 ----a-w- c:\windows\system32\drivers\vmmouse.sys

2014-10-09 14:30 . 2014-10-09 14:30 117552 ----a-w- c:\windows\system32\drivers\vmhgfs.sys

2014-10-09 14:29 . 2014-10-09 14:30 19504 ----a-w- c:\windows\system32\drivers\vmdebug.sys

2014-10-09 14:29 . 2014-10-09 14:29 54960 ----a-w- c:\windows\system32\drivers\vmci.sys

2014-10-09 14:29 . 2014-10-09 14:29 25008 ----a-w- c:\windows\system32\drivers\vmaudio.sys

2014-10-09 14:29 . 2014-10-09 14:29 118784 ----a-w- c:\windows\system32\drivers\E1G60I32.sys

2014-10-09 14:28 . 2014-10-09 14:29 368749 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll

2014-10-09 14:21 . 2014-10-09 14:21 16432 ----a-w- c:\windows\system32\vmx_mode.dll

2014-10-09 14:21 . 2014-10-09 14:21 173232 ----a-w- c:\windows\system32\vmx_fb.dll

2014-10-09 14:21 . 2014-10-09 14:21 35888 ----a-w- c:\windows\system32\vmhgfs.dll

2014-10-09 14:21 . 2014-10-09 14:21 111856 ----a-w- c:\windows\system32\TPVMW32.dll

2014-10-09 14:21 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIjpn.dll

2014-10-09 14:20 . 2014-10-09 14:21 9104 ----a-w- c:\windows\system32\TPVMMonUIdeu.dll

2014-10-09 14:20 . 2014-10-09 14:20 79208 ----a-w- c:\windows\system32\TPVMMonUI.dll

2014-10-09 14:20 . 2014-10-09 14:20 9632 ----a-w- c:\windows\system32\TPVMMonjpn.dll

2014-10-09 14:20 . 2014-10-09 14:20 23960 ----a-w- c:\windows\system32\TPVMMondeu.dll

2014-10-09 14:20 . 2014-10-09 14:20 284016 ----a-w- c:\windows\system32\TPVMMon.dll

2014-10-09 14:19 . 2014-10-09 14:20 423208 ----a-w- c:\windows\system32\TPSvc.dll

2014-10-09 14:01 . 2014-10-09 14:01 -------- d-----w- c:\programdata\Weskysoft

2014-10-09 13:57 . 2014-10-09 13:57 -------- d-----w- c:\program files\DLLSuite

2014-10-09 13:15 . 2014-10-09 13:15 -------- d-----w- c:\programdata\Logs

2014-10-09 13:15 . 2013-04-11 08:12 17344 ----a-w- c:\windows\system32\roboot.exe

2014-10-08 12:51 . 2014-10-23 07:26 -------- d-----w- c:\program files\CCleaner

2014-10-08 05:06 . 2014-10-23 08:55 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-10-08 05:06 . 2014-10-23 08:55 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-10-08 05:06 . 2014-10-23 08:55 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-08 05:06 . 2014-10-23 08:55 422760 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-10-08 05:06 . 2014-10-23 08:55 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-08 05:06 . 2014-10-23 08:55 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-10-08 05:06 . 2014-10-23 08:54 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-10-08 05:06 . 2014-10-23 08:54 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-10-08 05:02 . 2014-10-08 05:04 -------- d-----w- c:\programdata\AVAST Software

2014-10-07 14:43 . 2014-10-07 14:43 -------- d-----w- c:\users\Win 7\AppData\Roaming\Dropbox

2014-10-07 13:53 . 2014-10-07 13:53 1187697 ----a-w- c:\windows\unins000.exe

2014-10-07 13:36 . 2014-10-07 14:43 -------- d-----w- c:\windows\onhax-temp

2014-10-06 13:43 . 2014-10-26 07:17 -------- d-----w- c:\program files\RAR Password Unlocker

2014-10-05 13:22 . 2014-10-05 13:27 -------- d-----w- c:\users\Win 7\Games

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-23 09:02 . 2014-02-14 03:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-10-23 09:02 . 2014-02-14 03:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-10-23 08:55 . 2014-04-27 09:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-08-16 12:57 . 2014-08-26 03:53 24224 ----a-w- c:\program files\Sony.vshost.exe

2014-08-15 03:06 . 2014-08-26 03:53 32768 ----a-w- c:\program files\Chrome Update.exe

2014-08-15 03:02 . 2014-08-26 03:53 33792 ----a-w- c:\program files\Sony.exe

2014-08-11 23:11 . 2014-08-26 03:53 251392 ----a-w- c:\program files\Survey Killer.exe

2010-08-28 14:36 . 2014-08-26 03:53 96256 ----a-w- c:\program files\WebKitBrowser.dll

2010-08-28 14:36 . 2014-08-26 03:53 131072 ----a-w- c:\program files\WebKit.Interop.dll

2010-08-28 07:41 . 2014-08-26 03:53 8002048 ----a-w- c:\program files\WebKit.dll

2010-08-28 06:29 . 2014-08-26 03:53 1059328 ----a-w- c:\program files\JavaScriptCore.dll

2009-12-11 02:19 . 2014-08-26 03:53 862208 ----a-w- c:\program files\CFLite.dll

2009-12-11 02:16 . 2014-08-26 03:53 121344 ----a-w- c:\program files\objc.dll

2009-12-11 01:58 . 2014-08-26 03:53 13911552 ----a-w- c:\program files\icudt40.dll

2009-12-11 01:56 . 2014-08-26 03:53 1245184 ----a-w- c:\program files\icuin40.dll

2009-12-11 01:55 . 2014-08-26 03:53 1079296 ----a-w- c:\program files\icuuc40.dll

2009-12-11 01:40 . 2014-08-26 03:53 49664 ----a-w- c:\program files\pthreadVC2.dll

2009-12-11 01:34 . 2014-08-26 03:53 225280 ----a-w- c:\program files\libcurl.dll

2009-12-11 01:25 . 2014-08-26 03:53 200704 ----a-w- c:\program files\ssleay32.dll

2009-12-11 01:25 . 2014-08-26 03:53 1017344 ----a-w- c:\program files\libeay32.dll

2009-12-10 08:53 . 2014-08-26 03:53 61952 ----a-w- c:\program files\libexslt.dll

2009-12-10 08:52 . 2014-08-26 03:53 170496 ----a-w- c:\program files\libxslt.dll

2009-12-10 08:43 . 2014-08-26 03:53 1919488 ----a-w- c:\program files\libxml2.dll

2009-12-10 01:48 . 2014-08-26 03:53 412160 ----a-w- c:\program files\SQLite3.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-23 08:55 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2014-07-05 80000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-23 5223016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-10-01 15:43 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-10-01 15:43 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2011-06-16 14:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-10-01 15:43 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-03-11 01:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-23 91496]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-21 194664]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-10-23 26136]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-10-23 787800]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-23 422760]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-23 24184]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-23 70384]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-30 114904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-07 322664]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016]

S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-29 10:07 1087304 ----a-w- c:\program files\Google\Chrome\Application\40.0.2202.3\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-14 09:02]

.

2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57]

.

2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-08 13:57]

.

.

------- Supplementary Scan -------

.




IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\3535A424F514355535: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{992E7726-5942-4701-81AE-909E73DB38B9}\A616E65647F5F6361626: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bdb98jlc.default\

FF - prefs.js: browser.search.defaulturl - hxxps://ph.search.yahoo.com/yhs/search

FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)

FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl

FF - prefs.js: keyword.URL - hxxps://ph.search.yahoo.com/yhs/search

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

MSConfigStartUp-RtHDVBg - c:\program files\Realtek\Audio\HDA\RtHDVBg.exe

MSConfigStartUp-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-10-30  09:05:28

ComboFix-quarantined-files.txt  2014-10-30 01:05

.

Pre-Run: 81,033,146,368 bytes free

Post-Run: 80,869,654,528 bytes free

.

- - End Of File - - 47E79FB51C3513904B7F3621B47CAB6A

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Full Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Malwarebytes' Anti-Malware log
    • ESET Online Scanner log
Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.