Jump to content

Recommended Posts

I'm having trouble removing "TrojanClicker:JS/Chroject.A" from my pc. Microsoft Security Essentials constantly detects it, but as soon as it is removed, it comes back. I'm pretty much a computer noob, so I'm relying on the intellect and generousity of this forum to help me fix my pc. Thank you for helping!

 

I've already ran Malwarebytes anti-malware and quarintined threats. I apologize for taking action on my own, but I just found this forum after realizing that the TrojanClicker:JS/Croject.A is still on my PC. I'm running Windows 7 64 bit. I ran FRST and will attach the files. Thank you again for helping.

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello akaLethal, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 

I apologize for taking action on my own

Not a problem. 
 
Please work your way through the following. 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exe(Google Inc.) C:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirv\zcvlhkawngzw\Zuyrhtjreygq.exeC:\Users\Admin\AppData\LocalLow\EmieSiteList\sezovopqwirvHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\Run: [Sweggnoj] => regsvr32.exe /s "C:\Users\Admin\AppData\Local\58f0589f-a561-4667-5773-4c7f2ba23b10\Sweggnoj.dll" <===== ATTENTIONC:\Users\Admin\AppData\Local\58f0589f-a561-4667-5773-4c7f2ba23b10HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\MountPoints2: {0cf26b23-0f2f-11e3-a879-a4badbfb40f2} - F:\TL-Bootstrap.exeHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\MountPoints2: {0cf26b36-0f2f-11e3-a879-a4badbfb40f2} - F:\TLBootstrap_WPP.exeHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\MountPoints2: {0cf26c4f-0f2f-11e3-a879-a4badbfb40f2} - F:\MotoCastSetup.exe -aHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\MountPoints2: {1ddb4c7a-db38-11e3-8557-a4badbfb40f2} - F:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\MountPoints2: {80984420-ab1b-11e3-8f37-806e6f6e6963} - F:\TL-Bootstrap.exeHKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/SearchScopes: HKCU - {D1BFB61D-2524-4C81-9F58-085523C23FD2} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.15.1.20&apn_uid=1F5600AD-D1F2-4D2A-A6B5-2B78500AF007&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17207&doi=2014-08-02&trgb=IE&q={searchTerms}&psv=&pt=tb2014-11-05 14:32 - 2014-11-05 14:32 - 00004040 _____ () C:\Windows\System32\Tasks\{29F6539F-318F-3007-3AC4-DDBAB36BDA4B}2014-11-05 14:32 - 2014-11-05 14:32 - 00000000 _____ () C:\Users\Admin\AppData\Roaming\mswjwi.dll2014-10-24 14:41 - 2014-10-24 14:42 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-22 21:59 - 2014-10-27 13:59 - 00000000 ____D () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}C:\Users\Admin\AppData\Local\Temp\APNSetup.exeC:\Users\Admin\AppData\Local\Temp\HiPatchSelfUpdateWindow.exeC:\Users\Admin\AppData\Local\Temp\HiRezLauncherControls.dllC:\Users\Admin\AppData\Local\Temp\install_flashplayer11x32ax_aaa_aih.exeC:\Users\Admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Admin\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Admin\AppData\Local\Temp\ose00000.exeC:\Users\Admin\AppData\Local\Temp\SAS6_Update.exeC:\Users\Admin\AppData\Local\Temp\SkypeSetup.exeC:\Users\Admin\AppData\Local\Temp\vymalru.dllCustomCLSID: HKU\S-1-5-21-1838106421-2317848846-1109280923-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?AlternateDataStreams: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766AlternateDataStreams: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964AlternateDataStreams: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923Task: {05D3DCA2-B794-4503-A644-5DB08442052E} - System32\Tasks\{29F6539F-318F-3007-3AC4-DDBAB36BDA4B} => C:\Users\Admin\AppData\Roaming\vclcog.dll/s "C:\Users\Admin\AppData\Roaming\vclcog.dll" <==== ATTENTIONC:\Users\Admin\AppData\Roaming\vclcog.dllFolder: C:\Users\Admin\AppDataCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file in your next reply!
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

 
======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • MBAM log
  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Thank you for the help so far, Adam. You may call address me by Wilson if you wish.

 

   I'm still on step one. I copied the fixlist.txt file as you said and it is located in a folder on the desktop along with FRST64.exe. I ran the program as admin and clicked fix. Is it supposed to take a long time? It's been running for approximately 20 minutes now and a log has not yet popped up. Ever since the pc became infected, some programs grind to a halt. That could be what's happening.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/10/2014
Scan Time: 1:04:01 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.10.02
Rootkit Database: v2014.11.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317040
Time Elapsed: 9 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 01:26:44
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\Virus stuff\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\KeyDownload
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Admin\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1303 octets] - [10/11/2014 01:19:01]
AdwCleaner[s0].txt - [1196 octets] - [10/11/2014 01:26:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1256 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Mon 11/10/2014 at  1:35:32.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\q5rp5zm3.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\q5rp5zm3.default\minidumps [30 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/10/2014 at  1:38:41.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Admin (administrator) on ADMIN-PC on 10-11-2014 01:44:03
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [139944 2009-07-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-11-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058592 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-31] (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E7DD860908CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default
FF DefaultSearchEngine: YouTube
FF SelectedSearchEngine: YouTube
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1838106421-2317848846-1109280923-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1838106421-2317848846-1109280923-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\searchplugins\youtube.xml
FF Extension: Master Password+ - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\masterpasswordtimeoutplus@vano [2014-10-14]
FF Extension: Microsoft IMAPI v2, Raw CD Image Creator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\{2574A29F-2141-5F89-F0D9-B13A35E17F90} [2014-10-30]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\firefox@ghostery.com.xpi [2014-10-30]
FF Extension: TinEye Reverse Image Search - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\tineye@ideeinc.com.xpi [2013-11-11]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-22]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-22]
FF Extension: Tab Mix Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q5rp5zm3.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-22]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Microsoft IMAPI v2, Raw CD Image Creator) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-21]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-21]
CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-21]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-25] (SUPERAntiSpyware.com)
R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2009-07-01] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1054888 2009-07-01] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [602792 2009-07-01] ( )
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-03] (Hi-Rez Studios) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 01:38 - 2014-11-10 01:38 - 00000907 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-11-10 01:35 - 2014-11-10 01:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 00:39 - 2014-11-10 00:39 - 00005111 _____ () C:\Users\Admin\Desktop\fixlist.txt
2014-11-09 23:36 - 2014-11-10 01:26 - 00000000 ____D () C:\AdwCleaner
2014-11-09 22:11 - 2014-11-09 22:11 - 00018271 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-11-09 22:10 - 2014-11-10 01:44 - 00010958 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-11-09 22:09 - 2014-11-10 01:44 - 00000000 ____D () C:\FRST
2014-11-09 22:09 - 2014-11-10 00:38 - 00000000 ____D () C:\Users\Admin\Desktop\Virus stuff
2014-11-09 22:08 - 2014-11-09 22:08 - 02116096 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-11-09 20:27 - 2014-11-10 01:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 20:26 - 2014-11-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 20:26 - 2014-11-09 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 20:26 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-09 20:26 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-09 20:22 - 2014-11-09 20:22 - 00003480 ____N () C:\bootsqm.dat
2014-11-09 20:20 - 2014-11-09 20:20 - 00000000 __SHD () C:\found.000
2014-11-06 21:31 - 2014-11-06 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 22:28 - 2014-11-05 22:28 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-30 15:43 - 2014-11-05 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Odics
2014-10-30 15:43 - 2014-11-05 12:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Idsoft
2014-10-14 18:22 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 18:22 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 18:22 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 18:22 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 18:22 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 18:22 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 18:22 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 18:22 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 18:22 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 18:22 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 18:22 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 18:22 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 18:22 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 18:22 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 18:22 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 18:22 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 18:22 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 18:22 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 18:22 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 18:22 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 18:22 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 18:22 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 18:22 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 18:22 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 18:22 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 18:22 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 18:22 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 18:22 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 18:22 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 18:22 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 18:22 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 18:22 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 18:22 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 18:22 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 18:22 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 18:22 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 18:22 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 18:22 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 18:22 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 18:22 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 18:22 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 18:22 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 18:22 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 18:22 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 18:22 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 18:22 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 18:22 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 18:22 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 18:22 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 18:22 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 18:22 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 18:22 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 18:22 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 18:22 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 18:22 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 18:22 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 18:22 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 18:22 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 18:22 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 18:22 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 18:22 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 18:22 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 18:22 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 18:22 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 18:22 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 18:22 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 18:22 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 18:22 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 18:22 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 18:22 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 18:22 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 18:22 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 18:22 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 18:22 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 18:22 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 18:22 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 18:22 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 18:22 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 18:22 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 18:22 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 18:22 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 18:22 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 18:22 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 18:22 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:22 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 18:22 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 18:22 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 18:22 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 18:22 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 18:22 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 18:22 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 18:22 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 18:22 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 18:22 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 18:22 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 18:22 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 18:22 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 18:22 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 18:19 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 18:19 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 18:19 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 18:19 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 18:19 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 18:19 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 18:19 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 18:19 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 18:19 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 18:19 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 18:19 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 18:19 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 18:19 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 18:19 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 18:19 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 18:19 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 18:18 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 18:18 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 18:18 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 18:18 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-13 21:45 - 2014-10-13 21:46 - 00000000 ____D () C:\Users\Admin\Desktop\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 01:44 - 2013-07-28 16:32 - 01210863 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 01:35 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 01:35 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 01:32 - 2009-07-14 00:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 01:29 - 2013-08-26 09:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-11-10 01:28 - 2014-07-08 19:43 - 00004229 _____ () C:\ProgramData\dleascan.log
2014-11-10 01:28 - 2013-12-24 14:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-10 01:28 - 2013-07-31 03:05 - 00337798 _____ () C:\Windows\PFRO.log
2014-11-10 01:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 01:28 - 2009-07-13 23:51 - 00043997 _____ () C:\Windows\setupact.log
2014-11-10 01:18 - 2013-07-29 14:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 00:49 - 2014-02-03 21:22 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1838106421-2317848846-1109280923-1001.job
2014-11-09 20:51 - 2013-12-24 14:25 - 00001965 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-09 20:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-09 20:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-09 20:26 - 2013-12-24 14:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-11-09 20:26 - 2013-12-24 14:23 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 20:26 - 2013-12-24 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 20:26 - 2013-12-24 14:23 - 00000000 ____D () C:\Malwarebytes' Anti-Malware
2014-11-09 19:59 - 2013-07-29 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 16:20 - 2014-02-03 21:22 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1838106421-2317848846-1109280923-1001
2014-11-05 22:28 - 2013-07-29 15:47 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-05 13:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 12:38 - 2013-07-28 16:32 - 00000000 ____D () C:\Users\Admin
2014-10-30 06:25 - 2013-07-28 16:48 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 10:10 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-29 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-29 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-29 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-29 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 10:07 - 2014-10-09 10:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 10:07 - 2013-08-26 09:24 - 00000000 ____D () C:\ProgramData\Skype
2014-10-29 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-29 10:05 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-28 02:03 - 2013-07-29 15:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 19:52 - 2013-07-30 08:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-10-15 02:24 - 2009-07-13 23:45 - 00307352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:05 - 2014-02-12 00:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:01 - 2013-07-29 13:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 02:39

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Admin at 2014-11-10 01:44:46
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
join.me (HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\JoinMe) (Version: 1.12.2.140 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Unity Web Player (HKU\S-1-5-21-1838106421-2317848846-1109280923-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1838106421-2317848846-1109280923-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

02-11-2014 08:47:18 Windows Update
05-11-2014 17:33:10 Windows Update
05-11-2014 18:09:22 Restore Operation
09-11-2014 04:23:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {B8498F6B-53A9-4009-AA24-39DFCC9105FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-03] (Adobe Systems Incorporated)
Task: {C054FFA7-5E73-4032-8DDC-23EC1E5E2AEF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1838106421-2317848846-1109280923-1001 => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1838106421-2317848846-1109280923-1001.job => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-08 19:44 - 2009-06-19 04:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2014-07-08 19:43 - 2009-07-01 08:13 - 00033448 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2014-07-08 19:43 - 2009-07-10 09:06 - 00766632 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2014-07-08 19:43 - 2009-07-10 09:06 - 00139944 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2014-07-08 19:42 - 2009-05-26 15:17 - 00086118 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2014-07-08 19:43 - 2009-05-29 09:08 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2014-07-08 19:43 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2014-07-08 19:43 - 2009-05-29 09:09 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2014-07-08 19:43 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2014-07-08 19:43 - 2009-03-05 12:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2014-07-08 19:43 - 2009-06-22 08:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2014-07-08 19:43 - 2009-06-22 08:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2014-07-08 19:43 - 2009-06-22 08:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2014-07-08 19:43 - 2009-06-22 08:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2014-07-08 19:43 - 2009-06-22 08:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2014-07-08 19:43 - 2009-06-22 08:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2014-07-08 19:43 - 2009-06-22 08:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2014-07-08 19:43 - 2009-06-22 08:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2014-07-08 19:43 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2014-07-08 19:43 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2014-11-06 21:31 - 2014-11-06 21:31 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-1838106421-2317848846-1109280923-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1838106421-2317848846-1109280923-500 - Administrator - Disabled)
Guest (S-1-5-21-1838106421-2317848846-1109280923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1838106421-2317848846-1109280923-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 22%
Total physical RAM: 12278.97 MB
Available physical RAM: 9558.59 MB
Total Pagefile: 24556.13 MB
Available Pagefile: 21819.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:373.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E22A5BB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

I hope I did everything right. Thank you for walking me through this so far.

Fixlog.txt

Link to post
Share on other sites

Hello Wilson, 
 
Those logs are looking much better.
But the Script did not complete. 
 
Please run this. There's more than likely malware hiding in your AppData folder, and we need to find it. Allow this to run for as long as it needs. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startFolder: C:\Users\Admin\AppDataend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file in your next reply.
Link to post
Share on other sites

I just ran FarBar after deleting the old fixlist.txt and creating the new one that you instructed. It ran for over an hour and it opened fixlog.txt when it finished. The entire content of the fixlog.txt is:

 

==== End of Fixlog ====

 

That's it. No other text. I reread your instructions and I'm pretty sure I've done everything correctly.

Link to post
Share on other sites

Strange. 

Lets try it a different way. 

 

MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offdir C:\Users\Admin\AppData /s > "%userprofile%\desktop\dirlook.txt"del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Once the black Command Prompt disappears, attach dirlook.txt (found on your Desktop) to your next post.
Link to post
Share on other sites

Hi Wilson, 
 
Please provide an update on your computer after completing the steps below. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-10-30 15:43 - 2014-11-05 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Odics2014-10-30 15:43 - 2014-11-05 12:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\IdsoftC:\Users\Admin\AppData\LocalLow\Sun\sezovopqwirvC:\Users\Admin\AppData\LocalLow\Unity\LzsnbjjxEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • TDSSKiller log (attached!)
  • ESET Online Scan log
  • Update on computer
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Admin at 2014-11-10 13:52:29 Run:5
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-10-30 15:43 - 2014-11-05 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Odics
2014-10-30 15:43 - 2014-11-05 12:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Idsoft
C:\Users\Admin\AppData\LocalLow\Sun\sezovopqwirv
C:\Users\Admin\AppData\LocalLow\Unity\Lzsnbjjx
EmptyTemp:
end
*****************

C:\Users\Admin\AppData\Local\Odics => Moved successfully.
C:\Users\Admin\AppData\Local\Idsoft => Moved successfully.
C:\Users\Admin\AppData\LocalLow\Sun\sezovopqwirv => Moved successfully.
C:\Users\Admin\AppData\LocalLow\Unity\Lzsnbjjx => Moved successfully.
EmptyTemp: => Removed 10.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

 

 

 

 

 

C:\FRST\Quarantine\C\Users\Admin\AppData\Local\58f0589f-a561-4667-5773-4c7f2ba23b10\Sweggnoj.dll    a variant of Win32/Kryptik.CPTK trojan
C:\FRST\Quarantine\C\Users\Admin\AppData\Local\Temp\APNSetup.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\FRST\Quarantine\C\Users\Admin\AppData\Local\Temp\vymalru.dll.xBAD    a variant of Win32/Kryptik.CPTK trojan
C:\Users\Admin\Downloads\cbsidlm-cbsi145-USB20_Driverzip-ORG-163914.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
 

 

 

 

 

I wasn't sure which TDSSKiller log you needed, so I attached all three. Thank you for helping out a computer noob like me Adam : )

TDSSKiller.3.0.0.41_10.11.2014_14.25.41_log.txt

TDSSKiller.3.0.0.41_10.11.2014_14.26.24_log.txt

TDSSKiller.3.0.0.41_10.11.2014_14.30.03_log.txt

Link to post
Share on other sites

It's no problem at all, Wilson. 

We're nearly done.

 

Please delete this file: C:\Users\Admin\Downloads\cbsidlm-cbsi145-USB20_Driverzip-ORG-163914.exe    

 

​Let me know if there are any outstanding issues after completing the following. 

 

STEP 1
YARWD1t.png TDSSKiller Fix

  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Ensure a checkmark is placed next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • ​Click Start Scan. Do not use the computer during the scan.
  • Upon completion, select Delete for the following items:
    \Device\Harddisk0\DR0 ( TDSS File System )
  • Click Continue and close the window. 
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Shockwave Player 12.0
    • Java 7 Update 65
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • TDSSKiller log (attached!)
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version out of Date!
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1)
 Google Chrome 22.0.1229.95  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

 

 

 

Just finished those steps. My pc seems to be running fine now. No outstanding issues and it's not sluggish like it was before. Thank you so much for all your help, Adam! There's no way I could have figured all this out by myself. So, how does it look now?

TDSSKiller.3.0.0.41_11.11.2014_10.15.26_log.txt

Link to post
Share on other sites

Hi Wilson, 

 

I'm very pleased to hear things are running well. 

 

Now for the good news. 

 

All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam (LiquidTension).

Link to post
Share on other sites

Thank you very much for all your help, Adam!

 

   I couldn't have done all that without you. I didn't realize where you were from until I sent a donation. Sorry I don't have a lot of cash to spare. I'm not sure what beer costs over there, but you could buy a case over here with that. Hopefully that will buy a decent amount of booze on your side of the pond : )

 

Thank you again for all your help.

 

Sincerely,

 

Wilson

Link to post
Share on other sites

You're more than welcome, Wilson. It's my pleasure.
 

I didn't realize where you were from until I sent a donation. Sorry I don't have a lot of cash to spare.

Thank you very much. :)
Ultimately, I do this because I enjoy helping others and fighting malware. Any donations are an added bonus, and appreciated regardless. 
 
I will mark this topic as solved. 
 
All the best, 
Adam

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.