Najkon Posted December 21, 2014 ID:921595 Share Posted December 21, 2014 Hi thanks for your reply. I tried to perform a threat scan with Malwarebytes but the system would freeze and not complete the scan. Below is the log from FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01Ran by Najam (administrator) on NAJAM-PC on 21-12-2014 22:14:45Running from C:\Users\Najam\DesktopLoaded Profile: Najam (Available profiles: Najam)Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-02-19] (Toshiba)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-09-17] (Trend Micro Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)HKLM\...\Run: [bingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)Winlogon\Notify\mlicnai: [X]HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe /i ½[W! 89 `9 Ü9 Ø9 HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [iSUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {1d38b1c4-4964-11e2-85d0-001b38ab1606} - D:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {63662328-c39a-11df-bfb7-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {6c588128-ca1c-11de-9a83-001b38ab1606} - D:\autorun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {9cdabebb-d28e-11df-8765-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {d7d3291e-1100-11df-9a80-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {e3f7f507-c3f5-11df-b4c6-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {f15fd59a-0d20-11df-90fb-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {f15fd5f9-0d20-11df-90fb-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {fc7f6faf-d7c6-11df-9153-001b38ab1606} - D:\AutoRun.exeHKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-11] (Microsoft Corporation)Startup: C:\Users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyEnable: [s-1-5-21-466073785-3288665186-4084387580-1000] => Internet Explorer proxy is enabled.ProxyServer: [s-1-5-21-466073785-3288665186-4084387580-1000] => http=127.0.0.1:31524HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankURLSearchHook: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No FileStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM -> {354C2C55-6A33-4A32-902C-C7BC8E17DBCE} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5550031034024651&q={searchTerms}SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyD0EyB0F0C0D0BtA0AtDtN0D0Tzu0StCtDyByDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyE0F0DtD0ByDtD0AtGyCtCzytBtG0B0EyBtCtG0AzzyCyBtGtD0Dzy0DtDyDyCtC0EtA0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0EtDyDyDyBtGtB0D0C0DtGyEtDtCtBtGzytC0FtCtGzytAzytAyCyEzzzz0B0E0Bzz2Q&cr=1010406992&ir=SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> DefaultScope {01F740BF-2BB5-42DC-8026-F07E696FB645} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140731&p={SearchTerms}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {01F740BF-2BB5-42DC-8026-F07E696FB645} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140731&p={SearchTerms}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {354C2C55-6A33-4A32-902C-C7BC8E17DBCE} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5550031034024651&q={searchTerms}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {D7B9B63D-97DD-49BF-ADD3-025662CCC667} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {E7002E74-8E46-4C8D-8A65-986693AEACE4} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight10_14_40&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyD0EyB0F0C0D0BtA0AtDtN0D0Tzu0StCtDyBtAtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyCyB0F0BtDtC0FtAtGyDtCtCzytGyEyCzyzztGzz0FyE0BtGtC0AyEzytC0AtA0A0ByDzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0EtDyDyDyBtGtB0D0C0DtGyEtDtCtBtGzytC0FtCtGzytAzytAyCyEzzzz0B0E0Bzz2Q&cr=1809046025&ir=BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No FileBHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)BHO: Hold Page 1.0.0.5 -> {6c14185e-4de6-4a79-985b-19f23fd1e638} -> C:\Program Files\Hold Page\HoldPagebho.dll No FileBHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No FileToolbar: HKLM - No Name - !{AA58ED58-01DD-4d91-8333-CF10577473F7} - No FileToolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No FileToolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No FileDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.0.1FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-466073785-3288665186-4084387580-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Najam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xmlFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-14]FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgnFF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextensionFF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension [2014-11-22]FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-11]Chrome:=======CHR Profile: C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Slides) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-19]CHR Extension: (Google Docs) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]CHR Extension: (Google Drive) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]CHR Extension: (YouTube) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]CHR Extension: (Google Search) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]CHR Extension: (Google Sheets) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-19]CHR Extension: (SiteAdvisor) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-19]CHR Extension: (Gmail) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No PathCHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Najam\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - No Path========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)S3 cpuz134; \??\C:\Users\Najam\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]S3 RimUsb; System32\Drivers\RimUsb.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-21 22:14 - 2014-12-21 22:18 - 00026859 _____ () C:\Users\Najam\Desktop\FRST.txt2014-12-21 22:14 - 2014-12-21 22:09 - 01113600 _____ (Farbar) C:\Users\Najam\Desktop\FRST.exe2014-12-21 21:55 - 2014-12-21 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\TDSSKiller_Quarantine2014-12-21 21:30 - 2014-12-21 21:25 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Najam\Desktop\tdsskiller.exe2014-12-21 21:06 - 2014-12-21 20:37 - 15201368 _____ () C:\Users\Najam\Desktop\RogueKiller.exe2014-12-21 20:45 - 2014-12-21 21:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-12-21 20:45 - 2014-12-21 20:45 - 00000000 ____D () C:\ProgramData\RogueKiller2014-12-21 20:36 - 2014-12-21 20:37 - 00027344 _____ () C:\Users\Najam\Downloads\Addition.txt2014-12-21 20:33 - 2014-12-21 20:37 - 00046014 _____ () C:\Users\Najam\Downloads\FRST.txt2014-12-21 20:32 - 2014-12-21 22:14 - 00000000 ____D () C:\FRST2014-12-21 20:30 - 2014-12-21 20:30 - 01113600 _____ (Farbar) C:\Users\Najam\Downloads\FRST.exe2014-12-19 14:13 - 2014-12-19 14:13 - 00145360 _____ () C:\Windows\Minidump\121914-21777-01.dmp2014-12-19 12:02 - 2014-12-19 12:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Najam\Downloads\mbam-setup-2.0.4.1028.exe2014-12-15 18:02 - 2014-12-15 18:03 - 24445589 _____ () C:\Users\Najam\Downloads\Desktop_Final (1).zip2014-12-15 18:00 - 2014-12-15 18:01 - 24445589 _____ () C:\Users\Najam\Downloads\Desktop_Final.zip2014-12-15 17:55 - 2014-12-15 17:55 - 01080608 _____ (Unity Technologies ApS) C:\Users\Najam\Downloads\UnityWebPlayer (1).exe2014-12-15 17:55 - 2014-12-15 17:55 - 00370552 _____ () C:\Users\Najam\Downloads\Setup (8).exe2014-12-14 15:38 - 2014-12-14 15:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-12-13 09:51 - 2014-12-19 16:44 - 00000464 ____H () C:\Windows\Tasks\Norton Security Scan for Najam.job2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\Windows\system32\Drivers\NSS2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\Program Files\Norton Security Scan2014-12-13 01:34 - 2014-12-13 01:34 - 00002252 _____ () C:\Users\Najam\Desktop\Chrome App Launcher.lnk2014-12-13 01:34 - 2014-12-13 01:34 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-12 01:13 - 2014-12-12 01:13 - 17919664 _____ (Adobe Systems Incorporated) C:\Users\Najam\Downloads\install_flash_player_15 [1].exe2014-12-12 01:11 - 2014-12-12 01:12 - 00731984 _____ ( ) C:\Users\Najam\Downloads\install_flash_player_15.exe2014-12-12 00:51 - 2014-12-21 21:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-12 00:45 - 2014-12-19 12:06 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-12 00:45 - 2014-12-19 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-12 00:44 - 2014-12-19 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-12-12 00:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-12-12 00:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-12-12 00:38 - 2014-12-12 00:39 - 00145368 _____ () C:\Windows\Minidump\121214-37112-01.dmp2014-12-12 00:04 - 2014-12-12 00:04 - 00000000 ____D () C:\Program Files\predm2014-12-11 23:56 - 2014-12-11 23:56 - 00000000 __SHD () C:\found.0112014-12-11 23:51 - 2014-12-21 21:38 - 00000000 ____D () C:\Windows\system32\ehdrminitmsvidctlGUI2014-12-11 23:50 - 2014-12-11 23:59 - 00000000 ____D () C:\Users\Najam\AppData\Local\netmcx2filterapi2014-12-11 23:33 - 2014-12-11 23:34 - 00000003 _____ () C:\Users\Najam\Downloads\C2014-12-11 23:30 - 2014-12-11 23:30 - 00895496 _____ () C:\Users\Najam\Downloads\Setup (7).exe2014-12-11 23:30 - 2014-12-11 23:30 - 00895488 _____ () C:\Users\Najam\Downloads\Setup (4).exe2014-12-11 11:42 - 2014-11-24 20:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-11 11:42 - 2014-11-24 20:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-11 11:42 - 2014-11-24 20:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-12-11 11:42 - 2014-11-24 20:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-11 11:42 - 2014-11-24 20:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-12-11 11:42 - 2014-11-24 20:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-11 11:42 - 2014-11-24 20:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-11 11:42 - 2014-11-24 20:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-11 11:42 - 2014-11-24 20:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-12-11 11:42 - 2014-11-24 20:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-11 11:42 - 2014-11-24 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-12-11 11:42 - 2014-11-24 20:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-12-11 11:41 - 2014-11-24 20:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-11 11:40 - 2014-11-24 20:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2014-12-11 11:40 - 2014-11-24 20:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-11 11:40 - 2014-11-24 20:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-11 11:40 - 2014-11-24 20:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-11 11:40 - 2014-11-24 20:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-11 11:40 - 2014-11-24 20:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-11 11:40 - 2014-11-24 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-11 11:40 - 2014-11-24 20:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-11 11:40 - 2014-11-24 20:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-10 22:40 - 2014-12-10 22:40 - 00145368 _____ () C:\Windows\Minidump\121014-39842-01.dmp2014-12-10 16:38 - 2014-12-10 16:38 - 00000000 ____D () C:\ProgramData\161613445713139689112014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Users\Najam\AppData\Local\Rainmaker_Software_Group_2014-12-10 13:19 - 2014-12-12 00:04 - 00000000 ____D () C:\Users\Najam\Documents\ProPCCleaner2014-12-10 13:13 - 2014-12-10 13:13 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Rainmaker Software Group LLC.2014-12-10 13:10 - 2014-12-10 13:10 - 00801008 _____ (Download Publisher) C:\Users\Najam\Downloads\Adobe Flash Player Setup.exe2014-12-10 12:43 - 2014-12-10 12:45 - 00775968 _____ (Reimage®) C:\Users\Najam\Downloads\ReimageRepair (2).exe2014-12-10 12:42 - 2014-12-10 12:43 - 00775968 _____ (Reimage®) C:\Users\Najam\Downloads\ReimageRepair (1).exe2014-12-10 01:09 - 2014-12-10 01:09 - 22356702 _____ () C:\Users\Najam\Downloads\vlc-2.0.0-win32.exe2014-12-10 01:06 - 2014-12-12 17:37 - 00000000 ____D () C:\ProgramData\CrimeWatch2014-12-10 00:10 - 2014-12-10 00:11 - 00845072 _____ () C:\Users\Najam\Downloads\Setup (3).exe2014-12-10 00:08 - 2014-12-10 00:08 - 00463736 _____ (Swift Installer ) C:\Users\Najam\Downloads\Unconfirmed 999895.crdownload2014-12-09 20:22 - 2014-12-09 20:22 - 00341368 _____ (Swift Installer ) C:\Users\Najam\Downloads\Unconfirmed 562350.crdownload2014-12-07 20:22 - 2014-12-11 21:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings2014-12-07 01:32 - 2014-12-19 22:15 - 00000000 ____D () C:\Program Files\SearchProtect2014-12-07 01:31 - 2014-12-07 01:32 - 00399585 _____ () C:\Users\Najam\Downloads\Setup (6).exe2014-12-07 01:30 - 2014-12-07 01:31 - 00843192 _____ () C:\Users\Najam\Downloads\Setup (5).exe2014-12-05 20:17 - 2014-12-10 12:51 - 00000165 _____ () C:\Windows\Reimage.ini2014-12-05 20:13 - 2014-12-05 20:14 - 00774944 _____ () C:\Users\Najam\Downloads\ReimageRepair.exe2014-12-04 15:38 - 2014-12-15 17:57 - 00000000 ____D () C:\Users\Najam\AppData\Local\Unity2014-12-04 15:30 - 2014-12-04 15:30 - 01081992 _____ (Unity Technologies ApS) C:\Users\Najam\Downloads\UnityWebPlayer.exe2014-12-02 19:53 - 2014-12-02 19:53 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim (2).exe2014-12-02 19:47 - 2014-12-02 19:48 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim (1).exe2014-12-02 19:44 - 2014-12-02 19:45 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim.exe2014-12-01 20:38 - 2014-12-01 20:38 - 00000000 ____D () C:\Program Files\innoApp2014-12-01 20:30 - 2014-12-01 20:30 - 00000000 ____D () C:\Users\Najam\Documents\Optimizer Pro2014-12-01 20:28 - 2014-12-01 20:28 - 01390552 _____ (Qwerty) C:\Users\Najam\AppData\Roaming\FAROUT.exe2014-12-01 20:27 - 2014-12-12 00:25 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.112014-12-01 20:23 - 2014-12-01 20:23 - 01876440 _____ (Qwerty) C:\Users\Najam\AppData\Roaming\AUIBYKQI.exe2014-12-01 20:22 - 2014-12-19 22:15 - 00000000 ____D () C:\Program Files\globalUpdate2014-12-01 20:22 - 2014-12-01 20:22 - 00000000 ____D () C:\Users\Najam\AppData\Local\globalUpdate2014-12-01 20:08 - 2014-12-01 20:08 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full (2).exe2014-12-01 19:51 - 2014-12-01 19:51 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full.exe2014-12-01 19:51 - 2014-12-01 19:51 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full (1).exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-21 22:16 - 2012-08-16 16:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-21 22:15 - 2009-10-22 23:26 - 00392726 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-21 21:59 - 2009-10-22 23:11 - 01583041 _____ () C:\Windows\WindowsUpdate.log2014-12-21 21:58 - 2010-02-09 23:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-12-21 21:57 - 2009-10-22 22:42 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-12-21 21:57 - 2009-10-22 22:42 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-12-21 21:55 - 2014-07-29 03:02 - 00001849 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-12-21 21:50 - 2010-02-09 23:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-21 21:50 - 2009-10-22 22:55 - 03384906 _____ () C:\Windows\PFRO.log2014-12-21 21:50 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-21 21:50 - 2009-07-14 04:39 - 07408013 _____ () C:\Windows\setupact.log2014-12-21 21:48 - 2014-03-13 22:33 - 00647533 _____ () C:\Windows\IE11_main.log2014-12-21 21:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing2014-12-19 14:13 - 2012-08-12 04:56 - 00000000 ____D () C:\Windows\Minidump2014-12-15 17:39 - 2006-11-02 10:23 - 00000321 _____ () C:\Windows\win.ini2014-12-14 22:59 - 2007-04-13 16:27 - 00000000 ____D () C:\Windows\system32\Macromed2014-12-14 15:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy2014-12-13 09:51 - 2009-10-22 23:28 - 00000000 ____D () C:\ProgramData\Norton2014-12-12 01:20 - 2009-10-13 23:27 - 00000000 ____D () C:\Users\Najam\AppData\Local\Adobe2014-12-12 01:18 - 2012-08-16 16:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-12-12 01:18 - 2012-08-16 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-12-12 00:45 - 2009-10-14 13:15 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Malwarebytes2014-12-12 00:44 - 2009-10-14 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-12-12 00:23 - 2009-11-05 01:38 - 00000000 ____D () C:\Program Files\Ashampoo2014-12-12 00:22 - 2009-10-22 13:59 - 00000000 ____D () C:\Program Files\VideoLAN2014-12-11 14:37 - 2014-03-08 10:55 - 00000000 ____D () C:\Windows\system32\MRT2014-12-11 14:30 - 2009-10-23 00:10 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-12-10 19:52 - 2009-10-22 22:43 - 00000000 ____D () C:\Users\Najam2014-12-10 00:32 - 2012-08-16 16:37 - 00002136 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-10 00:12 - 2012-08-17 14:35 - 00000000 _____ () C:\END2014-12-07 01:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Resources2014-12-02 19:45 - 2010-02-04 19:39 - 00000000 ____D () C:\Windows\system32\Adobe2014-11-30 09:16 - 2014-03-12 23:48 - 00000000 ____D () C:\ProgramData\ProductData2014-11-29 19:40 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache2014-11-29 16:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-11-28 13:56 - 2010-01-11 00:06 - 00000000 ____D () C:\Users\Najam\Tracing2014-11-24 14:04 - 2010-10-22 11:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-11-21 06:14 - 2014-03-11 21:22 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sysSome content of TEMP:====================C:\Users\Najam\AppData\Local\Temp\BSI.exeC:\Users\Najam\AppData\Local\Temp\dllnt_dump.dllC:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exeC:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exeC:\Users\Najam\AppData\Local\Temp\installhelper.dllC:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dllC:\Users\Najam\AppData\Local\Temp\optprosetup.exeC:\Users\Najam\AppData\Local\Temp\promote-upx.exeC:\Users\Najam\AppData\Local\Temp\propsys.dllC:\Users\Najam\AppData\Local\Temp\ReimagePackage.exeC:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exeC:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exeC:\Users\Najam\AppData\Local\Temp\Runner2.exeC:\Users\Najam\AppData\Local\Temp\Runner4.exeC:\Users\Najam\AppData\Local\Temp\sqlite3.exeC:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dllC:\Users\Najam\AppData\Local\Temp\tbDVDV.dllC:\Users\Najam\AppData\Local\Temp\ttv.exeC:\Users\Najam\AppData\Local\Temp\wme.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-12-15 11:44==================== End Of Log ============================ Below is the Addition Log Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2014 01Ran by Najam at 2014-12-21 22:20:21Running from C:\Users\Najam\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Virgin Media Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Virgin Media Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)Ashampoo Burning Studio 9.20 (HKLM\...\Ashampoo Burning Studio 9_is1) (Version: 9.2.0 - ashampoo GmbH & Co. KG)Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDesktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)Emdedded IR Driver (HKLM\...\InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}) (Version: 0.0.0.6C - Compal Electronics, Inc.)Emdedded IR Driver (Version: 0.0.0.6C - Compal Electronics, Inc.) HiddenFree YouTube to MP3 Converter version 3.11.26.706 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.26.706 - DVDVideoSoft Ltd.)Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)Itibiti RTC (Version: 0.0.1 - Itibiti Inc) HiddenJava SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MSVC80_x86 (Version: 1.0.1.0 - Nokia) HiddenMSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) HiddenMSVC90_x86 (Version: 1.0.1.2 - Nokia) HiddenMSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)myphotobook 3.1 (HKLM\...\myphotobook) (Version: 3.1 - myphotobook)Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenRadialpoint Dashboard Patch version 13.12.23.29994 (Version: 13.12.23.29994 - ) HiddenRealtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )RPS CRT (Version: 9.0.34 - Virgin Media) HiddenswMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) HiddenTOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)Unity Web Player (HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Outlook 2007 Junk Email Filter (kb983486) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{913DFE19-32EC-4099-89AC-27FC493A7A2E}) (Version: - Microsoft)Utility Common Driver (Version: 0.0.1.1C - TOSHIBA) HiddenWindows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )WSE_Vosteran (HKLM\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-466073785-3288665186-4084387580-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Najam\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)CustomCLSID: HKU\S-1-5-21-466073785-3288665186-4084387580-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Najam\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).==================== Restore Points =========================Check "winmgmt" service or repair WMI.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {1B9ED594-45CE-40AE-904D-A4B27385BFE4} - System32\Tasks\{5FC3A9BD-3843-4786-A858-AEDA5FA2A9D0} => pcalua.exe -a "C:\Program Files\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files\Windows Installer Clean Up"Task: {2108AC8A-9B9E-44A9-B22D-0481C6D1B9A1} - System32\Tasks\{B7E9FDBD-A434-419E-9830-04EC18EE3B84} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{A1882EF8-3EB9-42F3-8FE5-1E024DDC2C6A}\setup.exe -d "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Najam\Desktop"Task: {493DABC5-67E6-4709-ABA1-A27616D83A7D} - \TidyNetwork Update No Task File <==== ATTENTIONTask: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbsTask: {5674DA62-FB36-41A3-87C8-B456D6FDB571} - System32\Tasks\{51C037FB-DD25-441D-8088-5BA599C3C2D3} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{0F7066C7-9B97-4495-89A0-8BCA495335C7}\setup.exe -d "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Najam\Desktop"Task: {64DFF8E8-147D-49CB-8F54-60E9EF7E7892} - System32\Tasks\{140C2766-9F15-4AD6-B632-7423BF68C8CF} => pcalua.exe -a "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1FLOM85\VirtualDkBb5%201.1c[1].exe" -d C:\Users\Najam\DesktopTask: {72CC239D-F2F6-4A93-8FFD-CA7E64E21652} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)Task: {7368665F-C64A-4592-8A49-6F1A59BECCAC} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exeTask: {748A3D86-7F96-4A55-B425-2235680FB47B} - System32\Tasks\Norton Security Scan for Najam => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)Task: {A7B94408-4FFE-4573-8127-A5ABDDCACEEF} - System32\Tasks\{327760AC-A56B-4CAC-BD45-DDCC3F7D2A3E} => pcalua.exe -a C:\Users\Najam\Desktop\winvista_15124.exe -d C:\Users\Najam\DesktopTask: {BCEF42E6-5432-4A2F-A8B2-580D19FE24CC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exeTask: {C4869B1A-3279-4DB8-8614-54B1ABFF188C} - System32\Tasks\{9580919B-E5C9-4286-B99F-228180408AB3} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{AC98CE76-057D-428D-AD0F-FD96691ECA24}\setup.exe -d C:\Users\Najam\DesktopTask: {DB8BB350-6F9B-433B-93A0-3D6424BFA541} - System32\Tasks\{F4F3ADE6-CC57-431F-9CCD-DBD64D077385} => pcalua.exe -a C:\Users\Najam\Downloads\msicuu2.exe -d C:\Users\Najam\DownloadsTask: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbsTask: {EAC71A44-47D4-47E0-A2B0-7BC048EC3617} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)Task: {F5BBB3E1-5047-4C99-8120-A84F0CAA1AE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)Task: {F7DB8A69-813B-4E27-89D7-558D4AB43B49} - System32\Tasks\{490941B9-99EB-4419-A5FE-4AAA1CB2BE6C} => pcalua.exe -a "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SV6S7QFM\winvista_15115[1].exe" -d C:\Windows\system32(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Norton Security Scan for Najam.job => C:\PROGRA~1\Norton Security Scan\Engine\4.1.0.28\Nss.exe==================== Loaded Modules (whitelisted) =============2009-10-15 22:31 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll2007-07-10 16:12 - 2006-10-10 10:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll2006-11-08 18:08 - 2006-11-08 18:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll2006-11-06 16:14 - 2006-11-06 16:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24265525.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69387791.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24265525.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69387791.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)========================= Accounts: ==========================Administrator (S-1-5-21-466073785-3288665186-4084387580-500 - Administrator - Disabled)Guest (S-1-5-21-466073785-3288665186-4084387580-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-466073785-3288665186-4084387580-1002 - Limited - Enabled)Najam (S-1-5-21-466073785-3288665186-4084387580-1000 - Administrator - Enabled) => C:\Users\Najam==================== Faulty Device Manager Devices =============Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (12/21/2014 09:27:31 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:27:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:58 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:55 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:54 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:49 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:47 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:44 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:41 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.Error: (12/21/2014 09:26:37 PM) (Source: Windows Search Service) (EventID: 1006) (User: )Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.System errors:=============Error: (12/21/2014 10:21:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 26 time(s).Error: (12/21/2014 10:21:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Search service terminated with the following error:%%183Error: (12/21/2014 10:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 25 time(s).Error: (12/21/2014 10:21:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Search service terminated with the following error:%%183Error: (12/21/2014 10:21:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 24 time(s).Error: (12/21/2014 10:21:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Search service terminated with the following error:%%183Error: (12/21/2014 10:18:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 23 time(s).Error: (12/21/2014 10:18:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Search service terminated with the following error:%%183Error: (12/21/2014 10:17:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 22 time(s).Error: (12/21/2014 10:17:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Search service terminated with the following error:%%183Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2014-12-10 12:48:49.414 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-12-10 12:48:40.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:45.648 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:45.370 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:45.103 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:44.826 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:44.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:44.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:43.869 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system. Date: 2014-03-16 03:07:43.614 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHzPercentage of memory in use: 63%Total physical RAM: 2038.43 MBAvailable physical RAM: 739.33 MBTotal Pagefile: 4076.86 MBAvailable Pagefile: 2695.46 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1914.83 MB==================== Drives ================================Drive c: (Vista) (Fixed) (Total:55.66 GB) (Free:19.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (Data) (Fixed) (Total:54.66 GB) (Free:54.38 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BDBFE5D0)Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Active) - (Size=55.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=54.7 GB) - (Type=07 NTFS)==================== End Of Log ============================ Below is the RogueKiller log RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Najam [Administrator]Mode : Scan -- Date : 12/21/2014 23:58:00¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 1 ¤¤¤[PUM.Proxy] HKEY_USERS\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:31524 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 2 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost[C:\Windows\System32\drivers\etc\hosts] ::1 localhost¤¤¤ Antirootkit : 23 (Driver: Loaded) ¤¤¤[sSDT:Addr(Hook.SSDT)] NtCreateKey[70] : Unknown @ 0x882aeaa0[sSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x88a35a00[sSDT:Addr(Hook.SSDT)] NtCreateProcess[79] : Unknown @ 0x882ad5a0[sSDT:Addr(Hook.SSDT)] NtCreateProcessEx[80] : Unknown @ 0x882ad8a0[sSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x88a35dc0[sSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x88a35340[sSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x88a35520[sSDT:Addr(Hook.SSDT)] NtCreateUserProcess[93] : Unknown @ 0x882adba0[sSDT:Addr(Hook.SSDT)] NtDeleteKey[103] : Unknown @ 0x882af0a0[sSDT:Addr(Hook.SSDT)] NtDeleteValueKey[106] : Unknown @ 0x882af9a0[sSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x88a35fa0[sSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x88a35700[sSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x882adea0[sSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x882aff80[sSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x882ae1a0[sSDT:Addr(Hook.SSDT)] NtRenameKey[290] : Unknown @ 0x882af3a0[sSDT:Addr(Hook.SSDT)] NtRestoreKey[302] : Unknown @ 0x882af6a0[sSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x88a35be0[sSDT:Addr(Hook.SSDT)] NtSetValueKey[358] : Unknown @ 0x882aeda0[sSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x882ae4a0[sSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x882ae7a0[sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x88a35160[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\LPCFilter.sys)¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: FUJITSU MHY2120BH +++++--- User ---[MBR] b35783bd8e6f709d061e511ddbc5c7dc[bSP] cc7e755da6908c2dc241a83cf9bcfaad : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 57000 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 119810048 | Size: 55971 MBUser = LL1 ... OKUser = LL2 ... OK============================================RKreport_DEL_12212014_212114.log - RKreport_DEL_12212014_212148.log - RKreport_DEL_12212014_212224.log - RKreport_SCN_12212014_205551.logRKreport_SCN_12212014_211730.log Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921598 Share Posted December 22, 2014 Did you set this proxy in Internet Explorer: ProxyEnable: [s-1-5-21-466073785-3288665186-4084387580-1000] => Internet Explorer proxy is enabled.ProxyServer: [s-1-5-21-466073785-3288665186-4084387580-1000] => http=127.0.0.1:31524 ======================================Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.Run FRST.exe/FRST64.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.=====================================Make sure you have created that system restore point before you continue!Please read the directions carefully so you don't end up deleting something that is good!!If in doubt about an entry....please ask or choose Skip!!!!Don't Delete anything unless instructed to!If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf a suspicious object is detected, the default action will be Skip, click on ContinuePlease note that TDSSKiller can be run in safe mode if needed.Please download the latest version of TDSSKiller from HERE and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If in doubt about an entry....please ask or choose SkipIf malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.Here's a summary of what to do if you would like to print it out:If in doubt about an entry....please ask or choose SkipDon't Delete anything unless instructed to!If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.~~~~~~~~~~~~~~~~~~~~You can attach the logs if they're too long:Bottom right corner of this page.New window that comes up.Then...........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixhttp://www.bleepingcomputer.com/download/combofix/dl/12/<---ComboFix direct downloadPlease make sure you click download buttons that look similar to this, not "sponsored ad links":Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop.Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921600 Share Posted December 22, 2014 I did not set that proxy in Internet Explorer. I clicked fix only once but this error message has appeared: AutoIt ErrorLine 9686 (File "C:\Users\Najam\Desktop\FRST.exe"):Error: Error in expression. What does this mean and what should I do next? I do not want to do anything without your advice Thanks Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921602 Share Posted December 22, 2014 p.s. this is the FixLog after running the Fix Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01Ran by Najam at 2014-12-22 00:57:31 Run:1Running from C:\Users\Najam\DesktopLoaded Profile: Najam (Available profiles: Najam)Boot Mode: Normal==============================================Content of fixlist:*****************Winlogon\Notify\mlicnai: [X]HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONURLSearchHook: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No FileSearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Hold Page 1.0.0.5 -> {6c14185e-4de6-4a79-985b-19f23fd1e638} -> C:\Program Files\Hold Page\HoldPagebho.dll No FileToolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No FileCHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Najam\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]C:\Users\Najam\AppData\Roaming\AUIBYKQI.exeC:\Users\Najam\AppData\Local\Temp\BSI.exeC:\Users\Najam\AppData\Local\Temp\dllnt_dump.dllC:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exeC:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exeC:\Users\Najam\AppData\Local\Temp\installhelper.dllC:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dllC:\Users\Najam\AppData\Local\Temp\optprosetup.exeC:\Users\Najam\AppData\Local\Temp\promote-upx.exeC:\Users\Najam\AppData\Local\Temp\propsys.dllC:\Users\Najam\AppData\Local\Temp\ReimagePackage.exeC:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exeC:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exeC:\Users\Najam\AppData\Local\Temp\Runner2.exeC:\Users\Najam\AppData\Local\Temp\Runner4.exeC:\Users\Najam\AppData\Local\Temp\sqlite3.exeC:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dllC:\Users\Najam\AppData\Local\Temp\tbDVDV.dllC:\Users\Najam\AppData\Local\Temp\ttv.exeC:\Users\Najam\AppData\Local\Temp\wme.dllWinsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 *****************"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlicnai" => Key deleted successfully.HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.C:\Windows\system32\GroupPolicy\Machine => Moved successfully.C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.HKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Value not found.HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.HKU\S-1-5-21-466073785-3288665186-4084387580-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully."HKCR\CLSID\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully.HKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found."HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => Key deleted successfully.C:\Users\Najam\AppData\Roaming\AUIBYKQI.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\BSI.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\installhelper.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\optprosetup.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\promote-upx.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\propsys.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\Runner2.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\Runner4.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\sqlite3.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\tbDVDV.dll => Moved successfully.C:\Users\Najam\AppData\Local\Temp\ttv.exe => Moved successfully.C:\Users\Najam\AppData\Local\Temp\wme.dll => Moved successfully.Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dllC:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully. Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921603 Share Posted December 22, 2014 Yes that's correct, continue on with the rest of it, MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921605 Share Posted December 22, 2014 Please find attached the TDSSKiller LogsTDSSKiller.3.0.0.42_22.12.2014_01.10.04_log.txtTDSSKiller.3.0.0.42_22.12.2014_01.13.55_log.txt Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921614 Share Posted December 22, 2014 Below is the ComboFix log ComboFix 14-12-14.01 - Najam 22/12/2014 1:38.1.2 - x86Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2038.1154 [GMT 0:00]Running from: c:\users\Najam\Desktop\ComboFix.exeAV: Virgin Media Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}SP: Virgin Media Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Najam\2057.MST..((((((((((((((((((((((((( Files Created from 2014-11-22 to 2014-12-22 )))))))))))))))))))))))))))))))..2014-12-22 01:32 . 2014-12-22 01:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F90702-892E-455C-A24F-772C058A5197}\offreg.dll2014-12-21 21:37 . 2014-12-21 21:37 -------- d-----w- C:\TDSSKiller_Quarantine2014-12-21 20:45 . 2014-12-21 23:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-12-21 20:45 . 2014-12-21 20:45 -------- d-----w- c:\programdata\RogueKiller2014-12-21 20:32 . 2014-12-22 00:58 -------- d-----w- C:\FRST2014-12-19 11:44 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F90702-892E-455C-A24F-772C058A5197}\mpengine.dll2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\windows\system32\drivers\NSS2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\program files\Norton Security Scan2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\program files\NortonInstaller2014-12-12 00:51 . 2014-12-22 01:58 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-12-12 00:44 . 2014-11-21 06:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-12-12 00:44 . 2014-11-21 06:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-12-12 00:44 . 2014-12-19 12:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-12-12 00:04 . 2014-12-12 00:04 -------- d-----w- c:\program files\predm2014-12-11 23:56 . 2014-12-11 23:56 -------- d-----w- C:\found.0112014-12-11 23:51 . 2014-12-21 21:38 -------- d-----w- c:\windows\system32\ehdrminitmsvidctlGUI2014-12-11 23:50 . 2014-12-11 23:59 -------- d-----w- c:\users\Najam\AppData\Local\netmcx2filterapi2014-12-11 11:41 . 2014-11-24 20:34 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2014-12-11 11:41 . 2014-11-24 20:51 757968 ----a-w- c:\program files\Internet Explorer\iexplore.exe2014-12-11 11:41 . 2014-11-24 20:34 22528 ----a-w- c:\program files\Internet Explorer\ExtExport.exe2014-12-11 11:41 . 2014-11-24 20:35 1129472 ----a-w- c:\windows\system32\wininet.dll2014-12-11 11:41 . 2014-11-24 20:35 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2014-12-11 11:40 . 2014-11-24 20:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb2014-12-11 11:40 . 2014-11-24 20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe2014-12-11 11:40 . 2014-11-24 20:44 367104 ----a-w- c:\windows\system32\html.iec2014-12-11 11:40 . 2014-11-24 20:34 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2014-12-11 11:40 . 2014-11-24 20:40 1810944 ----a-w- c:\windows\system32\jscript9.dll2014-12-10 16:38 . 2014-12-10 16:38 -------- d-----w- c:\programdata\161613445713139689112014-12-10 13:21 . 2014-12-10 13:21 -------- d-----w- c:\users\Najam\AppData\Local\Rainmaker_Software_Group_2014-12-10 13:13 . 2014-12-10 13:13 -------- d-----w- c:\users\Najam\AppData\Roaming\Rainmaker Software Group LLC.?2014-12-10 01:06 . 2014-12-12 17:37 -------- d-----w- c:\programdata\CrimeWatch2014-12-07 01:32 . 2014-12-19 22:15 -------- d-----w- c:\program files\SearchProtect2014-12-04 15:38 . 2014-12-15 17:57 -------- d-----w- c:\users\Najam\AppData\Local\Unity2014-12-01 20:38 . 2014-12-01 20:38 -------- d-----w- c:\program files\innoApp2014-12-01 20:28 . 2014-12-01 20:28 1390552 ----a-w- c:\users\Najam\AppData\Roaming\FAROUT.exe2014-12-01 20:27 . 2014-12-12 00:25 -------- d-----w- c:\program files\Optimizer Pro 3.112014-12-01 20:22 . 2014-12-19 22:15 -------- d-----w- c:\program files\globalUpdate2014-12-01 20:22 . 2014-12-01 20:22 -------- d-----w- c:\users\Najam\AppData\Local\globalUpdate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-12-12 01:18 . 2012-08-16 16:36 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-12-12 01:18 . 2012-08-16 16:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-11-24 14:04 . 2010-10-22 11:47 229000 ------w- c:\windows\system32\MpSigStub.exe2014-11-21 06:14 . 2014-03-11 21:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-09-17 112632]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-11 280576].c:\users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 0069801419211939mcinstcleanup;McAfee Application Installer Cleanup (0069801419211939);c:\users\Najam\AppData\Local\Temp\0069801419211939mcinst.exe [x]R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]R3 cpuz134;cpuz134;c:\users\Najam\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-21 23256]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-21 51928]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\siteadvisor\McSACore.exe [2014-11-13 133696]S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 64080]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - IPNAT*Deregistered* - EraserUtilRebootDrv*Deregistered* - SPBBCDrv*Deregistered* - SYMDNS*Deregistered* - SYMFW*Deregistered* - SYMIDS*Deregistered* - SYMNDISV*Deregistered* - SYMREDRV.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-12-22 00:58 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 01:18].2014-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 19:47].2014-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 19:47].2014-12-19 c:\windows\Tasks\Norton Security Scan for Najam.job- c:\progra~1\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-12-13 06:04]..------- Supplementary Scan -------.uStart Page = about:blankmStart Page = about:blankuInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.netuInternet Settings,ProxyServer = http=127.0.0.1:31524TCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dllToolbar-10 - (no file)WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)HKCU-Run-TOSCDSPD - c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeHKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exeHKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exeSafeBoot-24265525.sysSafeBoot-30105759.sysSafeBoot-69387791.sysAddRemove-RadialpointDashboardPatch_is1 - c:\users\Najam\AppData\Local\Temp\is-SQEE0.tmp\unins000.exeAddRemove-WSE_Vosteran - c:\progra~1\WSE_Vosteran\\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\system32\taskhost.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files\TOSHIBA\Power Saver\TosCoSrv.exec:\windows\system32\rundll32.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\system32\conhost.exec:\windows\system32\DllHost.exec:\windows\system32\sppsvc.exec:\program files\Windows Media Player\wmpnetwk.exe.**************************************************************************.Completion time: 2014-12-22 02:02:30 - machine was rebootedComboFix-quarantined-files.txt 2014-12-22 02:02.Pre-Run: 20,996,214,784 bytes freePost-Run: 23,029,604,352 bytes free.- - End Of File - - 7233E7B1CEAEF1BD6596EE3D4FE25238A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921617 Share Posted December 22, 2014 Looks OK, how is it???? To delete that proxy in IE: Download and run Run Fixit: http://support.microsoft.com/kb/2289942 MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921625 Share Posted December 22, 2014 It looks fine, running a little quicker. But now there is a problem where windows update will not complete its updates and keeps suggesting the same updates Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921626 Share Posted December 22, 2014 But now there is a problem where windows update will not complete its updates and keeps suggesting the same updates That problem most likely was always there...don't blame it on me. Download and run rkill (post the log):http://www.bleepingcomputer.com/download/rkill/dl/132/Then............Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked: (check all the boxes)Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921629 Share Posted December 22, 2014 Haha I'm not blaming you mate, you've been great! rkill log: Rkill 2.6.9 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 12/22/2014 03:05:17 AM in x86 mode.Windows Version: Windows 7 Home Premium Service Pack 1Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * No issues found.Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhostProgram finished at: 12/22/2014 03:06:38 AMExecution time: 0 hours(s), 1 minute(s), and 21 seconds(s) FSS Log: Farbar Service Scanner Version: 21-07-2014Ran by Najam (administrator) on 22-12-2014 at 03:07:42Running from "C:\Users\Najam\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => File is digitally signedC:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signedC:\Windows\system32\dhcpcore.dll => File is digitally signedC:\Windows\system32\Drivers\afd.sys => File is digitally signedC:\Windows\system32\Drivers\tdx.sys => File is digitally signedC:\Windows\system32\Drivers\tcpip.sys => File is digitally signedC:\Windows\system32\dnsrslvr.dll => File is digitally signedC:\Windows\system32\mpssvc.dll => File is digitally signedC:\Windows\system32\bfe.dll => File is digitally signedC:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signedC:\Windows\system32\SDRSVC.dll => File is digitally signedC:\Windows\system32\vssvc.exe => File is digitally signedC:\Windows\system32\wscsvc.dll => File is digitally signedC:\Windows\system32\wbem\WMIsvc.dll => File is digitally signedC:\Windows\system32\wuaueng.dll => File is digitally signedC:\Windows\system32\qmgr.dll => File is digitally signedC:\Windows\system32\es.dll => File is digitally signedC:\Windows\system32\cryptsvc.dll => File is digitally signedC:\Program Files\Windows Defender\MpSvc.dll => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signed**** End of log **** Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921633 Share Posted December 22, 2014 Did you disable the icon??? Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist. ========================== From your FRST log: Check "winmgmt" service or repair WMI. (Windows Management Instrumentation) Check to see that the winmgmt" service is running and set to automatic Let me know, MrC (Be Back in the AM) Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921711 Share Posted December 22, 2014 Hi I did not disable the icon as I do not know how to. Also your second instruction I do not know how to check that the service is running. I typed "winmgmt" into the search box and clicked to open but a command prompt window opened and quickly closed itself back down. Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921725 Share Posted December 22, 2014 http://computerstepbystep.com/windows_management_instrumentation_service.html That link should explain it, MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921763 Share Posted December 22, 2014 The winmgmt service is running and is set to automatic but still having the problem with windows update. Malwarebytes also says protection is disabled all of the time Link to post Share on other sites More sharing options...
MrCharlie Posted December 22, 2014 ID:921772 Share Posted December 22, 2014 Do a clean re-install of Malwarebytes: https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/<---clean re-install MrC Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921783 Share Posted December 22, 2014 That's great! Thanks! Malwarebytes is working fine now. Do you have any ideas on the windows update issue? Link to post Share on other sites More sharing options...
Najkon Posted December 22, 2014 Author ID:921796 Share Posted December 22, 2014 Hi, just an update. The system will not allow me to install my McAfee antivirus software Link to post Share on other sites More sharing options...
MrCharlie Posted December 23, 2014 ID:922016 Share Posted December 23, 2014 Give this a try:Download zoek.exe to your Desktop:http://hijackthis.nl/smeenk/Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Herehttp://www.bleepingcomputer.com/forums/topic114351.htmlOn Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as AdministratorGive it a few seconds to appearNext, copy/paste the entire script inside the codebox below to the input field of Zoek:resetWMI;Now...Close any open programs.Click the Run script button, and wait. It takes a few minutes to run.When the tool finishes, the zoek-results.log is opened in Notepad.The log is also found on the systemdrive, normally C:\If a reboot is needed, the log is opened after the reboot.MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 1, 2015 Root Admin ID:924755 Share Posted January 1, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts