Logs for MrC

Najkon · December 21, 2014

Hi thanks for your reply.

I tried to perform a threat scan with Malwarebytes but the system would freeze and not complete the scan.

Below is the log from FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
Ran by Najam (administrator) on NAJAM-PC on 21-12-2014 22:14:45
Running from C:\Users\Najam\Desktop
Loaded Profile: Najam (Available profiles: Najam)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [204800 2007-07-27] (Synaptics, Inc.)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-02-19] (Toshiba)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [112632 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [bingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
Winlogon\Notify\mlicnai: [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe /i ½[W
! 89 `9 Ü9 Ø9
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [iSUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\Run: [itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {1d38b1c4-4964-11e2-85d0-001b38ab1606} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {63662328-c39a-11df-bfb7-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {6c588128-ca1c-11de-9a83-001b38ab1606} - D:\autorun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {9cdabebb-d28e-11df-8765-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {d7d3291e-1100-11df-9a80-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {e3f7f507-c3f5-11df-b4c6-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {f15fd59a-0d20-11df-90fb-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {f15fd5f9-0d20-11df-90fb-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\MountPoints2: {fc7f6faf-d7c6-11df-9153-001b38ab1606} - D:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-11] (Microsoft Corporation)
Startup: C:\Users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-466073785-3288665186-4084387580-1000] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-466073785-3288665186-4084387580-1000] => http=127.0.0.1:31524
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {354C2C55-6A33-4A32-902C-C7BC8E17DBCE} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5550031034024651&q={searchTerms}
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyD0EyB0F0C0D0BtA0AtDtN0D0Tzu0StCtDyByDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyE0F0DtD0ByDtD0AtGyCtCzytBtG0B0EyBtCtG0AzzyCyBtGtD0Dzy0DtDyDyCtC0EtA0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0EtDyDyDyBtGtB0D0C0DtGyEtDtCtBtGzytC0FtCtGzytAzytAyCyEzzzz0B0E0Bzz2Q&cr=1010406992&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> DefaultScope {01F740BF-2BB5-42DC-8026-F07E696FB645} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140731&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {01F740BF-2BB5-42DC-8026-F07E696FB645} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140731&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {354C2C55-6A33-4A32-902C-C7BC8E17DBCE} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;&rlz=
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5550031034024651&q={searchTerms}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {D7B9B63D-97DD-49BF-ADD3-025662CCC667} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {E7002E74-8E46-4C8D-8A65-986693AEACE4} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight10_14_40&cd=2XzuyEtN2Y1L1QzutDtDtC0Bzy0EyD0EyB0F0C0D0BtA0AtDtN0D0Tzu0StCtDyBtAtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyCyB0F0BtDtC0FtAtGyDtCtCzytGyEyCzyzztGzz0FyE0BtGtC0AyEzytC0AtA0A0ByDzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyEtB0EtDyDyDyBtGtB0D0C0DtGyEtDtCtBtGzytC0FtCtGzytAzytAyCyEzzzz0B0E0Bzz2Q&cr=1809046025&ir=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
BHO: Hold Page 1.0.0.5 -> {6c14185e-4de6-4a79-985b-19f23fd1e638} -> C:\Program Files\Hold Page\HoldPagebho.dll No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-466073785-3288665186-4084387580-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Najam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-14]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension [2014-11-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-11]

Chrome:
=======
CHR Profile: C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-19]
CHR Extension: (Google Docs) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (YouTube) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Google Search) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Google Sheets) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-19]
CHR Extension: (SiteAdvisor) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-19]
CHR Extension: (Gmail) - C:\Users\Najam\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Najam\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
S3 cpuz134; \??\C:\Users\Najam\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 22:14 - 2014-12-21 22:18 - 00026859 _____ () C:\Users\Najam\Desktop\FRST.txt
2014-12-21 22:14 - 2014-12-21 22:09 - 01113600 _____ (Farbar) C:\Users\Najam\Desktop\FRST.exe
2014-12-21 21:55 - 2014-12-21 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-21 21:30 - 2014-12-21 21:25 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Najam\Desktop\tdsskiller.exe
2014-12-21 21:06 - 2014-12-21 20:37 - 15201368 _____ () C:\Users\Najam\Desktop\RogueKiller.exe
2014-12-21 20:45 - 2014-12-21 21:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-21 20:45 - 2014-12-21 20:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-21 20:36 - 2014-12-21 20:37 - 00027344 _____ () C:\Users\Najam\Downloads\Addition.txt
2014-12-21 20:33 - 2014-12-21 20:37 - 00046014 _____ () C:\Users\Najam\Downloads\FRST.txt
2014-12-21 20:32 - 2014-12-21 22:14 - 00000000 ____D () C:\FRST
2014-12-21 20:30 - 2014-12-21 20:30 - 01113600 _____ (Farbar) C:\Users\Najam\Downloads\FRST.exe
2014-12-19 14:13 - 2014-12-19 14:13 - 00145360 _____ () C:\Windows\Minidump\121914-21777-01.dmp
2014-12-19 12:02 - 2014-12-19 12:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Najam\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 18:02 - 2014-12-15 18:03 - 24445589 _____ () C:\Users\Najam\Downloads\Desktop_Final (1).zip
2014-12-15 18:00 - 2014-12-15 18:01 - 24445589 _____ () C:\Users\Najam\Downloads\Desktop_Final.zip
2014-12-15 17:55 - 2014-12-15 17:55 - 01080608 _____ (Unity Technologies ApS) C:\Users\Najam\Downloads\UnityWebPlayer (1).exe
2014-12-15 17:55 - 2014-12-15 17:55 - 00370552 _____ () C:\Users\Najam\Downloads\Setup (8).exe
2014-12-14 15:38 - 2014-12-14 15:38 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-13 09:51 - 2014-12-19 16:44 - 00000464 ____H () C:\Windows\Tasks\Norton Security Scan for Najam.job
2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-12-13 01:34 - 2014-12-13 01:34 - 00002252 _____ () C:\Users\Najam\Desktop\Chrome App Launcher.lnk
2014-12-13 01:34 - 2014-12-13 01:34 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-12 01:13 - 2014-12-12 01:13 - 17919664 _____ (Adobe Systems Incorporated) C:\Users\Najam\Downloads\install_flash_player_15 [1].exe
2014-12-12 01:11 - 2014-12-12 01:12 - 00731984 _____ ( ) C:\Users\Najam\Downloads\install_flash_player_15.exe
2014-12-12 00:51 - 2014-12-21 21:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 00:45 - 2014-12-19 12:06 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 00:45 - 2014-12-19 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 00:44 - 2014-12-19 12:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-12 00:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 00:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 00:38 - 2014-12-12 00:39 - 00145368 _____ () C:\Windows\Minidump\121214-37112-01.dmp
2014-12-12 00:04 - 2014-12-12 00:04 - 00000000 ____D () C:\Program Files\predm
2014-12-11 23:56 - 2014-12-11 23:56 - 00000000 __SHD () C:\found.011
2014-12-11 23:51 - 2014-12-21 21:38 - 00000000 ____D () C:\Windows\system32\ehdrminitmsvidctlGUI
2014-12-11 23:50 - 2014-12-11 23:59 - 00000000 ____D () C:\Users\Najam\AppData\Local\netmcx2filterapi
2014-12-11 23:33 - 2014-12-11 23:34 - 00000003 _____ () C:\Users\Najam\Downloads\C
2014-12-11 23:30 - 2014-12-11 23:30 - 00895496 _____ () C:\Users\Najam\Downloads\Setup (7).exe
2014-12-11 23:30 - 2014-12-11 23:30 - 00895488 _____ () C:\Users\Najam\Downloads\Setup (4).exe
2014-12-11 11:42 - 2014-11-24 20:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 11:42 - 2014-11-24 20:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 11:42 - 2014-11-24 20:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 11:42 - 2014-11-24 20:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 11:42 - 2014-11-24 20:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 11:42 - 2014-11-24 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 11:42 - 2014-11-24 20:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-11 11:41 - 2014-11-24 20:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 11:40 - 2014-11-24 20:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 11:40 - 2014-11-24 20:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 11:40 - 2014-11-24 20:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 11:40 - 2014-11-24 20:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 11:40 - 2014-11-24 20:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 11:40 - 2014-11-24 20:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 11:40 - 2014-11-24 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 11:40 - 2014-11-24 20:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 11:40 - 2014-11-24 20:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 22:40 - 2014-12-10 22:40 - 00145368 _____ () C:\Windows\Minidump\121014-39842-01.dmp
2014-12-10 16:38 - 2014-12-10 16:38 - 00000000 ____D () C:\ProgramData\16161344571313968911
2014-12-10 13:21 - 2014-12-10 13:21 - 00000000 ____D () C:\Users\Najam\AppData\Local\Rainmaker_Software_Group_
2014-12-10 13:19 - 2014-12-12 00:04 - 00000000 ____D () C:\Users\Najam\Documents\ProPCCleaner
2014-12-10 13:13 - 2014-12-10 13:13 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Rainmaker Software Group LLC.
2014-12-10 13:10 - 2014-12-10 13:10 - 00801008 _____ (Download Publisher) C:\Users\Najam\Downloads\Adobe Flash Player Setup.exe
2014-12-10 12:43 - 2014-12-10 12:45 - 00775968 _____ (Reimage®) C:\Users\Najam\Downloads\ReimageRepair (2).exe
2014-12-10 12:42 - 2014-12-10 12:43 - 00775968 _____ (Reimage®) C:\Users\Najam\Downloads\ReimageRepair (1).exe
2014-12-10 01:09 - 2014-12-10 01:09 - 22356702 _____ () C:\Users\Najam\Downloads\vlc-2.0.0-win32.exe
2014-12-10 01:06 - 2014-12-12 17:37 - 00000000 ____D () C:\ProgramData\CrimeWatch
2014-12-10 00:10 - 2014-12-10 00:11 - 00845072 _____ () C:\Users\Najam\Downloads\Setup (3).exe
2014-12-10 00:08 - 2014-12-10 00:08 - 00463736 _____ (Swift Installer ) C:\Users\Najam\Downloads\Unconfirmed 999895.crdownload
2014-12-09 20:22 - 2014-12-09 20:22 - 00341368 _____ (Swift Installer ) C:\Users\Najam\Downloads\Unconfirmed 562350.crdownload
2014-12-07 20:22 - 2014-12-11 21:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-07 01:32 - 2014-12-19 22:15 - 00000000 ____D () C:\Program Files\SearchProtect
2014-12-07 01:31 - 2014-12-07 01:32 - 00399585 _____ () C:\Users\Najam\Downloads\Setup (6).exe
2014-12-07 01:30 - 2014-12-07 01:31 - 00843192 _____ () C:\Users\Najam\Downloads\Setup (5).exe
2014-12-05 20:17 - 2014-12-10 12:51 - 00000165 _____ () C:\Windows\Reimage.ini
2014-12-05 20:13 - 2014-12-05 20:14 - 00774944 _____ () C:\Users\Najam\Downloads\ReimageRepair.exe
2014-12-04 15:38 - 2014-12-15 17:57 - 00000000 ____D () C:\Users\Najam\AppData\Local\Unity
2014-12-04 15:30 - 2014-12-04 15:30 - 01081992 _____ (Unity Technologies ApS) C:\Users\Najam\Downloads\UnityWebPlayer.exe
2014-12-02 19:53 - 2014-12-02 19:53 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim (2).exe
2014-12-02 19:47 - 2014-12-02 19:48 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim (1).exe
2014-12-02 19:44 - 2014-12-02 19:45 - 05009368 _____ (Adobe Systems Inc.) C:\Users\Najam\Downloads\Shockwave_Installer_Slim.exe
2014-12-01 20:38 - 2014-12-01 20:38 - 00000000 ____D () C:\Program Files\innoApp
2014-12-01 20:30 - 2014-12-01 20:30 - 00000000 ____D () C:\Users\Najam\Documents\Optimizer Pro
2014-12-01 20:28 - 2014-12-01 20:28 - 01390552 _____ (Qwerty) C:\Users\Najam\AppData\Roaming\FAROUT.exe
2014-12-01 20:27 - 2014-12-12 00:25 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.11
2014-12-01 20:23 - 2014-12-01 20:23 - 01876440 _____ (Qwerty) C:\Users\Najam\AppData\Roaming\AUIBYKQI.exe
2014-12-01 20:22 - 2014-12-19 22:15 - 00000000 ____D () C:\Program Files\globalUpdate
2014-12-01 20:22 - 2014-12-01 20:22 - 00000000 ____D () C:\Users\Najam\AppData\Local\globalUpdate
2014-12-01 20:08 - 2014-12-01 20:08 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full (2).exe
2014-12-01 19:51 - 2014-12-01 19:51 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full.exe
2014-12-01 19:51 - 2014-12-01 19:51 - 00485224 _____ () C:\Users\Najam\Downloads\equalizer_the_movie_Full (1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 22:16 - 2012-08-16 16:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 22:15 - 2009-10-22 23:26 - 00392726 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 21:59 - 2009-10-22 23:11 - 01583041 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 21:58 - 2010-02-09 23:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 21:57 - 2009-10-22 22:42 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 21:57 - 2009-10-22 22:42 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-21 21:55 - 2014-07-29 03:02 - 00001849 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-12-21 21:50 - 2010-02-09 23:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 21:50 - 2009-10-22 22:55 - 03384906 _____ () C:\Windows\PFRO.log
2014-12-21 21:50 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 21:50 - 2009-07-14 04:39 - 07408013 _____ () C:\Windows\setupact.log
2014-12-21 21:48 - 2014-03-13 22:33 - 00647533 _____ () C:\Windows\IE11_main.log
2014-12-21 21:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2014-12-19 14:13 - 2012-08-12 04:56 - 00000000 ____D () C:\Windows\Minidump
2014-12-15 17:39 - 2006-11-02 10:23 - 00000321 _____ () C:\Windows\win.ini
2014-12-14 22:59 - 2007-04-13 16:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-14 15:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-13 09:51 - 2009-10-22 23:28 - 00000000 ____D () C:\ProgramData\Norton
2014-12-12 01:20 - 2009-10-13 23:27 - 00000000 ____D () C:\Users\Najam\AppData\Local\Adobe
2014-12-12 01:18 - 2012-08-16 16:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-12 01:18 - 2012-08-16 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 00:45 - 2009-10-14 13:15 - 00000000 ____D () C:\Users\Najam\AppData\Roaming\Malwarebytes
2014-12-12 00:44 - 2009-10-14 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 00:23 - 2009-11-05 01:38 - 00000000 ____D () C:\Program Files\Ashampoo
2014-12-12 00:22 - 2009-10-22 13:59 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-11 14:37 - 2014-03-08 10:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 14:30 - 2009-10-23 00:10 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 19:52 - 2009-10-22 22:43 - 00000000 ____D () C:\Users\Najam
2014-12-10 00:32 - 2012-08-16 16:37 - 00002136 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 00:12 - 2012-08-17 14:35 - 00000000 _____ () C:\END
2014-12-07 01:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Resources
2014-12-02 19:45 - 2010-02-04 19:39 - 00000000 ____D () C:\Windows\system32\Adobe
2014-11-30 09:16 - 2014-03-12 23:48 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-29 19:40 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2014-11-29 16:33 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-28 13:56 - 2010-01-11 00:06 - 00000000 ____D () C:\Users\Najam\Tracing
2014-11-24 14:04 - 2010-10-22 11:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2014-03-11 21:22 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Najam\AppData\Local\Temp\BSI.exe
C:\Users\Najam\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe
C:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exe
C:\Users\Najam\AppData\Local\Temp\installhelper.dll
C:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Najam\AppData\Local\Temp\optprosetup.exe
C:\Users\Najam\AppData\Local\Temp\promote-upx.exe
C:\Users\Najam\AppData\Local\Temp\propsys.dll
C:\Users\Najam\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exe
C:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exe
C:\Users\Najam\AppData\Local\Temp\Runner2.exe
C:\Users\Najam\AppData\Local\Temp\Runner4.exe
C:\Users\Najam\AppData\Local\Temp\sqlite3.exe
C:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Najam\AppData\Local\Temp\tbDVDV.dll
C:\Users\Najam\AppData\Local\Temp\ttv.exe
C:\Users\Najam\AppData\Local\Temp\wme.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 11:44

==================== End Of Log ============================

Below is the Addition Log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2014 01
Ran by Najam at 2014-12-21 22:20:21
Running from C:\Users\Najam\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Virgin Media Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Virgin Media Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Ashampoo Burning Studio 9.20 (HKLM\...\Ashampoo Burning Studio 9_is1) (Version: 9.2.0 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Emdedded IR Driver (HKLM\...\InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}) (Version: 0.0.0.6C - Compal Electronics, Inc.)
Emdedded IR Driver (Version: 0.0.0.6C - Compal Electronics, Inc.) Hidden
Free YouTube to MP3 Converter version 3.11.26.706 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.26.706 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.1 (HKLM\...\myphotobook) (Version: 3.1 - myphotobook)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Radialpoint Dashboard Patch version 13.12.23.29994 (Version: 13.12.23.29994 - ) Hidden
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RPS CRT (Version: 9.0.34 - Virgin Media) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.32 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
Unity Web Player (HKU\S-1-5-21-466073785-3288665186-4084387580-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb983486) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{913DFE19-32EC-4099-89AC-27FC493A7A2E}) (Version: - Microsoft)
Utility Common Driver (Version: 0.0.1.1C - TOSHIBA) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WSE_Vosteran (HKLM\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-466073785-3288665186-4084387580-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Najam\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-466073785-3288665186-4084387580-1000_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Najam\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B9ED594-45CE-40AE-904D-A4B27385BFE4} - System32\Tasks\{5FC3A9BD-3843-4786-A858-AEDA5FA2A9D0} => pcalua.exe -a "C:\Program Files\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files\Windows Installer Clean Up"
Task: {2108AC8A-9B9E-44A9-B22D-0481C6D1B9A1} - System32\Tasks\{B7E9FDBD-A434-419E-9830-04EC18EE3B84} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{A1882EF8-3EB9-42F3-8FE5-1E024DDC2C6A}\setup.exe -d "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Najam\Desktop"
Task: {493DABC5-67E6-4709-ABA1-A27616D83A7D} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5674DA62-FB36-41A3-87C8-B456D6FDB571} - System32\Tasks\{51C037FB-DD25-441D-8088-5BA599C3C2D3} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{0F7066C7-9B97-4495-89A0-8BCA495335C7}\setup.exe -d "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Najam\Desktop"
Task: {64DFF8E8-147D-49CB-8F54-60E9EF7E7892} - System32\Tasks\{140C2766-9F15-4AD6-B632-7423BF68C8CF} => pcalua.exe -a "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1FLOM85\VirtualDkBb5%201.1c[1].exe" -d C:\Users\Najam\Desktop
Task: {72CC239D-F2F6-4A93-8FFD-CA7E64E21652} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)
Task: {7368665F-C64A-4592-8A49-6F1A59BECCAC} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
Task: {748A3D86-7F96-4A55-B425-2235680FB47B} - System32\Tasks\Norton Security Scan for Najam => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {A7B94408-4FFE-4573-8127-A5ABDDCACEEF} - System32\Tasks\{327760AC-A56B-4CAC-BD45-DDCC3F7D2A3E} => pcalua.exe -a C:\Users\Najam\Desktop\winvista_15124.exe -d C:\Users\Najam\Desktop
Task: {BCEF42E6-5432-4A2F-A8B2-580D19FE24CC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
Task: {C4869B1A-3279-4DB8-8614-54B1ABFF188C} - System32\Tasks\{9580919B-E5C9-4286-B99F-228180408AB3} => pcalua.exe -a C:\Users\Najam\AppData\Local\Temp\Low\{AC98CE76-057D-428D-AD0F-FD96691ECA24}\setup.exe -d C:\Users\Najam\Desktop
Task: {DB8BB350-6F9B-433B-93A0-3D6424BFA541} - System32\Tasks\{F4F3ADE6-CC57-431F-9CCD-DBD64D077385} => pcalua.exe -a C:\Users\Najam\Downloads\msicuu2.exe -d C:\Users\Najam\Downloads
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EAC71A44-47D4-47E0-A2B0-7BC048EC3617} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)
Task: {F5BBB3E1-5047-4C99-8120-A84F0CAA1AE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F7DB8A69-813B-4E27-89D7-558D4AB43B49} - System32\Tasks\{490941B9-99EB-4419-A5FE-4AAA1CB2BE6C} => pcalua.exe -a "C:\Users\Najam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SV6S7QFM\winvista_15115[1].exe" -d C:\Windows\system32

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Najam.job => C:\PROGRA~1\Norton Security Scan\Engine\4.1.0.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2009-10-15 22:31 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2007-07-10 16:12 - 2006-10-10 10:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2006-11-08 18:08 - 2006-11-08 18:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2006-11-06 16:14 - 2006-11-06 16:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24265525.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69387791.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24265525.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69387791.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-466073785-3288665186-4084387580-500 - Administrator - Disabled)
Guest (S-1-5-21-466073785-3288665186-4084387580-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-466073785-3288665186-4084387580-1002 - Limited - Enabled)
Najam (S-1-5-21-466073785-3288665186-4084387580-1000 - Administrator - Enabled) => C:\Users\Najam

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 09:27:31 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:27:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:58 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:55 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:54 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:49 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:47 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:44 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:41 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

Error: (12/21/2014 09:26:37 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x800700b7, Failed to add Gather Application: Windows>.

System errors:
=============
Error: (12/21/2014 10:21:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 26 time(s).

Error: (12/21/2014 10:21:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (12/21/2014 10:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 25 time(s).

Error: (12/21/2014 10:21:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (12/21/2014 10:21:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 24 time(s).

Error: (12/21/2014 10:21:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (12/21/2014 10:18:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 23 time(s).

Error: (12/21/2014 10:18:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Error: (12/21/2014 10:17:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 22 time(s).

Error: (12/21/2014 10:17:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%183

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-12-10 12:48:49.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-10 12:48:40.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:45.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:45.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:45.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:44.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:44.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:44.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:43.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-16 03:07:43.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 63%
Total physical RAM: 2038.43 MB
Available physical RAM: 739.33 MB
Total Pagefile: 4076.86 MB
Available Pagefile: 2695.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.83 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:55.66 GB) (Free:19.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:54.66 GB) (Free:54.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BDBFE5D0)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=55.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=54.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Below is the RogueKiller log

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Najam [Administrator]
Mode : Scan -- Date : 12/21/2014 23:58:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:31524 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 23 (Driver: Loaded) ¤¤¤
[sSDT:Addr(Hook.SSDT)] NtCreateKey[70] : Unknown @ 0x882aeaa0
[sSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x88a35a00
[sSDT:Addr(Hook.SSDT)] NtCreateProcess[79] : Unknown @ 0x882ad5a0
[sSDT:Addr(Hook.SSDT)] NtCreateProcessEx[80] : Unknown @ 0x882ad8a0
[sSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x88a35dc0
[sSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x88a35340
[sSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x88a35520
[sSDT:Addr(Hook.SSDT)] NtCreateUserProcess[93] : Unknown @ 0x882adba0
[sSDT:Addr(Hook.SSDT)] NtDeleteKey[103] : Unknown @ 0x882af0a0
[sSDT:Addr(Hook.SSDT)] NtDeleteValueKey[106] : Unknown @ 0x882af9a0
[sSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x88a35fa0
[sSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x88a35700
[sSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x882adea0
[sSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x882aff80
[sSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x882ae1a0
[sSDT:Addr(Hook.SSDT)] NtRenameKey[290] : Unknown @ 0x882af3a0
[sSDT:Addr(Hook.SSDT)] NtRestoreKey[302] : Unknown @ 0x882af6a0
[sSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x88a35be0
[sSDT:Addr(Hook.SSDT)] NtSetValueKey[358] : Unknown @ 0x882aeda0
[sSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x882ae4a0
[sSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x882ae7a0
[sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x88a35160
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\system32\DRIVERS\LPCFilter.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2120BH +++++
--- User ---
[MBR] b35783bd8e6f709d061e511ddbc5c7dc
[bSP] cc7e755da6908c2dc241a83cf9bcfaad : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 57000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 119810048 | Size: 55971 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_12212014_212114.log - RKreport_DEL_12212014_212148.log - RKreport_DEL_12212014_212224.log - RKreport_SCN_12212014_205551.log
RKreport_SCN_12212014_211730.log

MrCharlie · December 22, 2014

Did you set this proxy in Internet Explorer:

ProxyEnable: [s-1-5-21-466073785-3288665186-4084387580-1000] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-466073785-3288665186-4084387580-1000] => http=127.0.0.1:31524

======================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=====================================

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/<---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Najkon · December 22, 2014

I did not set that proxy in Internet Explorer.

I clicked fix only once but this error message has appeared:

AutoIt Error

Line 9686 (File "C:\Users\Najam\Desktop\FRST.exe"):

Error: Error in expression.

What does this mean and what should I do next?

I do not want to do anything without your advice

Thanks

Najkon · December 22, 2014

p.s. this is the FixLog after running the Fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01
Ran by Najam at 2014-12-22 00:57:31 Run:1
Running from C:\Users\Najam\Desktop
Loaded Profile: Najam (Available profiles: Najam)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winlogon\Notify\mlicnai: [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Hold Page 1.0.0.5 -> {6c14185e-4de6-4a79-985b-19f23fd1e638} -> C:\Program Files\Hold Page\HoldPagebho.dll No File
Toolbar: HKU\S-1-5-21-466073785-3288665186-4084387580-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Najam\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]
C:\Users\Najam\AppData\Roaming\AUIBYKQI.exe
C:\Users\Najam\AppData\Local\Temp\BSI.exe
C:\Users\Najam\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe
C:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exe
C:\Users\Najam\AppData\Local\Temp\installhelper.dll
C:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Najam\AppData\Local\Temp\optprosetup.exe
C:\Users\Najam\AppData\Local\Temp\promote-upx.exe
C:\Users\Najam\AppData\Local\Temp\propsys.dll
C:\Users\Najam\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exe
C:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exe
C:\Users\Najam\AppData\Local\Temp\Runner2.exe
C:\Users\Najam\AppData\Local\Temp\Runner4.exe
C:\Users\Najam\AppData\Local\Temp\sqlite3.exe
C:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Najam\AppData\Local\Temp\tbDVDV.dll
C:\Users\Najam\AppData\Local\Temp\ttv.exe
C:\Users\Najam\AppData\Local\Temp\wme.dll
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlicnai" => Key deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully.
"HKCR\CLSID\{6c14185e-4de6-4a79-985b-19f23fd1e638}" => Key deleted successfully.
HKU\S-1-5-21-466073785-3288665186-4084387580-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => Key deleted successfully.
C:\Users\Najam\AppData\Roaming\AUIBYKQI.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\BSI.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\ICSW_0E1E1L1R0L1T1S.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\promote-upx.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\propsys.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\Resource_AcceptRate.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\Resource_Toolbar.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\Runner2.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\Runner4.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\tbDVDV.dll => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\ttv.exe => Moved successfully.
C:\Users\Najam\AppData\Local\Temp\wme.dll => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

MrCharlie · December 22, 2014

Yes that's correct, continue on with the rest of it, MrC

Najkon · December 22, 2014

Please find attached the TDSSKiller Logs

TDSSKiller.3.0.0.42_22.12.2014_01.10.04_log.txt

TDSSKiller.3.0.0.42_22.12.2014_01.13.55_log.txt

Najkon · December 22, 2014

Below is the ComboFix log

ComboFix 14-12-14.01 - Najam 22/12/2014   1:38.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2038.1154 [GMT 0:00]
Running from: c:\users\Najam\Desktop\ComboFix.exe
AV: Virgin Media Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Virgin Media Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Najam\2057.MST
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-22 to 2014-12-22 )))))))))))))))))))))))))))))))
.
.
2014-12-22 01:32 . 2014-12-22 01:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F90702-892E-455C-A24F-772C058A5197}\offreg.dll
2014-12-21 21:37 . 2014-12-21 21:37 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-21 20:45 . 2014-12-21 23:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-21 20:45 . 2014-12-21 20:45 -------- d-----w- c:\programdata\RogueKiller
2014-12-21 20:32 . 2014-12-22 00:58 -------- d-----w- C:\FRST
2014-12-19 11:44 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F90702-892E-455C-A24F-772C058A5197}\mpengine.dll
2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\windows\system32\drivers\NSS
2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\program files\Norton Security Scan
2014-12-13 09:51 . 2014-12-13 09:51 -------- d-----w- c:\program files\NortonInstaller
2014-12-12 00:51 . 2014-12-22 01:58 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 00:44 . 2014-11-21 06:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 00:44 . 2014-11-21 06:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-12 00:44 . 2014-12-19 12:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-12 00:04 . 2014-12-12 00:04 -------- d-----w- c:\program files\predm
2014-12-11 23:56 . 2014-12-11 23:56 -------- d-----w- C:\found.011
2014-12-11 23:51 . 2014-12-21 21:38 -------- d-----w- c:\windows\system32\ehdrminitmsvidctlGUI
2014-12-11 23:50 . 2014-12-11 23:59 -------- d-----w- c:\users\Najam\AppData\Local\netmcx2filterapi
2014-12-11 11:41 . 2014-11-24 20:34 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2014-12-11 11:41 . 2014-11-24 20:51 757968 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-12-11 11:41 . 2014-11-24 20:34 22528 ----a-w- c:\program files\Internet Explorer\ExtExport.exe
2014-12-11 11:41 . 2014-11-24 20:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-12-11 11:41 . 2014-11-24 20:35 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-12-11 11:40 . 2014-11-24 20:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-11 11:40 . 2014-11-24 20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-11 11:40 . 2014-11-24 20:44 367104 ----a-w- c:\windows\system32\html.iec
2014-12-11 11:40 . 2014-11-24 20:34 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-12-11 11:40 . 2014-11-24 20:40 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-12-10 16:38 . 2014-12-10 16:38 -------- d-----w- c:\programdata\16161344571313968911
2014-12-10 13:21 . 2014-12-10 13:21 -------- d-----w- c:\users\Najam\AppData\Local\Rainmaker_Software_Group_
2014-12-10 13:13 . 2014-12-10 13:13 -------- d-----w- c:\users\Najam\AppData\Roaming\Rainmaker Software Group LLC.?
2014-12-10 01:06 . 2014-12-12 17:37 -------- d-----w- c:\programdata\CrimeWatch
2014-12-07 01:32 . 2014-12-19 22:15 -------- d-----w- c:\program files\SearchProtect
2014-12-04 15:38 . 2014-12-15 17:57 -------- d-----w- c:\users\Najam\AppData\Local\Unity
2014-12-01 20:38 . 2014-12-01 20:38 -------- d-----w- c:\program files\innoApp
2014-12-01 20:28 . 2014-12-01 20:28 1390552 ----a-w- c:\users\Najam\AppData\Roaming\FAROUT.exe
2014-12-01 20:27 . 2014-12-12 00:25 -------- d-----w- c:\program files\Optimizer Pro 3.11
2014-12-01 20:22 . 2014-12-19 22:15 -------- d-----w- c:\program files\globalUpdate
2014-12-01 20:22 . 2014-12-01 20:22 -------- d-----w- c:\users\Najam\AppData\Local\globalUpdate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 01:18 . 2012-08-16 16:36 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-12 01:18 . 2012-08-16 16:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-24 14:04 . 2010-10-22 11:47 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 06:14 . 2014-03-11 21:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-09-17 112632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-11 280576]
.
c:\users\Najam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0069801419211939mcinstcleanup;McAfee Application Installer Cleanup (0069801419211939);c:\users\Najam\AppData\Local\Temp\0069801419211939mcinst.exe [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R3 cpuz134;cpuz134;c:\users\Najam\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\siteadvisor\McSACore.exe [2014-11-13 133696]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 64080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-22 00:58 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 01:18]
.
2014-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 19:47]
.
2014-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 19:47]
.
2014-12-19 c:\windows\Tasks\Norton Security Scan for Najam.job
- c:\progra~1\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-12-13 06:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:31524
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKCU-Run-TOSCDSPD - c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
SafeBoot-24265525.sys
SafeBoot-30105759.sys
SafeBoot-69387791.sys
AddRemove-RadialpointDashboardPatch_is1 - c:\users\Najam\AppData\Local\Temp\is-SQEE0.tmp\unins000.exe
AddRemove-WSE_Vosteran - c:\progra~1\WSE_Vosteran\\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-12-22 02:02:30 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-22 02:02
.
Pre-Run: 20,996,214,784 bytes free
Post-Run: 23,029,604,352 bytes free
.
- - End Of File - - 7233E7B1CEAEF1BD6596EE3D4FE25238
A36C5E4F47E84449FF07ED3517B43A31

MrCharlie · December 22, 2014

Looks OK, how is it????

To delete that proxy in IE:

Download and run Run Fixit:

http://support.microsoft.com/kb/2289942

MrC

Najkon · December 22, 2014

It looks fine, running a little quicker.

But now there is a problem where windows update will not complete its updates and keeps suggesting the same updates

MrCharlie · December 22, 2014

But now there is a problem where windows update will not complete its updates and keeps suggesting the same updates

That problem most likely was always there...don't blame it on me.

Download and run rkill (post the log):
http://www.bleepingcomputer.com/download/rkill/dl/132/

Then............

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked: (check all the boxes)
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

MrC

Najkon · December 22, 2014

Haha I'm not blaming you mate, you've been great!

rkill log:

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/22/2014 03:05:17 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/22/2014 03:06:38 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)

FSS Log:

Farbar Service Scanner Version: 21-07-2014
Ran by Najam (administrator) on 22-12-2014 at 03:07:42
Running from "C:\Users\Najam\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

MrCharlie · December 22, 2014

Did you disable the icon???

Action Center Notification Icon =====> HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart" value does not exist.

==========================

From your FRST log:

Check "winmgmt" service or repair WMI. (Windows Management Instrumentation)

Check to see that the winmgmt" service is running and set to automatic

Let me know, MrC (Be Back in the AM)

Najkon · December 22, 2014

Hi I did not disable the icon as I do not know how to. Also your second instruction I do not know how to check that the service is running. I typed "winmgmt" into the search box and clicked to open but a command prompt window opened and quickly closed itself back down.

MrCharlie · December 22, 2014

http://computerstepbystep.com/windows_management_instrumentation_service.html

That link should explain it, MrC

Najkon · December 22, 2014

The winmgmt service is running and is set to automatic but still having the problem with windows update. Malwarebytes also says protection is disabled all of the time

MrCharlie · December 22, 2014

Do a clean re-install of Malwarebytes:

https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/<---clean re-install

MrC

Najkon · December 22, 2014

That's great! Thanks! Malwarebytes is working fine now.

Do you have any ideas on the windows update issue?

Najkon · December 22, 2014

Hi, just an update. The system will not allow me to install my McAfee antivirus software

MrCharlie · December 23, 2014

Give this a try:

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingcomputer.com/forums/topic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

resetWMI;

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

MrC

AdvancedSetup · January 1, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Logs for MrC

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information