Jump to content

After rebooting, my computer is stuck on the welcome page

aim

By aim
in Resolved Malware Removal Logs

 Share

Recommended Posts

aim

aim

Posted
Posted
Hello,

 

There's a similar topic on this by another user, but the post was closed. So I still can't find solution to this

 

I have  a problem as my Avira constantly detected TR/Miuref.Gen.A in my pc. I've tried spybot and Combofix, but every time  the window starts, the problem persists. So i'm stuck cleaning this manually for days now and i'm stuck in a loop because the problem repeats whenever i start my pc. So today i decided to try MBAM, so I ran the program just now on my Win 7 PC, and it detected 30+ things and asked me to reboot, so I did.

 

The problem is now, I can't seem to start my pc. I'm stuck on the black screen welcoming page, and the only way i can access the computer is through safe mode (which i am using now). 

 

Can someone help me with this? I only have 1 pc and i use it a LOT. I'm beyond desperate. 

 

 

Thank you in advance for your time and help

 

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hi, 

 

Since the time i posted this, I've tried various ways to start my pc normally, and I found one from:

http://www.pvladov.com/2012/08/windows-7-stuck-on-welcome-screen.html

 

I did the first process recommended by the author and Voila! Everything is ok so far, but pls tell me if this is not the right way of resolving the problem. Thanks

 

What I did in Safe mode:

  1. Click the Start menu, enter "msconfig" and hit Enter
  2. On the General tab click Selective Startup
  3. Clear the Load Startup items check box
  4. Click the Services tab, click Hide All Microsoft Services to select it and then click the Disable All button
  5. Click OK and restart your computer
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Your system is running in a "Clean Boot" mode, basically all none system services are disabled. You will eventually have to boot back to Normal mode at some point. leave in clean boot for now and run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Let me see those logs...

 

Thanks,

 

Kevin..

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hello there, 

 

Thanks for the speedy reply.

 

1. I've uninstalled my bittorrent. 

2. I've run the farbar rec. Tool.Here's the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by user (administrator) on USER-PC on 28-02-2015 22:50:35
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Basic (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Duck Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{EBC0244A-6BA2-C2B1-09E6-948FC450C25A} [2015-02-22]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-21]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-01-10]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ABP ( Adblock Plus )) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 GCTWiMaxServiceD; C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [569464 2013-06-06] (GCT Semiconductor, Inc.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-09] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 GDMINIT; C:\Windows\System32\DRIVERS\gdminit.sys [32768 2013-07-03] (GCT Semiconductor)
S3 GdmUWm; C:\Windows\System32\DRIVERS\gdmuwm.sys [111104 2013-07-03] (GCT Semiconductor, Inc.)
R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2013-07-03] (GCT Semiconductor, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 22:50 - 2015-02-28 22:51 - 00013570 _____ () C:\Users\user\Downloads\FRST.txt
2015-02-28 22:50 - 2015-02-28 22:50 - 00000000 ____D () C:\FRST
2015-02-28 21:39 - 2015-02-28 21:39 - 00279176 _____ () C:\Windows\Minidump\022815-23446-01.dmp
2015-02-28 21:33 - 2015-02-28 21:36 - 00002151 _____ () C:\Users\user\Desktop\malwarebyte help.txt
2015-02-28 21:03 - 2015-02-28 21:03 - 02087936 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-02-28 20:28 - 2015-02-28 20:28 - 00279176 _____ () C:\Windows\Minidump\022815-22557-01.dmp
2015-02-28 20:22 - 2015-02-28 20:22 - 00279176 _____ () C:\Windows\Minidump\022815-18064-01.dmp
2015-02-28 20:14 - 2015-02-28 20:14 - 00279176 _____ () C:\Windows\Minidump\022815-22869-01.dmp
2015-02-28 20:11 - 2015-02-28 21:39 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 20:11 - 2015-02-28 20:11 - 00279176 _____ () C:\Windows\Minidump\022815-16645-01.dmp
2015-02-28 19:41 - 2015-02-28 20:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:40 - 2015-02-28 19:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 19:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-28 19:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 19:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 19:27 - 2015-02-28 19:27 - 00015519 _____ () C:\ComboFix.txt
2015-02-26 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-26 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-26 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-26 23:27 - 2015-02-28 19:27 - 00000000 ____D () C:\Qoobox
2015-02-26 23:26 - 2015-02-26 23:41 - 00000000 ____D () C:\Windows\erdnt
2015-02-26 19:51 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195132.backup
2015-02-26 19:50 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195036.backup
2015-02-26 19:45 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-194553.backup
2015-02-26 19:22 - 2015-02-26 19:22 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2015-02-24 23:36 - 2015-02-27 20:11 - 00000000 ____D () C:\Users\user\Desktop\TeMM
2015-02-24 10:53 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-105335.backup
2015-02-24 06:05 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-060503.backup
2015-02-24 05:07 - 2015-02-24 05:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-24 05:06 - 2015-02-24 05:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-24 05:06 - 2015-02-24 05:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-24 05:06 - 2015-02-24 05:06 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-24 05:06 - 2015-02-24 05:06 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-24 05:06 - 2015-02-24 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-24 05:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-23 15:14 - 2015-02-23 15:14 - 00032867 _____ () C:\Users\user\Downloads\Gintama 001-002 - You Jerks! And You Claim to Have Gintama.torrent
2015-02-23 14:57 - 2015-02-23 14:57 - 00055068 _____ () C:\Users\user\Downloads\(AnimeOut) Gintama (Season 1-4) (Complete Batch) (480p - 70MB - Encoded).torrent
2015-02-23 12:59 - 2015-02-28 20:11 - 00008720 _____ () C:\Windows\PFRO.log
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion
2015-02-10 00:14 - 2015-02-10 00:14 - 00002305 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk
2015-02-10 00:14 - 2015-02-10 00:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-05 19:27 - 2015-02-05 22:37 - 00000000 ____D () C:\Users\user\Desktop\BEL 311
2015-02-03 18:30 - 2015-02-28 21:52 - 00004286 _____ () C:\Windows\setupact.log
2015-02-03 18:30 - 2015-02-03 18:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 02:35 - 2015-02-02 02:35 - 00015708 _____ () C:\Users\user\Downloads\[kickass.so]goliyon.ki.raasleela.ram.leela.2014.1080p.dvdrip.x264team.ddh.rg.torrent
2015-01-30 22:40 - 2015-01-30 22:47 - 18485739 _____ () C:\Users\user\Downloads\Nagada Sang Dhol Song - Goliyon Ki Raasleela Ram-leela ft. Deepika Padukone, Ranveer Singh.mp4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 22:49 - 2013-08-08 23:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-02-28 22:44 - 2013-12-07 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 22:00 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 22:00 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 21:55 - 2013-03-09 18:30 - 01416657 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 21:52 - 2013-12-07 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 21:52 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 21:51 - 2014-08-25 23:33 - 00000000 ____D () C:\Windows\pss
2015-02-28 20:10 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-28 19:39 - 2014-01-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-28 19:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-28 03:41 - 2014-03-23 00:14 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 03:34 - 2014-06-23 14:54 - 00000000 ____D () C:\temp
2015-02-26 23:44 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2015-02-24 02:15 - 2013-06-11 23:17 - 00000000 ___RD () C:\Users\user\Desktop\all
2015-02-24 02:03 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-23 15:47 - 2013-03-27 21:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-02-21 23:44 - 2013-06-23 16:35 - 00000000 ___RD () C:\Users\user\Documents\Homework
2015-02-15 23:55 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 04:38 - 2013-12-07 22:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 04:38 - 2013-12-07 22:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 05:45 - 2013-03-09 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2015-02-03 05:44 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-03 05:01 - 2013-04-08 17:20 - 00000000 ____D () C:\Users\user\dwhelper
 
==================== Files in the root of some directories =======
 
2014-07-17 10:47 - 2014-07-17 10:47 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-26 20:11 - 2014-08-26 20:15 - 0000000 _____ () C:\Users\user\AppData\Local\{79B9CA41-C31A-434F-A63A-2D2644B63DF4}
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 14:48
 
==================== End Of Log ============================
 
 

Addition.txt

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hello Kevin, 

 

Just finished running the roguekiller tool. Here's the report

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Administrator]
Mode : Scan -- Date : 02/28/2015  23:02:29
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 24 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}  -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49601;https=127.0.0.1:49601;  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71C3A964-2FA0-441A-88BA-3344E8010A33} | DhcpNameServer : 10.0.7.12 10.0.8.19 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7AC4077E-5434-4122-B7C3-F6E992F1A50C} | DhcpNameServer : 183.78.0.142 183.78.0.145 [MALAYSIA (MY)][MALAYSIA (MY)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 321750dc2c25e7500ed178a32a5ab811
[bSP] ee4966fd2367ef4d406bfaff226a9519 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 

RKreport_SCN_02282015_230229.log

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Set your system to re-boot to normal mode:

 

  • Click Start, type msconfig.exe in the Start Search box, and then press Enter.
  • Note If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
  • On the General tab, click the Normal Startup option, and then click OK.
  • When you are prompted to restart the computer, click Restart.

 

If the system boots normally re-run FRST once more, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" post the two new logs....

Fixlist.txt

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hello Kevin, 

 

i've run FRST, and it asked to reboot. This is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by user at 2015-03-01 05:21:17 Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864AC
FF SearchEngineOrder.1: Ask.com
EmptyTemp:
end
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.
Could not move "C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B}" => Key deleted successfully.
HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 
"HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1}" => Key deleted successfully.
HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 
Firefox SearchEngineOrder.1 deleted successfully.
EmptyTemp: => Removed 128.3 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 05:23:55)<=
 
C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll => Is moved successfully.
 
==== End of Fixlog 05:23:55 ====
 
 
 
 
 
 
 
I'll post the 2nd log after i reboot normally shortly
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

hello, 

 

I've tried rebooting after altering the msconfig to normal startup, and the pc restarted in normal mode. 

 

However, before i got to run FRST, the pc crashed and now i'm back to safe mode with networking again......

 

What should i do?

 

Also, thanks so much for helping me. I really appreciate this.

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hi,

 

I can borrow my friend's pc if i have to, and i do have a flashdrive.

 

I've repeated the above process basically. This time the pc didn't crash, but there's no 2nd log generated anywhere even after i rebooted after changing the msconfig to normal.

Can you take a look at the printscreen of my desktop in the attachment- i got new "security alert"- which i assumed is still the trojan running around

 

so here's the first log:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by user at 2015-03-01 06:32:18 Run:3
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3343311198-1188524082-4047472181-1000 -> {E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} URL = http://websearch.ask...FD-ADE0B2A864AC
FF SearchEngineOrder.1: Ask.com
EmptyTemp:
end
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider => Key not found. 
HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => Key not found. 
"C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Google => Key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 
HKCR\CLSID\{3B5A01DE-6D87-4373-A1C8-B82ACEE2982B} => Key not found. 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 
HKCR\CLSID\{E5A57DA3-B01B-4316-9EFB-3CD4465D84B1} => Key not found. 
Firefox SearchEngineOrder.1 deleted successfully.
EmptyTemp: => Removed 107 KB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 06:32:33 ====
 
 
 
 

post-184303-0-32715300-1425163398_thumb.

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

HI, 

 

Here are the two logs:

 

FRST: 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by user (administrator) on USER-PC on 01-03-2015 16:00:56
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Basic (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-01-10] (Tonec Inc.)
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [bitTorrent] => "C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Duck Properties - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{EBC0244A-6BA2-C2B1-09E6-948FC450C25A} [2015-02-22]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-21]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2013-07-21]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-01-10]
FF HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ABP ( Adblock Plus )) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnflkjkcebjioagifeaongciheiogj [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2013-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 GCTWiMaxServiceD; C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [569464 2013-06-06] (GCT Semiconductor, Inc.) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-09] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 GDMINIT; C:\Windows\System32\DRIVERS\gdminit.sys [32768 2013-07-03] (GCT Semiconductor)
S3 GdmUWm; C:\Windows\System32\DRIVERS\gdmuwm.sys [111104 2013-07-03] (GCT Semiconductor, Inc.)
R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2013-07-03] (GCT Semiconductor, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 15:51 - 2015-03-01 15:51 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion
2015-03-01 06:57 - 2015-03-01 06:57 - 00000000 ____D () C:\ProgramData\APN
2015-03-01 05:31 - 2015-03-01 05:31 - 00279176 _____ () C:\Windows\Minidump\030115-24913-01.dmp
2015-03-01 05:20 - 2015-03-01 06:24 - 00001154 _____ () C:\Users\user\Desktop\Fixlist.txt
2015-02-28 23:06 - 2015-02-28 23:03 - 00005456 _____ () C:\Users\user\Desktop\RKreport_SCN_02282015_230229.log
2015-02-28 22:57 - 2015-02-28 22:57 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-28 22:57 - 2015-02-28 22:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-28 22:52 - 2015-02-28 22:52 - 00027093 _____ () C:\Users\user\Desktop\Addition.txt
2015-02-28 22:52 - 2015-02-28 22:52 - 00023373 _____ () C:\Users\user\Desktop\FRST.txt
2015-02-28 22:51 - 2015-03-01 15:52 - 00026408 _____ () C:\Users\user\Downloads\Addition.txt
2015-02-28 22:50 - 2015-03-01 16:01 - 00015405 _____ () C:\Users\user\Downloads\FRST.txt
2015-02-28 22:50 - 2015-03-01 16:01 - 00000000 ____D () C:\FRST
2015-02-28 21:39 - 2015-02-28 21:39 - 00279176 _____ () C:\Windows\Minidump\022815-23446-01.dmp
2015-02-28 21:33 - 2015-02-28 22:58 - 00002727 _____ () C:\Users\user\Desktop\malwarebyte help.txt
2015-02-28 21:03 - 2015-03-01 15:51 - 02092544 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-02-28 20:28 - 2015-02-28 20:28 - 00279176 _____ () C:\Windows\Minidump\022815-22557-01.dmp
2015-02-28 20:22 - 2015-02-28 20:22 - 00279176 _____ () C:\Windows\Minidump\022815-18064-01.dmp
2015-02-28 20:14 - 2015-02-28 20:14 - 00279176 _____ () C:\Windows\Minidump\022815-22869-01.dmp
2015-02-28 20:11 - 2015-03-01 05:31 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 20:11 - 2015-02-28 20:11 - 00279176 _____ () C:\Windows\Minidump\022815-16645-01.dmp
2015-02-28 19:41 - 2015-03-01 06:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 19:40 - 2015-02-28 19:40 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-28 19:40 - 2015-02-28 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 19:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-28 19:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 19:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 19:27 - 2015-02-28 19:27 - 00015519 _____ () C:\ComboFix.txt
2015-02-26 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-26 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-26 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-26 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-26 23:27 - 2015-02-28 19:27 - 00000000 ____D () C:\Qoobox
2015-02-26 23:26 - 2015-02-26 23:41 - 00000000 ____D () C:\Windows\erdnt
2015-02-26 19:51 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195132.backup
2015-02-26 19:50 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-195036.backup
2015-02-26 19:45 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150226-194553.backup
2015-02-26 19:22 - 2015-02-26 19:22 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2015-02-24 23:36 - 2015-02-27 20:11 - 00000000 ____D () C:\Users\user\Desktop\TeMM
2015-02-24 10:53 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-105335.backup
2015-02-24 06:05 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-060503.backup
2015-02-24 05:07 - 2015-02-24 05:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-24 05:06 - 2015-02-24 05:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-24 05:06 - 2015-02-24 05:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-24 05:06 - 2015-02-24 05:06 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-24 05:06 - 2015-02-24 05:06 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-24 05:06 - 2015-02-24 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-24 05:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-23 15:14 - 2015-02-23 15:14 - 00032867 _____ () C:\Users\user\Downloads\Gintama 001-002 - You Jerks! And You Claim to Have Gintama.torrent
2015-02-23 14:57 - 2015-02-23 14:57 - 00055068 _____ () C:\Users\user\Downloads\(AnimeOut) Gintama (Season 1-4) (Complete Batch) (480p - 70MB - Encoded).torrent
2015-02-23 12:59 - 2015-02-28 20:11 - 00008720 _____ () C:\Windows\PFRO.log
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion
2015-02-10 00:14 - 2015-02-10 00:14 - 00002305 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk
2015-02-10 00:14 - 2015-02-10 00:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-05 19:27 - 2015-02-05 22:37 - 00000000 ____D () C:\Users\user\Desktop\BEL 311
2015-02-03 18:30 - 2015-03-01 15:59 - 00004734 _____ () C:\Windows\setupact.log
2015-02-03 18:30 - 2015-02-03 18:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 02:35 - 2015-02-02 02:35 - 00015708 _____ () C:\Users\user\Downloads\[kickass.so]goliyon.ki.raasleela.ram.leela.2014.1080p.dvdrip.x264team.ddh.rg.torrent
2015-01-30 22:40 - 2015-01-30 22:47 - 18485739 _____ () C:\Users\user\Downloads\Nagada Sang Dhol Song - Goliyon Ki Raasleela Ram-leela ft. Deepika Padukone, Ranveer Singh.mp4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 15:59 - 2013-12-07 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 15:59 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 15:58 - 2014-08-25 23:33 - 00000000 ____D () C:\Windows\pss
2015-03-01 15:58 - 2013-03-09 18:30 - 01432345 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 15:56 - 2009-07-14 12:45 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 06:54 - 2014-08-30 11:18 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-03-01 06:54 - 2014-08-30 11:18 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-03-01 06:54 - 2014-08-30 11:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-01 06:54 - 2014-03-21 22:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-01 06:54 - 2013-07-05 21:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-01 06:43 - 2013-12-07 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 05:29 - 2014-06-23 14:54 - 00000000 ____D () C:\temp
2015-03-01 05:22 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-03-01 01:19 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-28 22:49 - 2013-08-08 23:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-02-28 19:39 - 2014-01-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-28 19:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-28 03:41 - 2014-03-23 00:14 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 23:44 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2015-02-24 02:15 - 2013-06-11 23:17 - 00000000 ___RD () C:\Users\user\Desktop\all
2015-02-24 02:03 - 2013-04-03 18:03 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-23 15:47 - 2013-03-27 21:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-02-21 23:44 - 2013-06-23 16:35 - 00000000 ___RD () C:\Users\user\Documents\Homework
2015-02-15 23:55 - 2014-01-10 21:04 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 04:38 - 2013-12-07 22:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 04:38 - 2013-12-07 22:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 05:45 - 2013-03-09 21:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2015-02-03 05:01 - 2013-04-08 17:20 - 00000000 ____D () C:\Users\user\dwhelper
 
==================== Files in the root of some directories =======
 
2014-07-17 10:47 - 2014-07-17 10:47 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-26 20:11 - 2014-08-26 20:15 - 0000000 _____ () C:\Users\user\AppData\Local\{79B9CA41-C31A-434F-A63A-2D2644B63DF4}
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\APNSetup.exe
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 14:48
 
==================== End Of Log ============================
 
 
 
Addition: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by user at 2015-03-01 16:02:11
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Connect (HKLM-x32\...\{0699889D-F7F8-48BE-8C2E-694599E72F0D}) (Version: 1.9.10.0 - YTL Communications)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1811.7429 - CyberLink Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.40.5106 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.0.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.2 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 r1842 - )
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)
VideoLAN VLC media player 0.8.4a (HKLM-x32\...\VLC media player) (Version: 0.8.4a - VideoLAN Team)
WEBook3 (HKLM-x32\...\com.adobe.example.WEBook3.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
WEBook3 (x32 Version: 1.0 - UNKNOWN) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 5.0.60.0625 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-02-2015 19:13:15 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-02-28 19:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3B37228C-C85B-480A-886C-2E7C57B5B321} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {3F7F488F-4912-4746-93C4-7DC99AC972D6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {600CB13C-D8DB-4D52-B7AC-BD6CD345738E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {636C01A7-02F4-4895-A463-770988CFCF94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C43C20DF-4A38-4F76-963E-EB008F2E02AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {DCB30B26-F504-42E8-8C90-7C5B37222581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {F17E3BB4-ECC6-4599-BE29-57F2E90A13DC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3343311198-1188524082-4047472181-1000
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-03-09 20:59 - 2010-10-01 09:48 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-07-21 22:14 - 2012-04-21 15:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe
2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files (x86)\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-07-21 22:14 - 2012-04-21 11:30 - 02213120 ____N () C:\Windows\wweb32.dll
2013-07-21 22:14 - 2012-04-21 11:28 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2015-03-01 06:35 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2015-02-24 05:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-24 05:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-24 05:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: GCTWiMaxServiceD => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: LaunchYTLCM => C:\Program Files (x86)\Yes\Connect\Connect.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3343311198-1188524082-4047472181-500 - Administrator - Disabled)
Guest (S-1-5-21-3343311198-1188524082-4047472181-501 - Limited - Disabled)
user (S-1-5-21-3343311198-1188524082-4047472181-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0x15e0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0x9a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0x1b20
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0xd1c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: idmBroker.exe, version: 6.18.7.1, time stamp: 0x527a42dd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0xd54
Faulting application start time: 0xidmBroker.exe0
Faulting application path: idmBroker.exe1
Faulting module path: idmBroker.exe2
Report Id: idmBroker.exe3
 
Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x73f74b02
Faulting process id: 0x12a8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
 
 
System errors:
=============
Error: (03/01/2015 03:59:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 03:59:21 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.
 
Error: (03/01/2015 03:59:14 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 03:49:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 03:49:13 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.
 
Error: (03/01/2015 03:49:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 07:04:11 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 06:34:19 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D5580B14-D1F1-4B82-8BE3-6F9DAF815B4B} because another computer on the network has the same name.  The server could not start.
 
Error: (03/01/2015 06:34:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
Error: (03/01/2015 06:33:31 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 192.168.1.6.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2015 07:01:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: user-PC)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/28/2015 09:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (02/28/2015 09:10:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (02/28/2015 09:10:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (02/28/2015 08:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b0215e001d0534ec4e92162C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown05132150-bf42-11e4-8d58-f04da2ca9ba5
 
Error: (02/28/2015 08:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b029a001d0534e59861629C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown97cb225e-bf41-11e4-8d58-f04da2ca9ba5
 
Error: (02/28/2015 07:58:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b021b2001d0534dee26b47eC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown2c8e1644-bf41-11e4-8d58-f04da2ca9ba5
 
Error: (02/28/2015 07:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c000041d73f74b02d1c01d0534d82c83d37C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownc09817b4-bf40-11e4-8d58-f04da2ca9ba5
 
Error: (02/28/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: idmBroker.exe6.18.7.1527a42ddunknown0.0.0.000000000c000041d73f74b02d5401d0534d41249acbC:\Program Files (x86)\Internet Download Manager\idmBroker.exeunknown7ed68c98-bf40-11e4-8d58-f04da2ca9ba5
 
Error: (02/28/2015 07:53:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000041d73f74b0212a801d0534d3501479cC:\Windows\SysWOW64\rundll32.exeunknown72c1435d-bf40-11e4-8d58-f04da2ca9ba5
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-28 19:20:15.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-28 19:20:15.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-28 19:20:15.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-28 19:20:15.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-26 23:37:12.304
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-26 23:37:12.304
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 35%
Total physical RAM: 2934.68 MB
Available physical RAM: 1883.02 MB
Total Pagefile: 5867.52 MB
Available Pagefile: 4569.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.56 GB) (Free:12.8 GB) NTFS
Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:45.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C34AD4E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files



C:\Users\user\AppData\Local\Edstion\MMNotes.dll

 

Let me see the VT reports from those two files...

 

Thanks,

 

Kevin..

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hi, 

 

For C:\Users\user\AppData\Local\YlPack\lxsyicur.dll:

 

 

SHA256: 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340e File name: lxsyicur.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:20:35 UTC ( 0 minutes ago )

 

 File identification
MD5 c04dffc43f589d9dfc7340bf87348a1d
SHA1 5a7923c80be5a821993b3e93f7150e5229489571
SHA256 4835214b9f5fbb782dc03b77646ec10bc5072ce56b6c0376a2b2abd1c6cd340e
ssdeep
768:5uXcYEaSV1+Mqatc+bWNtTbXPlNA9zrWWuqV7alPJNqYTiUJ:4cjaW+7gWNRbf3AVcU4JNqYTrJ
File size 50.0 KB ( 51220 bytes )
File type unknown
Magic literal
data
TrID Unknown!
 VirusTotal metadata
First submission 2015-03-01 16:20:35 UTC ( 3 minutes ago )
Last submission 2015-03-01 16:20:35 UTC ( 3 minutes ago )
File names lxsyicur.lck

 

for C:\Users\user\AppData\Local\Edstion\MMNotes.dll

 

SHA256: db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03f File name: MMNotes.lck Detection ratio: 0 / 57 Analysis date: 2015-03-01 16:26:31 UTC ( 0 minutes ago )

 

 File identification
MD5 07ba31a552c1bfa792a233a5eaf43e56
SHA1 2e51365f6546b5f106d3e4e85c7a04b4fe093aa6
SHA256 db727719c64cf376dc76fb333b770df637fe85bde248e9efc8809d39d3bda03f
ssdeep
6144:9k+0kFQcySzZRpvugNhdlods5XbAugO5JKUKgYl5/rxLaeuqomrW:uVMQU/GgNJo6eOSF9rzueK
File size 231.5 KB ( 237076 bytes )
File type unknown
Magic literal
data
TrID Unknown!
 VirusTotal metadata
First submission 2015-03-01 16:26:31 UTC ( 0 minutes ago )
Last submission 2015-03-01 16:26:31 UTC ( 0 minutes ago )
File names MMNotes.lck
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hi, 

 

i've run mbar, and the diagnostic said that there's no malware found, even though my desktop still shows the "RegSvr32" problems. Here's the log

 

system log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 3077238784, free: 1288634368
 
Downloaded database version: v2015.03.01.04
Downloaded database version: v2015.02.25.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
     03/02/2015 04:31:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\gdmwmprt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.03.01.04
  rootkit: v2015.02.25.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800326e990, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80033b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800326d990, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80031654e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80031281f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1C34AD4E
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204593152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204800000  Numsec = 771971072
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 3077238784, free: 1254817792
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 3077238784, free: 1698705408
 
Downloaded database version: v2015.03.01.04
Downloaded database version: v2015.02.25.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
     03/02/2015 05:20:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\gdmwmprt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.03.01.04
  rootkit: v2015.02.25.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80033b0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80033b0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800326bc80, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8003132520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80031271f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1C34AD4E
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204593152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204800000  Numsec = 771971072
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
log:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.03.01.04
  rootkit: v2015.02.25.01
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]
 
2/3/2015 5:21:16 AM
mbar-log-2015-03-02 (05-21-16).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 352958
Time elapsed: 19 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

herdprotect-logo-200x200.png Scan with HerdProtect

 

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

 

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

 

Please include the contents of that report in your next reply.

 

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin

 

 

 

 

Fixlist.txt

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hello, 

 

when i ran the FRST, combofix log was shown:

ComboFix 15-02-16.01 - user 28/02/2015  19:14:52.2.4 - x64
Microsoft Windows 7 Home Basic   6.1.7600.0.1252.60.1033.18.2935.1890 [GMT 8:00]
Running from: c:\users\user\Downloads\Programs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-28 to 2015-02-28  )))))))))))))))))))))))))))))))
.
.
2015-02-28 11:20 . 2015-02-28 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-28 10:17 . 2015-02-28 10:17 151626 ----a-w- c:\programdata\Microsoft\Security\Client\temp\tmp86DF.exe
2015-02-23 21:06 . 2013-09-20 02:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-02-23 21:06 . 2015-02-23 21:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-23 21:06 . 2015-02-23 21:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-02-23 21:05 . 2015-02-23 21:05 -------- d-----w- c:\users\user\AppData\Local\Programs
2015-02-21 20:21 . 2015-02-28 10:18 -------- d-----w- c:\users\user\AppData\Local\Edstion
2015-02-21 20:21 . 2015-02-23 05:11 -------- d-----w- c:\users\user\AppData\Local\YlPack
2015-02-21 20:20 . 2015-02-21 20:20 2165760 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityHelper.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2012-04-21 77064]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-01-10 3825232]
"BitTorrent"="c:\users\user\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-06-08 1242704]
"Edstion"="c:\users\user\AppData\Local\Edstion\MMNotes.dll" [2015-02-28 1268736]
"YWLPack"="c:\users\user\AppData\Local\YlPack\lxsyicur.dll" [2015-02-21 1250304]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R3 GDMINIT;GCT Initial Device Driver;c:\windows\system32\DRIVERS\gdminit.sys;c:\windows\SYSNATIVE\DRIVERS\gdminit.sys [x]
R3 GdmUWm;Yes Go;c:\windows\system32\DRIVERS\gdmuwm.sys;c:\windows\SYSNATIVE\DRIVERS\gdmuwm.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 GCTWiMaxServiceD;Connect Service Daemon;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe;c:\program files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [x]
S2 GdmWmPrt;Yes Go Protocol Driver;c:\windows\system32\DRIVERS\gdmwmprt.sys;c:\windows\SYSNATIVE\DRIVERS\gdmwmprt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 05:29 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44]
.
2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07 14:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WinSecurityProvider]
@="{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}"
[HKEY_CLASSES_ROOT\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}]
2015-02-21 20:20 2622464 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 415256]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{52d62ba8-ee47-456d-8cca-3f2825ff4701}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000004f
"Therad"=dword:00000015
"SpecVersion"=dword:000000c6
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3343311198-1188524082-4047472181-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):8d,7c,f1,e8,77,53,7b,8a,e8,bf,3a,9c,46,80,92,f7,2d,49,9c,82,b1,
   dc,93,83,c4,52,32,de,5c,3e,29,c6,86,ab,ef,e2,60,0e,e6,f3,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\windows\SysWOW64\regsvr32.exe
c:\windows\SysWOW64\regsvr32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2015-02-28  19:27:24 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-28 11:27
ComboFix2.txt  2015-02-26 15:44
.
Pre-Run: 14,433,538,048 bytes free
Post-Run: 14,205,452,288 bytes free
.
- - End Of File - - 99793869AB9842A230BD6237799A48D8
A36C5E4F47E84449FF07ED3517B43A31
 
 
this is the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 08:31:15 Run:4
Running from C:\Users\user\Downloads
Loaded Profiles: user &  (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION
C:\Users\user\AppData\Local\Edstion\MMNotes.dll 
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
C:\Users\user\AppData\Local\Temp\APNSetup.exe
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe
cmd: C:\ComboFix.txt
EmptyTemp:
end
 
 
 
*****************
 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully.
"C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully.
"C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.
C:\Users\user\AppData\Local\YlPack => Moved successfully.
C:\Users\user\AppData\Local\Edstion => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
 
=========  C:\ComboFix.txt =========
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 148.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:33:26 ====
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Hi,

 

I've rebooted my pc and there's no "Regsvr32" notification anymore. Yay!

 

Anyway, here's the log for adware:

 

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 08:39:58
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [server]
# Operating system : Windows 7 Home Basic  (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\Programs\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\apn
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pqyzmn1k.default\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\PerformerSoft
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [2414 bytes] - [02/03/2015 08:36:41]
AdwCleaner[s0].txt - [2371 bytes] - [02/03/2015 08:39:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2430  bytes] ##########
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Basic x64
Ran by user on Mon 02/03/2015 at  8:44:56.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\prefs.js
 
user_pref("extensions.defaulttab.installdate", 1345453829);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\pqyzmn1k.default\minidumps [144 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/03/2015 at  8:48:59.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

 from herdprotect:

Saved date:   2/3/2015 12:30:08 PM
Files detected: 72
Files scanned: 8,406
Processes scanned: 46
Modules scanned: 668
ASEPs scanned: 454
Downloads scanned: 0
Deep analysis: 95/40
---------------------------------------------------------------------------------
 
Files
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\wordweb\wweb32.exe
Publisher:
Signer: WordWeb Software
MD5: 0e44ae22235bcc723c96e05e82f5cb5a
SHA-1: d379d4481bc9ccf24438982777158b89257413c8
Created: 21/7/2013 10:14:47 PM
Detections: 1
Determination: Ignore detections (false positive)
- NANO AntiVirus as Trojan.Win32.Induc.brmeva (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\yes\connect\gctwimaxserviced.exe
Publisher: GCT Semiconductor, Inc.
MD5: 093a9a9457baa6bd7499894d85d414b8
SHA-1: 3cbacbdce036ba7f09b2acb3380e9ec9af4f2cc1
Created: 23/6/2014 2:54:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\gom.exe
Publisher: Gretech Corp.
Signer: GRETECH
MD5: ffb69e8d12bbe543ad0ba77d1397d4c3
SHA-1: b2611d2ca10ae1aca482afe7d112cf6f9634b8b9
Created: 12/4/2012 3:27:54 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.Handler.GRETECH.D (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\videolan\vlc\vlc.exe
Publisher: VideoLAN Team
MD5: 2f3d2879502b17a1ed42bb2dfdda7c9c
SHA-1: 0ceacf308e8e77d5f8df61652a757308b8ed3c6b
Created: 13/12/2005 3:54:30 AM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\local\temp\quarantine.exe
Publisher:
MD5: 2f7e1544e68be8cd088eda54d67ccaf5
SHA-1: fd6a8c6440e9e37882db263faec9323079a8b09f
Created: 8/11/2014 4:33:34 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\local\temp\jrt\nircmd.dat
Publisher: NirSoft
MD5: 466a42aea0abdf4c6b610f0f5e61cfa2
SHA-1: 7e7998642babcb567ff7845cfaf4f3636ce209f7
Created: 2/3/2015 8:44:44 AM
Detections: 1
Determination: Ignore detections (false positive)
- ViRobot as RiskTool.Nircmd.43520
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\frst64.exe
Publisher: Farbar
MD5: da1fc7abb4846ff12dc76de6ce24f60f
SHA-1: 42156fa338811881ed7b53723bb898b17cfaea1a
Created: 28/2/2015 9:03:21 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\compressed\222_onet\onet\onet.exe
Publisher: CHEN PROGRAM STUDY
MD5: 37d35831be38fb62c4d848f35a41335d
SHA-1: 5f2a10e6d2e5e6150fba34a5c2960ba069e94feb
Created: 14/1/2014 9:08:15 PM
Detections: 3
Determination: Inconclusive
- K7 AntiVirus as Riskware  (Undefined)
- F-Prot as W32/MalwareF.EBIU (Undefined)
- Commtouch SDK as W32/Risk.YQBM-3858 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\compressed\222_onet\onet\onet 2\onet%202.exe
Publisher: CHEN PROGRAM STUDY
MD5: a8c54d6fe324eecfe508e4f054914fd4
SHA-1: 2a210219b2f2b2f17b6e71e10173afdc19559b06
Created: 14/1/2014 9:08:26 PM
Detections: 8
Determination: UndefinedMalware
- Bkav FE as W32.Cloddd1.Trojan (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- Norman as Smalltroj.YAGC (Undefined)
- Agnitum Outpost as Trojan.Agent (Undefined)
- Zillya! Antivirus as Trojan.Genome.Win32.52230 (Undefined)
- Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.Win32.Generic.14B3EC13!347335699 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\frst-olderversion\frst64.exe
Publisher: Farbar
MD5: b81464104336b16a9bc6b2874b16a9c5
SHA-1: 97b8f97728990ebe7a4c266941910c8344b7f0c0
Created: 28/2/2015 9:03:21 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/PSW.Autoit.ic (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\5x86-s-drp.exe
Publisher: Kuzyakov Artur
MD5: ec1cb112a5d5a152663222ab391c5700
SHA-1: 9b9442957c412792f69d73d125c2bdb4552f2967
Created: 12/7/2013 11:20:55 PM
Detections: 9
Determination: Adware
- Malwarebytes as PUP.Optional.Babylon.A (Adware)
- K7 Gateway Antivirus as Unwanted-Program  (Adware)
- K7 AntiVirus as Unwanted-Program  (Adware)
- avast! as Win32:PUP-gen [PUP] (Adware)
- Sophos as Generic PUA IA (Undefined)
- Dr.Web as Adware.Babylon.15 (Adware)
- Antiy Labs AVL as GrayWare[AdWare:not-a-virus]/Win32.MegaSearch (Adware)
- ESET NOD32 as Win32/OpenCandy (variant) (Adware)
- Rising Antivirus as PE:PUF.OpenCandy!1.9DE5 (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\adwcleaner.exe
Publisher:
MD5: 4db5909d450ae68cc11dc865b9b84f71
SHA-1: 4e6d1ad4baa129b9a310c211ef511618dd8741ea
Created: 2/3/2015 8:23:55 AM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp (1).exe
Publisher: Kuzyakov Artur
MD5: 5339f48d5f0910d80898f573823098e3
SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfa
Created: 12/7/2013 11:10:43 PM
Detections: 4
Determination: Adware
- avast! as Win32:PUP-gen [PUP] (Adware)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
- ESET NOD32 as Win32/OpenCandy (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\atheros-forced-5x64-drp.exe
Publisher: Kuzyakov Artur
MD5: 5339f48d5f0910d80898f573823098e3
SHA-1: 65dbe07973cbdbeb086c7724c968e272dceb4bfa
Created: 12/7/2013 10:52:25 PM
Detections: 4
Determination: Adware
- avast! as Win32:PUP-gen [PUP] (Adware)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
- ESET NOD32 as Win32/OpenCandy (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp (1).exe
Publisher: Kuzyakov Artur
MD5: e0c0ea3ab12405966f22c9d067c6c54c
SHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332bab
Created: 12/7/2013 11:10:55 PM
Detections: 4
Determination: Adware
- avast! as Win32:PUP-gen [PUP] (Adware)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
- ESET NOD32 as Win32/OpenCandy (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp.exe
Publisher: Kuzyakov Artur
MD5: e0c0ea3ab12405966f22c9d067c6c54c
SHA-1: 1a46cff2fae3f4dc7dc7e4d3a02f2aac41332bab
Created: 12/7/2013 10:42:30 PM
Detections: 4
Determination: Adware
- avast! as Win32:PUP-gen [PUP] (Adware)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
- ESET NOD32 as Win32/OpenCandy (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\bittorrent(1).exe
Publisher: BitTorrent Inc.
Signer: BitTorrent Inc
MD5: e650003c472935d7f5b01cf67490669c
SHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987b
Created: 9/8/2013 12:47:56 AM
Detections: 2
Determination: Ignore detections (false positive)
- VIPRE Antivirus as Conduit (Undefined)
- Bkav FE as W32.Clod998.Trojan (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\bittorrent.exe
Publisher: BitTorrent Inc.
Signer: BitTorrent Inc
MD5: e650003c472935d7f5b01cf67490669c
SHA-1: 4e682be2958ceea3013a7c1262fab44d7c88987b
Created: 8/8/2013 11:27:27 PM
Detections: 2
Determination: Ignore detections (false positive)
- VIPRE Antivirus as Conduit (Undefined)
- Bkav FE as W32.Clod998.Trojan (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\cbsidlm-tr1_13-atheros_ar5005g_wireless_network_adapter-seo-150076.exe
Publisher:
Signer: CBS Interactive
MD5: d39160ab60a14e420ebda3c478fdf381
SHA-1: 8a893fe3c1376f3c1b0f67a9514cbe621b717d98
Created: 12/7/2013 10:17:59 PM
Detections: 9
Determination: Adware
- Reason Heuristics as Bundler.PPI.CBSInteractive.l (Undefined)
- NANO AntiVirus as Trojan.Win32.Downware.crgjbr (Adware)
- Dr.Web as Adware.Downware.398 (Adware)
- VIPRE Antivirus as WebInstall (Undefined)
- ESET NOD32 as Win32/DownloadAdmin (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
- herdProtect (fuzzy) as a variant of 713ef952ac6a358c8abfa39550aa98592ec79d47
- Trend Micro House Call as TROJ_GEN.F47V0807 (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\combofix.exe
Publisher: Swearware
MD5: 6f4e489fc0471fc87da8da187c6b8f8c
SHA-1: 1fbca8ec4f88b127bb5c91e4608be555a466593b
Created: 26/2/2015 11:25:46 PM
Detections: 5
Determination: Ignore detections (false positive)
- K7 Gateway Antivirus as Riskware  (Undefined)
- K7 AntiVirus as Riskware  (Undefined)
- Sophos as NirCmd
- Jiangmin as Trojan/JmGenGeneric.boe (Undefined)
- Rising Antivirus as PE:Trojan.Win32.Generic.15632D02!358821122 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\driveridentifier_setup.exe
Publisher: DriverIdentifier                                            
MD5: acee21f17796436688b8c79672b5f11b
SHA-1: 3eb3ad88ea496298e8d60d4ae7d5618d83ed17d9
Created: 12/7/2013 10:34:47 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0724 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\jrt.exe
Publisher:
MD5: af6e966d1f38287ef4d33b246ccc3a33
SHA-1: 2a8dc8c652cee1691b165428c6fc14080f9176b5
Created: 2/3/2015 8:24:39 AM
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as virus.bat.danger.m (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\rainmeter-2.5.exe
Publisher:
Signer: Rainmeter
MD5: 05ffdc4640d44ea53b197e1432e045c3
SHA-1: 4ac74707099e3f55e398bd60d9a735eb7c691e79
Created: 30/3/2013 9:27:49 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\downloads\programs\utorrent.exe
Publisher: BitTorrent Inc.
Signer: BitTorrent Inc
MD5: 42a6b5ef0b934efc529d0ee31e62c08e
SHA-1: 784baeeff866c62e427754a299703a76262f06ad
Created: 27/3/2013 9:50:19 PM
Detections: 24
Determination: Adware
- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)
- McAfee as Artemis!C769093B2C7E (Undefined)
- Malwarebytes as Trojan.FakeTor (Undefined)
- Norman as Troj_Generic.NUGRV (Undefined)
- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)
- avast! as Win32:Sality (Undefined)
- Bitdefender as Trojan.Generic.9795664 (Undefined)
- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)
- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)
- Comodo Security as UnclassifiedMalware (Undefined)
- F-Secure as Trojan.Generic.9795664 (Undefined)
- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)
- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)
- G Data as Trojan.Generic.9795664 (Undefined)
- IKARUS anti.virus as Virus.Win32.Sality (Undefined)
- Fortinet FortiGate as Riskware/Torrent (Undefined)
- ESET NOD32 as Win32/Bunndle (variant) (Undefined)
- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)
- Vba32 AntiVirus as Adware.iBryte (Adware)
- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)
- Bkav FE as W32.Clodc5c.Trojan (Undefined)
- K7 Gateway Antivirus as Riskware  (Undefined)
- K7 AntiVirus as Riskware (Undefined)
- Jiangmin as Trojan/Agent.ivsh (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\desktop\plants vs. zombies\bass.dll
Publisher: Un4seen Developments
MD5: 6731f160e001bb85ba930574b8d42776
SHA-1: aa2b48c55d9350be1ccf1dce921c33100e627378
Created: 6/8/2014 11:42:55 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\desktop\plants vs. zombies\plantsvszombies.exe
Publisher:
Signer: PopCap Games
MD5: 3c8876147c84735ca540dda5be3c6451
SHA-1: bf5c51304b1bade29ba4988cc96bf9c35780793c
Created: 6/8/2014 11:42:57 PM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Cosmu.adrs (Undefined)
- ViRobot as Trojan.Win32.A.ShipUp.1885896 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\grep.exe
Publisher:
MD5: 9e05a9c264c8a908a8e79450fcbff047
SHA-1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4
Created: 26/2/2015 11:32:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\windows\mbr.exe
Publisher:
MD5: 0277c027a26428db64ef4f64f52bb4fd
SHA-1: 2f16becf7898ac2f5bdca9f80810c66143500e3e
Created: 26/2/2015 11:32:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM003.a.(kcloud) (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\pev.exe
Publisher:
MD5: f042ee4c8d66248d9b86dcf52abae416
SHA-1: 4cd785c7c3e40c42e3d126086d986c4d4d940bb2
Created: 26/2/2015 11:32:13 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
- XVirus List as Win.Detected (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\zip.exe
Publisher:
MD5: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA-1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
Created: 26/2/2015 11:32:13 PM
Detections: 2
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod7f4.Trojan (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\iscsicpl.dll
Publisher: Microsoft Corporation
MD5: f945adcef203e6104aec8ec9c337cfd0
SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created: 14/7/2009 7:46:13 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\networkmap.dll
Publisher: Microsoft Corporation
MD5: f9e79fa16bac237b5e635f9fcc2a377c
SHA-1: ddfcae2db65bfea608a4f6f6d33bfe588bc0b84e
Created: 14/7/2009 7:53:28 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\odbcconf.dll
Publisher: Microsoft Corporation
MD5: 8e0e2f752987838cde7c8c413ce5c104
SHA-1: 3aaf5c229e6e42e43c9d29a9c4519f16d6230b11
Created: 14/7/2009 8:12:07 AM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\windows\syswow64\srvany.exe
Publisher:
MD5: 4635935fc972c582632bf45c26bfcb0e
SHA-1: 7c5329229042535fe56e74f1f246c6da8cea3be8
Created: 9/3/2013 9:18:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Malware.Win32.Generic!O (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\application data\microsoft\security\client\securityhelper.dll
Publisher:
MD5: a35a93d40230e742ecce9a8a66b4c6c9
SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8
Created: 22/2/2015 4:20:53 AM
Detections: 1
Determination: Inconclusive
- ESET NOD32 as Win64/Sathurbot (variant) (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\application data\microsoft\security\client\temp\tmp86df.exe
Publisher:
MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6c
SHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36
Created: 28/2/2015 6:17:32 PM
Detections: 25
Determination: UndefinedMalware
- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)
- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)
- Malwarebytes as Trojan.Agent.ED (Undefined)
- K7 Gateway Antivirus as Trojan  (Undefined)
- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)
- Norman as ZBot.NLWN (Undefined)
- avast! as Win32:Dropper-gen [Drp] (Undefined)
- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)
- Bitdefender as Trojan.GenericKD.2191619 (Undefined)
- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)
- F-Secure as Trojan.GenericKD.2191619 (Undefined)
- Dr.Web as Trojan.Emotet.62 (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)
- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)
- Avira AntiVirus as TR/Crypt.Xpack.156344
- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)
- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)
- G Data as Trojan.GenericKD.2191619 (Undefined)
- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)
- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)
- ESET NOD32 as Win32/Boaxxe.BR (Undefined)
- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)
- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)
- AVG as Inject2 (Undefined)
- Panda Antivirus as Trj/Genetic.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\application data\microsoft\security\client\temp\tmpdebc.exe
Publisher: The Eraser Project Out of Stock
Signer: ChengDu AoMei Tech Co., Ltd
MD5: a94e088375d00f1a30d10136e53dedf4
SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687
Created: 26/2/2015 6:15:13 PM
Detections: 2
Determination: Inconclusive
- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)
- AhnLab V3 Security as Trojan/Win32.MDA (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\microsoft\security\client\securityhelper.dll
Publisher:
MD5: a35a93d40230e742ecce9a8a66b4c6c9
SHA-1: 4a4d14ed092505b753ea34c135c1da3f4b5006b8
Created: 22/2/2015 4:20:53 AM
Detections: 1
Determination: Inconclusive
- ESET NOD32 as Win64/Sathurbot (variant) (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\microsoft\security\client\temp\tmp86df.exe
Publisher:
MD5: 4cfe6bd4bbd98b108885d79b8f0e9c6c
SHA-1: e5c1ad5cc206c19e25d1aba6892c26404a114e36
Created: 28/2/2015 6:17:32 PM
Detections: 25
Determination: UndefinedMalware
- MicroWorld eScan as Trojan.GenericKD.2191619 (Undefined)
- McAfee as GenericR-DBD!4CFE6BD4BBD9 (Undefined)
- Malwarebytes as Trojan.Agent.ED (Undefined)
- K7 Gateway Antivirus as Trojan  (Undefined)
- NANO AntiVirus as Trojan.Win32.Filecoder.dolfyh (Undefined)
- Norman as ZBot.NLWN (Undefined)
- avast! as Win32:Dropper-gen [Drp] (Undefined)
- Kaspersky as Trojan-Dropper.Win32.Injector (Undefined)
- Bitdefender as Trojan.GenericKD.2191619 (Undefined)
- Lavasoft Ad-Aware as Trojan.GenericKD.2191619 (Undefined)
- F-Secure as Trojan.GenericKD.2191619 (Undefined)
- Dr.Web as Trojan.Emotet.62 (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Ramnit.cc (Undefined)
- Emsisoft Anti-Malware as Trojan.GenericKD.2191619 (Undefined)
- Avira AntiVirus as TR/Crypt.Xpack.156344
- Antiy Labs AVL as Trojan[Dropper]/Win32.Injector (Undefined)
- Microsoft Security Essentials as DDoS:Win32/Nitol.C (Undefined)
- G Data as Trojan.GenericKD.2191619 (Undefined)
- AhnLab V3 Security as Trojan/Win32.Inject (Undefined)
- Baidu Antivirus as Trojan.Win32.Dropper (Undefined)
- ESET NOD32 as Win32/Boaxxe.BR (Undefined)
- Rising Antivirus as PE:Malware.Obscure/Heur!1.9E03 (Undefined)
- Fortinet FortiGate as W32/Boaxxe.BR!tr (Undefined)
- AVG as Inject2 (Undefined)
- Panda Antivirus as Trj/Genetic.gen (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\programdata\microsoft\security\client\temp\tmpdebc.exe
Publisher: The Eraser Project Out of Stock
Signer: ChengDu AoMei Tech Co., Ltd
MD5: a94e088375d00f1a30d10136e53dedf4
SHA-1: c28c4ab568c8104354964a765cc29ace9df7c687
Created: 26/2/2015 6:15:13 PM
Detections: 2
Determination: Inconclusive
- Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)
- AhnLab V3 Security as Trojan/Win32.MDA (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_net
Publisher:
MD5: af91c4d8b0efc5ff6a0c695c84a72bb1
SHA-1: d1581434b4f798f0cb56ba83a60e95759b03c27d
Created: 10/9/2014 7:55:34 PM
Detections: 9
Determination: Adware
- Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
- Lavasoft Ad-Aware as Trojan.Downloader.JRBL (Undefined)
- avast! as Win32:GenMalicious-HQJ [Trj] (Undefined)
- Emsisoft Anti-Malware as Trojan.Downloader.JRBL (Undefined)
- F-Secure as Trojan.Downloader.JRBL (Undefined)
- Kaspersky as not-a-virus:AdWare.Win32.MultiPlug (Adware)
- Norman as Trojan.Downloader.JRBL (Undefined)
- AVG as Adware Generic5.BLZQ (Adware)
- Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\roaming\rainmeter\addons\path2ini\path2ini.exe
Publisher:
MD5: a8aed0ca674f91fbd199e862bbba4d4d
SHA-1: 03af1583280285287df53d942eea80889ed6ef16
Created: 30/3/2013 9:42:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- SUPERAntiSpyware as Trojan.Agent/Gen-Kazy (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\roaming\rainmeter\addons\rainrgb\rainrgb.exe
Publisher:
MD5: 10d943829d77cccc694ff22ac880d9b6
SHA-1: c8fe0b226f98acaacd25ea678514707e71e64302
Created: 30/3/2013 9:42:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Autoit.arq (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\roaming\utorrent\utorrent.exe
Publisher: BitTorrent Inc.
Signer: BitTorrent Inc
MD5: 42a6b5ef0b934efc529d0ee31e62c08e
SHA-1: 784baeeff866c62e427754a299703a76262f06ad
Created: 27/3/2013 9:56:49 PM
Detections: 24
Determination: Adware
- MicroWorld eScan as Trojan.Generic.9795664 (Undefined)
- McAfee as Artemis!C769093B2C7E (Undefined)
- Malwarebytes as Trojan.FakeTor (Undefined)
- Norman as Troj_Generic.NUGRV (Undefined)
- Trend Micro House Call as TROJ_GEN.R0CBC0ELA13 (Undefined)
- avast! as Win32:Sality (Undefined)
- Bitdefender as Trojan.Generic.9795664 (Undefined)
- Lavasoft Ad-Aware as Trojan.Generic.9795664 (Undefined)
- Emsisoft Anti-Malware as Trojan.Generic.9795664 (Undefined)
- Comodo Security as UnclassifiedMalware (Undefined)
- F-Secure as Trojan.Generic.9795664 (Undefined)
- Trend Micro as TROJ_GEN.R0CBC0ELA13 (Undefined)
- McAfee Web Gateway as Artemis!C769093B2C7E (Undefined)
- G Data as Trojan.Generic.9795664 (Undefined)
- IKARUS anti.virus as Virus.Win32.Sality (Undefined)
- Fortinet FortiGate as Riskware/Torrent (Undefined)
- ESET NOD32 as Win32/Bunndle (variant) (Undefined)
- The Hacker as Trojan/Downloader.Zurgop.aw (Undefined)
- Vba32 AntiVirus as Adware.iBryte (Adware)
- Antiy Labs AVL as Trojan/Win32.Agent (Undefined)
- Bkav FE as W32.Clodc5c.Trojan (Undefined)
- K7 Gateway Antivirus as Riskware  (Undefined)
- K7 AntiVirus as Riskware (Undefined)
- Jiangmin as Trojan/Agent.ivsh (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\avira\antivir desktop\apnic.dll
Publisher: Ask.com
Signer: Ask.com
MD5: b28c334c03cee7c5e829c43ae75dae5a
SHA-1: 71435ddb11e00d0243380c4902324853fe4ece8f
Created: 9/3/2013 6:44:48 PM
Detections: 4
Determination: Adware
- Boost by Reason as Adware.Ask.H
- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
- Reason Heuristics as PUP.Ask.H (Adware)
- XVirus List as Win.Detected (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\avira\antivir desktop\apnstub.exe
Publisher: Ask.com
Signer: Ask.com
MD5: 93a912072351dfef975f12efad18bd9f
SHA-1: ffa8b6510d624a55f3eb7ffd6d5221a44944681c
Created: 9/3/2013 6:44:48 PM
Detections: 6
Determination: Adware
- Reason Heuristics as PUP.Ask.H (Adware)
- Dr.Web as Trojan.DownLoader7.16675 (Undefined)
- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
- Boost by Reason as Optional.Ask.H
- Filseclab Twister as W32.Bundled.Toolbar.Ask.lrsp (Undefined)
- XVirus List as Win.Detected (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe
Publisher: Ask
Signer: Ask.com
MD5: ad74cca501da08ef395e520d9c258f81
SHA-1: 1a3f14c0a66f9af050d1f34fbacbaadc31751a07
Created: 9/3/2013 6:44:48 PM
Detections: 4
Determination: Adware
- Reason Heuristics as PUP.Toolbar.Ask.T (Adware)
- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
- Antiy Labs AVL as Trojan/Win32.Autoit (Undefined)
- XVirus List as Win.Detected (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\avira\antivir desktop\offercast_avirav7_.exe
Publisher: Ask.com
Signer: Ask.com
MD5: ae88282d08916c00a324f6a269924ea9
SHA-1: 4b553651ef610c0614f8393d6c25aba0a8f09eca
Created: 2/7/2013 3:27:37 PM
Detections: 5
Determination: Adware
- Reason Heuristics as PUP.Installer.Ask.S (Adware)
- Antiy Labs AVL as Packed/Win32.Krap (Undefined)
- ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
- Filseclab Twister as Packed.Krap.in.fagj
- XVirus List as Win32.Detected (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\dodge.dll
Publisher:
MD5: d53907f6ee918f736b7ab865fa19089e
SHA-1: 89ad3e662ff67610115dafe6cd7c82bc32f154f5
Created: 29/11/2007 12:58:14 PM
Detections: 3
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined)
- CMC Antivirus as Virus.Win32.Sality!O (Undefined)
- ByteHero BDV as Virus.Win32.Heur.c
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\gomtvstrm.dll
Publisher:
Signer: GRETECH
MD5: 43ef13e7913876a1f2aa3d1d475daa7a
SHA-1: 293bf473be95cffdbc9bbf01c70c2a1240775172
Created: 17/5/2011 8:49:30 AM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.GRETECH.J (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\gomweb3.dll
Publisher: Gretech Corp.
Signer: GRETECH
MD5: 01fc47255ecd30c8714659ded6f3a5eb
SHA-1: f32452057a2968b32a1a900a4e9a3f6af5d80e01
Created: 17/5/2011 8:49:32 AM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.GRETECH.H (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\gomwiz.exe
Publisher:
Signer: GRETECH
MD5: 093e2579db2533fcc05138507cbb6279
SHA-1: 4d0b43b33e0d137c420bafca764751a374d48f7c
Created: 12/4/2012 3:29:56 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.GRETECH.G (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\popup.exe
Publisher: Gretech Corporation
Signer: GRETECH
MD5: 9fd5cf6eefc965ac2f4dc45f14bd45c5
SHA-1: eedd5c2ea5494deed00e25f76283ac8286f81b42
Created: 18/4/2012 4:28:22 PM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.GRETECH.F (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\gretech\gomplayer\vsutil.dll
Publisher: Gretech Corp.
Signer: GRETECH
MD5: d0af9939daf22e3eba094daedd7c87d0
SHA-1: ac92b643e950b29eb8935867af18959a60131252
Created: 17/5/2011 8:49:30 AM
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Optional.GRETECH.G (Adware)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\dcbass\bass_alac.dll
Publisher: MaresWEB
MD5: e5e6efa3505b93fc0962e9d4ead609e3
SHA-1: fb39a571f87b83e8f06dd60a82728acfea85048c
Created: 9/3/2013 7:14:03 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\ffdshow\ffmpeg.dll
Publisher:
MD5: ad927ad14ba8cdb4e593647e585009ce
SHA-1: f3e7bdc1647d5b3cbf32ad562a1fb0435d085181
Created: 9/3/2013 7:13:56 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Android.Trojan.GinerMaster.U (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\lav\avfilter-lav-3.dll
Publisher:
MD5: 3dad504968d0b2a6ff513ce0eb01a720
SHA-1: b67ed0a2ac4c1ab4286089263b4e73075cf7981a
Created: 9/3/2013 7:14:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\lav\avformat-lav-54.dll
Publisher:
MD5: 3ad891cdad8e149db843437d9be00bf2
SHA-1: 95e7139a9e56d0e382f2c946d7ef7e70da5e1c41
Created: 9/3/2013 7:14:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\lav\avutil-lav-51.dll
Publisher:
MD5: da95112cb978cf269d856fbb7258c170
SHA-1: 0f522826cc9eab550dc16b4adca3d1ce8e776409
Created: 9/3/2013 7:14:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\filters\lav\swscale-lav-2.dll
Publisher:
MD5: d06a9579cf3d19f17dfa434d28c2e859
SHA-1: a05491024b0fc4880069f54c8cbced3546e1891d
Created: 9/3/2013 7:14:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\icaros\avcodec-ics-54.dll
Publisher:
MD5: b22bf4198d4424a171114f45dddb9197
SHA-1: 3c8669ed8a651b4cb6bd6d9850e1d6e18ccb6cbc
Created: 9/3/2013 7:14:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\icaros\avformat-ics-54.dll
Publisher:
MD5: 5012a148b69616936bb23571adb9bb8c
SHA-1: e20f53a756a8b80cf527f275332ee814be5bf0cd
Created: 9/3/2013 7:14:01 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\icaros\avutil-ics-51.dll
Publisher:
MD5: de2ef430b79d150c9294ead1bf883925
SHA-1: 514997574ad81893f231e19efe882b5b95f90a2b
Created: 9/3/2013 7:14:01 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\icaros\swscale-ics-2.dll
Publisher:
MD5: 7964b2dfe7af5e7cb794bb577f46ff85
SHA-1: 72f66fe2c3db3c10b7f2eb9ce29745ac4cd57f1e
Created: 9/3/2013 7:14:01 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\k-lite codec pack\tools\vobsubstrip.exe
Publisher:
MD5: afd4f735108a24d5112ac1fd661bec8b
SHA-1: ad4f8fc9683132c5b7b018a9f60821367817d405
Created: 9/3/2013 7:14:03 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\spybot - search & destroy 2\borlndmm.dll
Publisher: Borland Software Corporation
Signer: Safer Networking Ltd.
MD5: 88f54314e76eda9f6d1d9d6c40e36636
SHA-1: 6d6d95a4850d121a984bed451e6630b974fbfad6
Created: 24/2/2015 5:06:33 AM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Packed.Win32.Obfuscated.10!O
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\spybot - search & destroy 2\av\scan.dll
Publisher: BitDefender
Signer: BitDefender SRL
MD5: 9b375bb63f99b113c065a5db4e632e23
SHA-1: 115edae4e06227fe6f8c66b28557a67b8c3218aa
Created: 24/2/2015 5:06:33 AM
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\xilisoft\video converter ultimate\avformat.dll
Publisher:
MD5: f402e834b82f24efe1281a0fbf5b3206
SHA-1: 62a7b652399601887c2f6091ad3d23fc162aefa2
Created: 16/6/2008 4:05:00 PM
Detections: 2
Determination: Ignore detections (false positive)
- Emsisoft A-Squared as Virus.Win32.VunSpy!IK (Undefined)
- IKARUS anti.virus as Virus.Win32.VunSpy (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\xilisoft\video converter ultimate\avp.exe
Publisher:
MD5: 75802d63ce6460c6661cbebb97a687bf
SHA-1: e2075fdbbeb9a059b3d5177d9cd730b1b281ea43
Created: 23/6/2008 7:01:52 PM
Detections: 1
Determination: Inconclusive
- McAfee as New Win32.g4 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\xilisoft\video converter ultimate\ctrllibrary.dll
Publisher: TODO: <Company name>
MD5: d050a9e1be1ae81aab772c40ee67e197
SHA-1: 9cca6486653cdd90ab12b016b532d8bf71a111c2
Created: 24/6/2008 8:31:24 PM
Detections: 1
Determination: Ignore detections (false positive)
- Sunbelt AntiMalware as Trojan-Downloader.S (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\program files (x86)\xilisoft\video converter ultimate\uilang.dll
Publisher:
MD5: 2f952e1c0ebe7199638b0b63149b2988
SHA-1: 2ce03459e81d109e20a29e08b5643cfdf33d5cca
Created: 24/6/2008 8:31:26 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Gen:Variant.Zusy.74011 (Undefined)
 
---------------------------------------------------------------------------------
 
File path: c:\users\user\appdata\local\google\chrome\user data\default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.11_0\ext\background.js
Publisher:
MD5: 9cf1f790be8c592b1cabac496ddeaa70
SHA-1: 455b6cbf9e9c190e07139e5694ad48bb2c97b899
Created: 25/2/2015 7:16:23 PM
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as GAME/Casino.Gen (Undefined)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Can I also see the log from FRST fix....

 

Next,

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesc:\users\user\downloads\compressed\222_onetc:\users\user\downloads\programs\5x86-s-drp.exec:\users\user\downloads\programs\atheros-forced-5x64-drp (1).exec:\users\user\downloads\programs\atheros-forced-5x64-drp.exec:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp (1).exec:\users\user\downloads\programs\atheros-forced-5x64-wifi_10.0.0.222-drp.exec:\users\user\downloads\programs\bittorrent(1).exec:\users\user\downloads\programs\bittorrent.exec:\users\user\downloads\programs\cbsidlm-tr1_13-atheros_ar5005g_wireless_network_adapter-seo-150076.exec:\users\user\downloads\programs\utorrent.exec:\programdata\application data\microsoft\security\client\temp\tmp86df.exec:\programdata\application data\microsoft\security\client\temp\tmpdebc.exec:\programdata\microsoft\security\client\temp\tmp86df.exec:\programdata\microsoft\security\client\temp\tmpdebc.exec:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_netc:\users\user\appdata\roaming\utorrentc:\program files (x86)\avira\antivir desktop\apnic.dllc:\program files (x86)\avira\antivir desktop\apnstub.exec:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exec:\program files (x86)\avira\antivir desktop\offercast_avirav7_.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Post those logs, also let me know if any remaining issues or concerns,

 

Kevin

Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

hello, 

 

 

here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 08:31:15 Run:4
Running from C:\Users\user\Downloads
Loaded Profiles: user &  (Available profiles: user)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [YWLPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
C:\Users\user\AppData\Local\YlPack\lxsyicur.dll
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\...\Run: [Edstion] => regsvr32.exe C:\Users\user\AppData\Local\Edstion\MMNotes.dll <===== ATTENTION
C:\Users\user\AppData\Local\Edstion\MMNotes.dll 
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\YlPack
2015-02-22 04:21 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\user\AppData\Local\Edstion
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49601;https=127.0.0.1:49601;
C:\Users\user\AppData\Local\Temp\APNSetup.exe
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe
cmd: C:\ComboFix.txt
EmptyTemp:
end
 
 
 
*****************
 
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWLPack => value deleted successfully.
"C:\Users\user\AppData\Local\YlPack\lxsyicur.dll" => File/Directory not found.
HKU\S-1-5-21-3343311198-1188524082-4047472181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Edstion => value deleted successfully.
"C:\Users\user\AppData\Local\Edstion\MMNotes.dll" => File/Directory not found.
C:\Users\user\AppData\Local\YlPack => Moved successfully.
C:\Users\user\AppData\Local\Edstion => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\user\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
 
=========  C:\ComboFix.txt =========
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 148.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:33:26 ====
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

OTM log:

 

All processes killed
========== FILES ==========
c:\users\user\downloads\compressed\222_onet\onet\Onet 2 folder moved successfully.
c:\users\user\downloads\compressed\222_onet\onet folder moved successfully.
c:\users\user\downloads\compressed\222_onet folder moved successfully.
c:\users\user\downloads\programs\5x86-S-drp.exe moved successfully.
c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp (1).exe moved successfully.
c:\users\user\downloads\programs\Atheros-FORCED-5x64-drp.exe moved successfully.
c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp (1).exe moved successfully.
c:\users\user\downloads\programs\Atheros-FORCED-5x64-WiFi_10.0.0.222-drp.exe moved successfully.
c:\users\user\downloads\programs\BitTorrent(1).exe moved successfully.
c:\users\user\downloads\programs\BitTorrent.exe moved successfully.
c:\users\user\downloads\programs\cbsidlm-tr1_13-Atheros_AR5005G_Wireless_Network_Adapter-SEO-150076.exe moved successfully.
c:\users\user\downloads\programs\uTorrent.exe moved successfully.
c:\programdata\application data\microsoft\security\client\temp\tmp86DF.exe moved successfully.
c:\programdata\application data\microsoft\security\client\temp\tmpDEBC.exe moved successfully.
File/Folder c:\programdata\microsoft\security\client\temp\tmp86df.exe not found.
File/Folder c:\programdata\microsoft\security\client\temp\tmpdebc.exe not found.
c:\users\user\appdata\roaming\idm\dwnldata\user\liverged_net_1120\liverged_net moved successfully.
c:\users\user\appdata\roaming\uTorrent\share folder moved successfully.
c:\users\user\appdata\roaming\uTorrent\dlimagecache folder moved successfully.
c:\users\user\appdata\roaming\uTorrent\apps folder moved successfully.
c:\users\user\appdata\roaming\uTorrent folder moved successfully.
DllUnregisterServer procedure not found in c:\program files (x86)\avira\antivir desktop\apnic.dll
File move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: user
->Temp folder emptied: 5064377 bytes
->Temporary Internet Files folder emptied: 910251 bytes
->Java cache emptied: 1656879 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 10367314 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03022015_181838
 
Files moved on Reboot...
File move failed. c:\program files (x86)\avira\antivir desktop\apnic.dll scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\apnstub.exe scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\apntoolbarinstaller.exe scheduled to be moved on reboot.
File move failed. c:\program files (x86)\avira\antivir desktop\Offercast_AVIRAV7_.exe scheduled to be moved on reboot.
C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWB9MPN2\desktop.ini not found!
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMJFG8NC\desktop.ini not found!
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQHACCEQ\desktop.ini not found!
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J79ESJZM\desktop.ini not found!
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
aim

aim

Posted
  • Author
Posted

Security Check Log:

 

 Results of screen317's Security Check version 0.99.97  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 11.3.300.257 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
 
So far there's no problem with my pc. everything runs smoothly now. 
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.