Jump to content

Need help with removing Trojan.Zaccess


Recommended Posts

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Thank You!

 

MBAM scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/2/2015
Scan Time: 3:15:14 PM
Logfile: MBAM Scan log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.26.02
Rootkit Database: v2015.09.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Khaos Dragon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395630
Time Elapsed: 34 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Zaccess, HKU\S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^??, Quarantined, [6812be76563589ad523012f0b24e7e82],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

FRST Scan Results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Khaos Dragon (administrator) on CLANMOORE (02-10-2015 18:15:46)
Running from C:\Users\Khaos Dragon\Desktop
Loaded Profiles: Khaos Dragon (Available Profiles: Khaos Dragon)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\❤≸⋙\Ⱒ☠⍨\‮๛\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-14] (Glarysoft Ltd)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\MountPoints2: {932c7307-c8a9-11e2-87bd-00248c6d2608} - K:\iStudio.exe
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-09-07]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D8D031D-7028-4593-BB94-257ABB6AD627}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90123862-F3F4-4CA5-AF8D-DF3F1D05C416}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> DefaultScope {3D3C5E72-0B60-46C2-B03F-3446BABC13CB} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {36C6ABCC-25CB-4516-8E0B-45B171502D2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {3D3C5E72-0B60-46C2-B03F-3446BABC13CB} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://wsfg.webex.com/client/T26L/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Khaos Dragon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Khaos Dragon\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Khaos Dragon\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Extension: Video Downloader - C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\Extensions\klplssqgsg@klplssqgsg.org.xpi [1646-06-29]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
S3 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S3 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
S3 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-02] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-09-25] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2015-03-04] (CACE Technologies, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 18:15 - 2015-10-02 18:20 - 00019790 _____ C:\Users\Khaos Dragon\Desktop\FRST.txt
2015-10-02 18:15 - 2015-10-02 18:19 - 00000000 ____D C:\FRST
2015-10-02 18:13 - 2015-10-02 05:23 - 18801736 _____ C:\Users\Khaos Dragon\Desktop\RogueKiller.exe
2015-10-02 18:13 - 2015-10-02 05:17 - 02192384 _____ (Farbar) C:\Users\Khaos Dragon\Desktop\FRST64.exe
2015-10-02 18:12 - 2015-10-02 05:15 - 01696256 _____ (Farbar) C:\Users\Khaos Dragon\Desktop\FRST.exe
2015-10-02 13:23 - 2015-10-02 13:29 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\HudHeap
2015-09-30 21:36 - 2015-10-01 18:02 - 00000700 _____ C:\Windows\PFRO.log
2015-09-25 17:41 - 2015-09-25 17:41 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-25 17:14 - 2015-09-25 17:14 - 00001734 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-23 16:51 - 2015-09-25 17:39 - 00001656 _____ C:\Windows\system32\.crusader
2015-09-23 16:31 - 2015-09-23 16:31 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-23 16:30 - 2015-09-23 16:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-23 16:27 - 2015-09-25 16:02 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Antimalware
2015-09-21 15:18 - 2015-09-21 15:18 - 00002105 _____ C:\Users\Khaos Dragon\AppData\Roaming\evpro32.prf
2015-09-21 15:08 - 2015-09-28 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamView Pro Test Generator
2015-09-21 15:08 - 2015-09-21 15:08 - 00001373 _____ C:\Users\Public\Desktop\ExamView Pro.lnk
2015-09-21 15:08 - 2015-09-21 15:08 - 00000000 ____D C:\ExamView
2015-09-21 15:08 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-09-20 22:50 - 2015-09-20 22:50 - 00001216 _____ C:\TRo.txt
2015-09-18 13:22 - 2015-09-19 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-12 18:13 - 2015-09-12 18:13 - 00008735 _____ C:\Users\Khaos Dragon\Desktop\Harris Poll.odt
2015-09-11 14:42 - 2015-09-11 14:42 - 00387854 _____ C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI74B7.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 00011434 _____ C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI74B7.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 00001847 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-09-07 21:29 - 2015-09-07 21:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01005.Wdf
2015-09-07 21:26 - 2007-01-19 18:24 - 00025312 ____R (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2015-09-07 21:23 - 2015-09-07 21:23 - 00000763 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk
2015-09-07 21:23 - 2015-09-07 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie
2015-09-07 21:23 - 2015-09-07 21:23 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-09-07 21:23 - 2011-12-12 17:37 - 01229568 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys
2015-09-07 21:23 - 2011-03-30 21:54 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2015-09-07 21:23 - 2011-03-30 21:51 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2015-09-07 21:23 - 2011-03-30 21:51 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2015-09-07 21:23 - 2010-02-03 11:20 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2015-09-07 21:23 - 2006-11-02 08:04 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll
2015-09-07 21:21 - 2015-09-07 21:21 - 35770251 _____ C:\Users\Khaos Dragon\Desktop\WNDA3100v2 Software Version 2.0.0.1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 18:14 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 18:14 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 18:11 - 2009-04-07 16:02 - 01807900 _____ C:\Windows\WindowsUpdate.log
2015-10-02 17:31 - 2014-07-10 22:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 16:59 - 2013-08-08 14:43 - 00000352 ____H C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job
2015-10-02 16:37 - 2009-02-18 07:45 - 00003588 _____ C:\Windows\System32\Tasks\HP Health Check
2015-10-02 16:32 - 2011-02-13 09:08 - 00000312 _____ C:\Windows\Tasks\iMeshNAG.job
2015-10-02 16:32 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 16:31 - 2006-11-02 11:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-02 15:30 - 2012-02-05 19:20 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
2015-10-02 13:30 - 2015-06-16 17:48 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Bills
2015-10-02 13:29 - 2014-10-06 22:09 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Moorehouse
2015-10-02 13:26 - 2014-06-27 19:23 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\SchoolHome
2015-09-30 21:36 - 2014-08-04 20:58 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Roaming\DiskDefrag
2015-09-30 14:45 - 2013-11-06 22:44 - 00004284 _____ C:\Users\Khaos Dragon\AppData\Roaming\DreamCalc DC4G.dat
2015-09-30 14:45 - 2009-02-18 07:13 - 00000000 ____D C:\ProgramData\Temp
2015-09-29 21:30 - 2012-02-05 19:20 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
2015-09-26 08:21 - 2013-03-22 13:16 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Roaming\Skype
2015-09-26 07:07 - 2014-12-03 18:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-25 18:36 - 2014-12-03 18:16 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\mbar
2015-09-25 17:41 - 2014-08-28 21:52 - 00005324 _____ C:\Users\Khaos Dragon\AppData\Local\d3d9caps.dat
2015-09-25 17:41 - 2009-05-07 16:59 - 00000000 ____D C:\Users\Khaos Dragon
2015-09-25 16:07 - 2014-12-05 18:42 - 00000000 ____D C:\AdwCleaner
2015-09-25 16:02 - 2006-11-02 08:46 - 00833914 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-24 17:01 - 2014-08-04 20:58 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-23 00:21 - 2014-08-04 20:58 - 00003328 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-09-23 00:21 - 2014-08-04 20:58 - 00002988 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-09-23 00:21 - 2014-08-04 20:58 - 00000893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-09-22 23:37 - 2015-04-16 18:57 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
2015-09-22 23:37 - 2015-04-16 18:57 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
2015-09-22 23:26 - 2015-04-16 18:57 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA
2015-09-22 23:26 - 2015-04-16 18:57 - 00003450 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core
2015-09-22 23:09 - 2015-07-26 22:43 - 00000000 ____D C:\ProgramData\PogoDGC
2015-09-22 23:09 - 2015-07-26 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2015-09-22 18:57 - 2012-04-03 14:14 - 00003718 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A726788E-C4ED-4EA4-8EA5-B8D640168EE0}
2015-09-22 18:55 - 2011-12-27 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-22 18:54 - 2010-04-25 00:05 - 00000000 ____D C:\Windows\Minidump
2015-09-22 17:16 - 2015-02-27 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-09-22 17:16 - 2015-02-27 15:08 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-09-22 17:16 - 2015-02-27 15:06 - 00000000 ____D C:\Program Files (x86)\epson
2015-09-22 17:16 - 2009-02-18 07:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-22 01:54 - 2015-05-18 13:14 - 00000000 ____D C:\Users\Khaos Dragon\Documents\UserTesting
2015-09-22 01:36 - 2015-04-29 15:11 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\UserTestingPlugin
2015-09-22 00:33 - 2010-02-02 23:55 - 00000000 ____D C:\Users\Khaos Dragon\Documents\Dungeons and Dragons Online
2015-09-22 00:00 - 2014-11-06 15:35 - 00000000 ____D C:\ProgramData\HappyCloud
2015-09-21 18:27 - 2009-05-07 17:07 - 00086736 _____ C:\Users\Khaos Dragon\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-21 18:24 - 2006-11-02 11:21 - 00341264 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-20 03:51 - 2014-11-06 15:30 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\Dungeons & Dragons Online
2015-09-19 06:23 - 2012-06-06 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-18 09:09 - 2009-05-08 09:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-15 01:00 - 2014-09-11 15:39 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\NETGEARGenie
2015-09-11 20:45 - 2012-04-02 14:35 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-11 20:45 - 2011-05-13 00:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-11 14:42 - 2014-09-11 15:39 - 00001859 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-09-11 14:42 - 2014-09-11 15:38 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie

==================== Files in the root of some directories =======

2001-06-20 16:34 - 2004-09-23 20:57 - 0298496 _____ (Apple Computer, Inc.) C:\Program Files\PictureViewer.exe
2001-06-20 16:34 - 2004-09-23 20:57 - 0233984 _____ (Apple Computer, Inc.) C:\Program Files\QTInfo.exe
2012-02-07 23:35 - 2012-02-07 23:35 - 0796536 _____ (Apple Inc.) C:\Program Files\QTPlugin.ocx
2012-02-07 23:35 - 2012-02-07 23:35 - 0421888 _____ (Apple Inc.) C:\Program Files\qttask.exe
2004-09-23 17:57 - 2004-09-23 17:57 - 0003289 _____ () C:\Program Files\QuickTime Read Me.htm
2001-06-20 16:34 - 2004-09-23 20:57 - 1099776 _____ (Apple Computer, Inc.) C:\Program Files\QuickTimePlayer.exe
2001-06-20 16:34 - 2004-09-23 20:57 - 0147968 _____ (Apple Computer, Inc.) C:\Program Files\QuickTimeUpdater.exe
2001-06-20 16:34 - 2004-09-23 17:55 - 0082395 _____ () C:\Program Files\Sample.mov
2001-06-20 16:34 - 2004-09-23 17:55 - 0029363 _____ () C:\Program Files\Sample.qtif
2015-06-18 15:17 - 2015-06-18 15:17 - 0895304 _____ (Apple Inc.) C:\Program Files (x86)\QTOControl.dll
2015-06-18 15:17 - 2015-06-18 15:17 - 0821576 _____ (Apple Inc.) C:\Program Files (x86)\QTOLibrary.dll
2015-06-18 15:24 - 2015-06-18 15:24 - 0797000 _____ (Apple Inc.) C:\Program Files (x86)\QTPlugin.ocx
2015-06-17 00:23 - 2015-06-17 00:23 - 0421888 _____ (Apple Inc.) C:\Program Files (x86)\QTTask.exe
2015-06-18 15:17 - 2015-06-18 15:17 - 0366920 _____ (Apple Inc.) C:\Program Files (x86)\QTUIPanelControl.dll
2015-06-18 15:16 - 2015-06-18 15:16 - 0006238 _____ () C:\Program Files (x86)\QuickTime Read Me.htm
2015-06-18 15:17 - 2015-06-18 15:17 - 9288008 _____ (Apple Inc.) C:\Program Files (x86)\QuickTimePlayer.dll
2015-06-18 15:24 - 2015-06-18 15:24 - 1235288 _____ (Apple Inc.) C:\Program Files (x86)\QuickTimePlayer.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 0055622 _____ () C:\Program Files (x86)\Sample.mov
2014-11-12 03:52 - 2014-11-12 20:03 - 0000288 _____ () C:\Users\Khaos Dragon\AppData\Roaming\7BDD9E9B.reg
2014-03-31 00:53 - 2014-03-31 00:53 - 0000288 _____ () C:\Users\Khaos Dragon\AppData\Roaming\D8E85835.reg
2014-11-12 19:40 - 2014-11-12 19:40 - 0008534 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:40 - 2014-11-12 19:40 - 0004210 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:40 - 2014-11-12 19:40 - 0000272 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2013-11-06 22:44 - 2015-09-30 14:45 - 0004284 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DreamCalc DC4G.dat
2015-09-21 15:18 - 2015-09-21 15:18 - 0002105 _____ () C:\Users\Khaos Dragon\AppData\Roaming\evpro32.prf
2014-03-31 17:04 - 2014-03-31 17:04 - 0002777 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-31 17:04 - 2014-03-31 17:04 - 0001261 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-31 17:04 - 2014-03-31 17:04 - 0000133 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.URL
2014-03-31 00:53 - 2014-11-12 20:03 - 0009728 _____ () C:\Users\Khaos Dragon\AppData\Roaming\mcp.ico
2009-05-21 18:03 - 2014-03-31 17:04 - 0026710 _____ () C:\Users\Khaos Dragon\AppData\Roaming\UserTile.png
2011-10-22 00:59 - 2014-03-31 17:04 - 0001110 _____ () C:\Users\Khaos Dragon\AppData\Roaming\wabbitemu.gif
2009-11-12 17:13 - 2014-01-20 17:07 - 0003686 _____ () C:\Users\Khaos Dragon\AppData\Roaming\wklnhst.dat
2014-11-12 03:36 - 2014-11-12 03:36 - 0000448 ____H () C:\Users\Khaos Dragon\AppData\Roaming\麽鎒駓覜
2014-08-28 21:52 - 2015-09-25 17:41 - 0005324 _____ () C:\Users\Khaos Dragon\AppData\Local\d3d9caps.dat
2009-05-12 06:06 - 2014-08-02 00:02 - 0019968 _____ () C:\Users\Khaos Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-27 18:25 - 2014-03-31 17:00 - 0551792 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0070768 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_depcheck_VB_EXP_90.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0000624 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_dotnetfx35error.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0371568 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_dotnetfx35install.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0004720 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_error_vb_xcor_90.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 1219696 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_ExpRemoteDbg_x64_MSI422B.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0306544 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_install_vb_xcor_90.txt
2013-11-08 19:49 - 2014-03-31 17:00 - 2487664 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_MSDNExp_MSI4650.txt
2013-11-08 19:49 - 2014-03-31 17:00 - 0351856 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_SQLCEToolsForVS2007_MSI45EE.txt
2013-11-08 19:48 - 2014-03-31 17:00 - 0379248 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_SSCERuntime_MSI45DE.txt
2015-06-13 15:39 - 2015-06-13 15:39 - 0388594 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI2841.txt
2010-08-09 18:03 - 2014-03-31 17:00 - 0372080 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI2DA9.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0498800 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI5EF5.txt
2011-12-27 18:34 - 2014-03-31 17:00 - 0448368 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI65FF.txt
2011-12-27 18:42 - 2014-03-31 17:00 - 0445296 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI6C5D.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 0387854 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI74B7.txt
2015-06-13 15:39 - 2015-06-13 15:39 - 0014124 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI2841.txt
2010-08-09 18:03 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI2DA9.txt
2014-04-09 17:23 - 2014-04-09 17:23 - 0013328 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI3AB8.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0012400 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI5EF5.txt
2011-12-27 18:34 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI65FF.txt
2011-12-27 18:42 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI6C5D.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 0011434 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI74B7.txt
2013-11-08 19:43 - 2014-03-31 17:00 - 0920432 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_VC_MinRed_MSI41FA.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 0220272 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_WinSDK_ExpTools_x64_MSI4280.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 0213872 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI4297.txt
2014-11-12 19:39 - 2014-11-12 19:39 - 0008534 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:39 - 2014-11-12 19:39 - 0004210 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:39 - 2014-11-12 19:39 - 0000272 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.URL
2010-02-02 23:45 - 2010-02-02 23:45 - 0000100 _____ () C:\Users\Khaos Dragon\AppData\Local\fusioncache.dat
2014-03-31 17:03 - 2014-03-31 17:03 - 0002777 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.HTML
2014-03-31 17:03 - 2014-03-31 17:03 - 0001261 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.TXT
2014-03-31 17:03 - 2014-03-31 17:03 - 0000133 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.URL
2014-03-25 22:26 - 2014-03-25 22:26 - 0006866 _____ () C:\Users\Khaos Dragon\AppData\Local\recently-used.xbel
2015-08-03 15:56 - 2015-08-03 15:56 - 0136681 _____ () C:\Users\Khaos Dragon\AppData\Local\tmpIMG024(1).JPG
2015-08-03 16:01 - 2015-08-03 16:01 - 0104359 _____ () C:\Users\Khaos Dragon\AppData\Local\tmpIMG025.JPG
2011-12-27 18:25 - 2014-03-31 17:02 - 0011888 _____ () C:\Users\Khaos Dragon\AppData\Local\uxeventlog.txt
2013-11-08 19:44 - 2014-03-31 17:03 - 11415920 _____ () C:\Users\Khaos Dragon\AppData\Local\VSMsiLog42AA.txt
2013-11-08 19:43 - 2013-11-08 19:43 - 0001470 _____ () C:\Users\Khaos Dragon\AppData\Local\VWL7CE0.tmp
2013-11-08 19:52 - 2013-11-08 19:54 - 0001906 _____ () C:\Users\Khaos Dragon\AppData\Local\VWLC1EF.tmp
2014-11-12 03:37 - 2014-11-12 03:37 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 03:37 - 2014-11-12 03:37 - 0000256 ____H () C:\ProgramData\@system3.att
2014-11-12 19:37 - 2014-11-12 19:37 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:37 - 2014-11-12 19:37 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:37 - 2014-11-12 19:37 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-03-31 17:00 - 2014-03-31 17:00 - 0002777 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-03-31 17:00 - 2014-03-31 17:00 - 0001261 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-03-31 17:00 - 2014-03-31 17:00 - 0000133 _____ () C:\ProgramData\HOW_DECRYPT.URL
ZeroAccess:
C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Khaos Dragon\gusetup.exe
C:\Users\Khaos Dragon\HPPDU.exe
C:\Users\Khaos Dragon\java.exe
C:\Users\Khaos Dragon\jucheck.exe
C:\Users\Khaos Dragon\opera.exe
C:\Users\Khaos Dragon\skype.exe
C:\Users\Khaos Dragon\Windows6.0-KB948465-X64.exe
C:\Users\Khaos Dragon\wordview_en-us.exe
C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-02 16:38

==================== End of FRST.txt ============================

 

 

Additional Scan Results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Khaos Dragon (2015-10-02 18:20:51)
Running from C:\Users\Khaos Dragon\Desktop
Windows Vista Home Premium Service Pack 2 (X64) (2009-04-07 19:58:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2433799625-329232116-3839749839-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2433799625-329232116-3839749839-1002 - Limited - Enabled)
Guest (S-1-5-21-2433799625-329232116-3839749839-501 - Limited - Disabled)
Khaos Dragon (S-1-5-21-2433799625-329232116-3839749839-1000 - Administrator - Enabled) => C:\Users\Khaos Dragon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Activity Tracker (HKLM-x32\...\com.connectionsEducation.activityTracker) (Version: 2.1 - Connections Education, LLC)
Activity Tracker (x32 Version: 2.1 - Connections Education, LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Wonders (HKLM-x32\...\Age of Wonders) (Version:  - )
Age of Wonders II (HKLM-x32\...\Age of Wonders II) (Version:  - )
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate & Tales of the Sword Coast (HKLM-x32\...\Baldur's Gate & Tales of the Sword Coast) (Version:  - )
Bejeweled (HKLM-x32\...\f35d0f28db1e9b4d3f0556ee3baee42c) (Version:  - GameHouse)
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Circuit Construction Kit (DC Only), Virtual Lab (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Circuit Construction Kit (DC Only), Virtual Lab) (Version:  - University of Colorado, Department of Physics)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DreamCalc DCG4.8.0 (CA2013-2014) (HKLM-x32\...\DreamCalcDC4G_is1) (Version: DCG4.8.0 - Big Angry Dog Ltd)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.10.01.801 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 01.10.01.8011 - Atari, Inc.)
Dungeons and Dragons Online (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\DDO_highres_en) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EverQuest (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
ExamView Pro (HKLM-x32\...\ExamView Pro) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Faraday's Electromagnetic Lab (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Faraday's Electromagnetic Lab) (Version:  - University of Colorado, Department of Physics)
Firefly Online Cortex (HKLM-x32\...\Steam App 343750) (Version:  - Spark Plug Games)
Forces in 1 Dimension (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Forces in 1 Dimension) (Version:  - University of Colorado, Department of Physics)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 2.5.0 - Blue Labs, LLC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.34 (HKLM-x32\...\Glary Utilities 5) (Version: 5.34.0.54 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 Map Editor (HKLM-x32\...\InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}) (Version: 1.00.0000 - Microsoft Game Studios)
Halo 2 Map Editor (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Happy Cloud Client (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP Demo (HKLM-x32\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2431 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1231 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM-x32\...\Master of Orion 1 and 2_is1) (Version:  - GOG.com)
Master of Orion 3 (HKLM-x32\...\Master of Orion 3) (Version:  - )
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 12.8.908 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office Professional (HKLM-x32\...\MSOffice) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
MSN (HKLM-x32\...\MSNINST) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Fusion 2 (HKLM-x32\...\Multimedia Fusion 2) (Version:  - )
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
NPR Radio Toolbar (HKLM-x32\...\NPR_Radio Toolbar) (Version: 6.2.6.0 - NPR Radio)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.11 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Scrabble v2.0 (HKLM-x32\...\Scrabble v2.0) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Sound (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Sound) (Version:  - University of Colorado, Department of Physics)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
The Lord of the Rings Online™ v03.03.05.8039 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.05.8039 - Turbine, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{4C5C54C1-176A-3C75-3BE2-DD8339DB2747}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{934CDBD0-57FF-7C9B-72E2-0127A0DD050C}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{9A3277D1-CDFD-68A2-1636-AAC5E086447A}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{F289B241-BA84-EE97-0993-0009F4BBEA70}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)

==================== Restore Points =========================

25-09-2015 18:35:57 Malwarebytes Anti-Rootkit Restore Point
28-09-2015 16:06:51 Scheduled Checkpoint
29-09-2015 19:40:44 Scheduled Checkpoint
30-09-2015 16:20:46 Scheduled Checkpoint
02-10-2015 16:29:25 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E99F11-1C41-456B-ADDA-0A71A8AEF51C} - \iMeshNAG -> No File <==== ATTENTION
Task: {1B19B4FC-6E0D-4B5F-B71B-0D615F15BADC} - System32\Tasks\{3C5C5E2E-BD7E-4954-BB57-2AAD96A2C6C9} => pcalua.exe -a C:\MSOffice\Access\WRKGADM.EXE -d C:\MSOffice
Task: {1E4D0A68-E2D2-4E85-8E87-8965E8B7A556} - \task2020743 -> No File <==== ATTENTION
Task: {2315D411-9C41-482E-A375-3649C3AFBDA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {2CEEB9BF-7216-42B8-B715-808BA0731A03} - System32\Tasks\{9A0766B5-0530-43FC-9B00-00B9AF95A188} => pcalua.exe -a "C:\Users\Khaos Dragon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WB200ME\aow136[1].exe" -d "C:\Users\Khaos Dragon"
Task: {523C31C4-1B75-41EB-82E6-7EE2B86ECC60} - \task5975540 -> No File <==== ATTENTION
Task: {60D19DA9-433C-4748-8688-78600C1B8C85} - \{795DE8E9-687A-4868-9DEF-20275415B798} -> No File <==== ATTENTION
Task: {622F572A-FDDA-4D7F-8FCD-AB67C3A8C9BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {66EE142F-0AAE-4224-8BF4-D75B06D8BB62} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()
Task: {6F92FF09-DEC9-4320-94A7-4B8061218B9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {7325BAFF-18A6-44ED-B956-35744BFA7969} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-09-14] (Glarysoft Ltd)
Task: {76090BD5-F98C-48C9-BA17-881C44FC283F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {7DCCFBAE-89B8-4C20-A137-694AE4823A66} - System32\Tasks\{AEB8153F-15FE-49AF-ABBB-72174E6AACF6} => pcalua.exe -a "C:\Users\Khaos Dragon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY8CRG4C\WordViewer2003SP3-KB934736-FullFile-ENU[1].exe" -d "C:\Users\Khaos Dragon\Desktop"
Task: {9B802B23-FCF7-4620-A93A-A8A207A6333C} - System32\Tasks\task6509750 => C:\Users\KHAOSD~1\AppData\Local\Temp\temp917254695.exe <==== ATTENTION
Task: {9E1EFA12-C63E-4D07-9CCF-1DFA2AF2B8B0} - System32\Tasks\{2D042B84-06E4-4D1C-BD2D-0FEE878E52D2} => pcalua.exe -a C:\PROGRA~2\NPR_RA~1\UNWISE.EXE -c   /U C:\PROGRA~2\NPR_RA~1\INSTALL.LOG
Task: {A0028F8C-4E07-4431-B836-4021CC17B785} - System32\Tasks\{41D972CE-089C-40AD-B7BF-2672D74196EC} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net --displayname="Battle.net"
Task: {A073A6EB-7A72-4902-AF4B-D5B295BB62E6} - System32\Tasks\{5B64DB17-8A53-4D3F-A939-5651D1092457} => pcalua.exe -a "C:\Program Files\QuickTimePlayer.exe" -d "c:\program files"
Task: {A3C96975-375E-4E98-B51A-7175BB403A99} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {BA31320E-B2AA-4613-8684-55BCBC5776B4} - System32\Tasks\{C965777B-860E-41DF-ABE7-B90317F61C03} => pcalua.exe -a "E:\Setup VPS.exe" -d E:\
Task: {D012DD01-B61F-43FE-81A9-F852B6EEBBDC} - System32\Tasks\task2733137 => C:\Users\KHAOSD~1\AppData\Local\Temp\temp4185216281.exe <==== ATTENTION
Task: {D53A16D5-5B20-405D-A484-110FB0836E64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16] (Google Inc.)
Task: {D6C4590A-5083-49E2-A7AD-08696DF817A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {E3D6D537-0EC9-4F0F-8AA2-D15F143DAA6A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Khaos Dragon => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {F0AB6685-3BE9-4EFA-BF5D-7D29E74F614B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-09-14] (Glarysoft Ltd)
Task: {F2784252-AA6B-4749-A71A-7A5DE72C8565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\iMeshNAG.job => C:\Users\KHAOSD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job => C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad\fbdcbfceabad.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-07 21:23 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2011-04-13 15:30 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-07 21:23 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2015-09-07 21:23 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2015-09-14 02:15 - 2015-09-14 02:15 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2008-12-15 20:15 - 2008-12-15 20:15 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-09-07 21:23 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:65B93B6A
AlternateDataStreams: C:\ProgramData\Temp:E369BDA7

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Fast Start.lnk => C:\Windows\pss\Microsoft Office Fast Start.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Find Fast Indexer.lnk => C:\Windows\pss\Microsoft Office Find Fast Indexer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Khaos Dragon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe CSS5.1 Manager => C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad\fbdcbfceabad.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Khaos Dragon\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: QuickTime Task => "C:\program files\qttask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
MSCONFIG\startupreg: TVAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [sLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{FC754B08-7AA5-426A-82ED-5BF1CA913858}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{DF4C9DD6-9918-4A87-9116-35937E4DF5BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D880C128-74D1-4ACA-9A93-9F739D296335}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [uDP Query User{17C08194-C7C9-4906-9056-23D664967A02}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 04:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2015 03:30:09 PM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (10/02/2015 01:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2015 09:59:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2015 06:30:07 PM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (10/01/2015 06:03:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2015 12:30:07 AM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2015 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 03:30:09 PM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2015 02:56:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/02/2015 06:10:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (10/02/2015 04:35:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/02/2015 04:35:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (10/02/2015 04:33:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Anti-Malware Core%%1053

Error: (10/02/2015 04:33:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Anti-Malware Core

Error: (10/02/2015 04:33:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Inc. mfeapfk%%1243

Error: (10/02/2015 01:22:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/02/2015 01:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Anti-Malware Core%%1053

Error: (10/02/2015 01:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Anti-Malware Core

Error: (10/02/2015 01:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Inc. mfeapfk%%1243


CodeIntegrity:
===================================
  Date: 2015-10-02 18:20:03.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 18:20:02.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 18:20:02.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 18:20:01.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:33:07.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:01:32.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:01:31.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:01:30.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:01:30.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-02 16:01:29.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 4085.33 MB
Available physical RAM: 2290.29 MB
Total Virtual: 8375.94 MB
Available Virtual: 6555.95 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.91 GB) (Free:193.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.85 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=452.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Roguekiller Results:

 

RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Khaos Dragon [Administrator]
Started from : C:\Users\Khaos Dragon\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/02/2015 18:44:54

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[ZeroAccess] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google Update|?? : "C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\???\???\???\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\GoogleUpdate.exe" >  -> Found
[ZeroAccess] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google Update|?? : "C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\???\???\???\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\GoogleUpdate.exe" >  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : http://home.microsoft.com/search/lobby/search.asp -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://home.microsoft.com/search/search.asp -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 61c3243436e0d0ecb8e0a76c980138d9
[bSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463782 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 949827060 | Size: 13154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin

Fixlist.txt

Link to post
Share on other sites

This reply will be in several posts.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Khaos Dragon (2015-10-03 22:45:38) Run:1
Running from C:\Users\Khaos Dragon\Desktop
Loaded Profiles: Khaos Dragon (Available Profiles: Khaos Dragon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\MountPoints2: {932c7307-c8a9-11e2-87bd-00248c6d2608} - K:\iStudio.exe
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
2014-11-12 03:52 - 2014-11-12 20:03 - 0000288 _____ () C:\Users\Khaos Dragon\AppData\Roaming\7BDD9E9B.reg
2014-03-31 00:53 - 2014-03-31 00:53 - 0000288 _____ () C:\Users\Khaos Dragon\AppData\Roaming\D8E85835.reg
2014-11-12 19:40 - 2014-11-12 19:40 - 0008534 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:40 - 2014-11-12 19:40 - 0004210 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:40 - 2014-11-12 19:40 - 0000272 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-03-31 17:04 - 2014-03-31 17:04 - 0002777 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-31 17:04 - 2014-03-31 17:04 - 0001261 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-31 17:04 - 2014-03-31 17:04 - 0000133 _____ () C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.URL
2014-11-12 19:39 - 2014-11-12 19:39 - 0008534 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:39 - 2014-11-12 19:39 - 0004210 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:39 - 2014-11-12 19:39 - 0000272 _____ () C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-03-31 17:03 - 2014-03-31 17:03 - 0002777 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.HTML
2014-03-31 17:03 - 2014-03-31 17:03 - 0001261 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.TXT
2014-03-31 17:03 - 2014-03-31 17:03 - 0000133 _____ () C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.URL
2013-11-08 19:43 - 2013-11-08 19:43 - 0001470 _____ () C:\Users\Khaos Dragon\AppData\Local\VWL7CE0.tmp
2013-11-08 19:52 - 2013-11-08 19:54 - 0001906 _____ () C:\Users\Khaos Dragon\AppData\Local\VWLC1EF.tmp
2014-11-12 03:37 - 2014-11-12 03:37 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 03:37 - 2014-11-12 03:37 - 0000256 ____H () C:\ProgramData\@system3.att
2014-11-12 19:37 - 2014-11-12 19:37 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:37 - 2014-11-12 19:37 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-12 19:37 - 2014-11-12 19:37 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-03-31 17:00 - 2014-03-31 17:00 - 0002777 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-03-31 17:00 - 2014-03-31 17:00 - 0001261 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-03-31 17:00 - 2014-03-31 17:00 - 0000133 _____ () C:\ProgramData\HOW_DECRYPT.URL
C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install
C:\Users\Khaos Dragon\gusetup.exe
C:\Users\Khaos Dragon\HPPDU.exe
C:\Users\Khaos Dragon\java.exe
C:\Users\Khaos Dragon\jucheck.exe
C:\Users\Khaos Dragon\opera.exe
C:\Users\Khaos Dragon\skype.exe
C:\Users\Khaos Dragon\Windows6.0-KB948465-X64.exe
C:\Users\Khaos Dragon\wordview_en-us.exe
C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job
Task: {09E99F11-1C41-456B-ADDA-0A71A8AEF51C} - \iMeshNAG -> No File <==== ATTENTION
Task: {1E4D0A68-E2D2-4E85-8E87-8965E8B7A556} - \task2020743 -> No File <==== ATTENTION
Task: {523C31C4-1B75-41EB-82E6-7EE2B86ECC60} - \task5975540 -> No File <==== ATTENTION
Task: {60D19DA9-433C-4748-8688-78600C1B8C85} - \{795DE8E9-687A-4868-9DEF-20275415B798} -> No File <==== ATTENTION
Task: {9B802B23-FCF7-4620-A93A-A8A207A6333C} - System32\Tasks\task6509750 => C:\Users\KHAOSD~1\AppData\Local\Temp\temp917254695.exe <==== ATTENTION
C:\Users\KHAOSD~1\AppData\Local\Temp\temp917254695.exe
Task: {D012DD01-B61F-43FE-81A9-F852B6EEBBDC} - System32\Tasks\task2733137 => C:\Users\KHAOSD~1\AppData\Local\Temp\temp4185216281.exe <==== ATTENTION
C:\Users\KHAOSD~1\AppData\Local\Temp\temp4185216281.exe
Task: C:\Windows\Tasks\iMeshNAG.job => C:\Users\KHAOSD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
C:\Users\KHAOSD~1\AppData\Local\Temp\iMesh_setup.exe
Task: C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job => C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad\fbdcbfceabad.exe
C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad
AlternateDataStreams: C:\ProgramData\Temp:65B93B6A
AlternateDataStreams: C:\ProgramData\Temp:E369BDA7
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => value could not remove. Error in Deleting Value: C0000034
"C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}" => File/Folder not found.
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => value removed successfully
"HKU\S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932c7307-c8a9-11e2-87bd-00248c6d2608}" => key removed successfully
HKCR\CLSID\{932c7307-c8a9-11e2-87bd-00248c6d2608} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
IpInIp => service removed successfully
PCD5SRVC{8AAF211B-043E02A9-05040000} => service removed successfully
C:\Users\Khaos Dragon\AppData\Roaming\7BDD9E9B.reg => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\D8E85835.reg => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\DECRYPT_INSTRUCTION.URL => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.HTML => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.TXT => moved successfully
C:\Users\Khaos Dragon\AppData\Roaming\HOW_DECRYPT.URL => moved successfully
C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.HTML => moved successfully
C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.TXT => moved successfully
C:\Users\Khaos Dragon\AppData\Local\DECRYPT_INSTRUCTION.URL => moved successfully
C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.HTML => moved successfully
C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.TXT => moved successfully
C:\Users\Khaos Dragon\AppData\Local\HOW_DECRYPT.URL => moved successfully
C:\Users\Khaos Dragon\AppData\Local\VWL7CE0.tmp => moved successfully
C:\Users\Khaos Dragon\AppData\Local\VWLC1EF.tmp => moved successfully
C:\ProgramData\@system.temp => moved successfully
C:\ProgramData\@system3.att => moved successfully
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => moved successfully
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => moved successfully
C:\ProgramData\DECRYPT_INSTRUCTION.URL => moved successfully
C:\ProgramData\HOW_DECRYPT.HTML => moved successfully
C:\ProgramData\HOW_DECRYPT.TXT => moved successfully
C:\ProgramData\HOW_DECRYPT.URL => moved successfully
C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install => moved successfully
C:\Users\Khaos Dragon\gusetup.exe => moved successfully
C:\Users\Khaos Dragon\HPPDU.exe => moved successfully
C:\Users\Khaos Dragon\java.exe => moved successfully
C:\Users\Khaos Dragon\jucheck.exe => moved successfully
C:\Users\Khaos Dragon\opera.exe => moved successfully
C:\Users\Khaos Dragon\skype.exe => moved successfully
C:\Users\Khaos Dragon\Windows6.0-KB948465-X64.exe => moved successfully
C:\Users\Khaos Dragon\wordview_en-us.exe => moved successfully
C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{09E99F11-1C41-456B-ADDA-0A71A8AEF51C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E99F11-1C41-456B-ADDA-0A71A8AEF51C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iMeshNAG" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E4D0A68-E2D2-4E85-8E87-8965E8B7A556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E4D0A68-E2D2-4E85-8E87-8965E8B7A556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task2020743" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{523C31C4-1B75-41EB-82E6-7EE2B86ECC60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{523C31C4-1B75-41EB-82E6-7EE2B86ECC60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task5975540" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60D19DA9-433C-4748-8688-78600C1B8C85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60D19DA9-433C-4748-8688-78600C1B8C85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{795DE8E9-687A-4868-9DEF-20275415B798}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B802B23-FCF7-4620-A93A-A8A207A6333C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B802B23-FCF7-4620-A93A-A8A207A6333C}" => key removed successfully
C:\Windows\System32\Tasks\task6509750 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task6509750" => key removed successfully
"C:\Users\KHAOSD~1\AppData\Local\Temp\temp917254695.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D012DD01-B61F-43FE-81A9-F852B6EEBBDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D012DD01-B61F-43FE-81A9-F852B6EEBBDC}" => key removed successfully
C:\Windows\System32\Tasks\task2733137 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task2733137" => key removed successfully
"C:\Users\KHAOSD~1\AppData\Local\Temp\temp4185216281.exe" => File/Folder not found.
C:\Windows\Tasks\iMeshNAG.job => moved successfully
"C:\Users\KHAOSD~1\AppData\Local\Temp\iMesh_setup.exe" => File/Folder not found.
C:\Windows\Tasks\{795DE8E9-687A-4868-9DEF-20275415B798}.job => not found.
C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad => moved successfully
C:\ProgramData\Temp => ":65B93B6A" ADS removed successfully.
C:\ProgramData\Temp => ":E369BDA7" ADS removed successfully.
EmptyTemp: => 173.2 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 23:14:17 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/3/2015
Scan Time: 11:23:33 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.26.02
Rootkit Database: v2015.09.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Khaos Dragon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389859
Time Elapsed: 29 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Zaccess, HKU\S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^??, Quarantined, [afcba68e503bbd79b6cccd355da3827e],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

# AdwCleaner v5.008 - Logfile created 04/10/2015 at 00:44:00
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Local]
# Operating system : Windows Vista Home Premium Service Pack 2 (x64)
# Username : Khaos Dragon - CLANMOORE
# Running from : C:\Users\Khaos Dragon\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

*************************

C:\AdwCleanerDebug.txt - [55 bytes] - [05/12/2014 18:42:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [736 bytes] ##########

Link to post
Share on other sites

Use the "more reply options" under the reply box when opened. From there select "Browse" to find the file, double click on the file to upload, then single click "Attach This File" to do just that. Repeat as required..

 

I`d also like fresh logs frok FRST:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

Thanks,

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Khaos Dragon (administrator) on CLANMOORE (04-10-2015 14:35:39)
Running from C:\Users\Khaos Dragon\Desktop\Antimalware
Loaded Profiles: Khaos Dragon (Available Profiles: Khaos Dragon)
Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Khaos Dragon\AppData\Local\Google\Desktop\Install\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\❤≸⋙\Ⱒ☠⍨\‮๛\{785f9ada-4d25-9df9-c2c6-794c4ec2bb44}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-14] (Glarysoft Ltd)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-09-07]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D8D031D-7028-4593-BB94-257ABB6AD627}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90123862-F3F4-4CA5-AF8D-DF3F1D05C416}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> DefaultScope {3D3C5E72-0B60-46C2-B03F-3446BABC13CB} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {36C6ABCC-25CB-4516-8E0B-45B171502D2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {3D3C5E72-0B60-46C2-B03F-3446BABC13CB} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL =
SearchScopes: HKU\S-1-5-21-2433799625-329232116-3839749839-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://wsfg.webex.com/client/T26L/nbr/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Khaos Dragon\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2433799625-329232116-3839749839-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Khaos Dragon\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-15] (WildTangent)
S3 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S3 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
S3 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-02] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-09-25] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2015-03-04] (CACE Technologies, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-02] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S1 zvfuxxzt; \??\C:\Windows\system32\drivers\zvfuxxzt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 00:40 - 2015-09-25 15:21 - 01662976 _____ C:\Users\Khaos Dragon\Desktop\AdwCleaner.exe
2015-10-02 21:51 - 2015-10-02 21:51 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Forum Upload
2015-10-02 18:29 - 2015-10-02 19:19 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-02 18:29 - 2015-10-02 18:29 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-02 18:15 - 2015-10-04 14:35 - 00000000 ____D C:\FRST
2015-10-02 13:23 - 2015-10-02 13:29 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\HudHeap
2015-09-30 21:36 - 2015-10-04 00:45 - 00001404 _____ C:\Windows\PFRO.log
2015-09-25 17:41 - 2015-09-25 17:41 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-23 16:51 - 2015-09-25 17:39 - 00001656 _____ C:\Windows\system32\.crusader
2015-09-23 16:31 - 2015-09-23 16:31 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-23 16:30 - 2015-09-23 16:52 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-23 16:27 - 2015-10-04 14:35 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Antimalware
2015-09-21 15:18 - 2015-09-21 15:18 - 00002105 _____ C:\Users\Khaos Dragon\AppData\Roaming\evpro32.prf
2015-09-21 15:08 - 2015-09-28 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamView Pro Test Generator
2015-09-21 15:08 - 2015-09-21 15:08 - 00001373 _____ C:\Users\Public\Desktop\ExamView Pro.lnk
2015-09-21 15:08 - 2015-09-21 15:08 - 00000000 ____D C:\ExamView
2015-09-21 15:08 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-09-20 22:50 - 2015-09-20 22:50 - 00001216 _____ C:\TRo.txt
2015-09-18 13:22 - 2015-09-19 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-12 18:13 - 2015-09-12 18:13 - 00008735 _____ C:\Users\Khaos Dragon\Desktop\Harris Poll.odt
2015-09-11 14:42 - 2015-09-11 14:42 - 00387854 _____ C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI74B7.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 00011434 _____ C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI74B7.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 00001847 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-09-07 21:29 - 2015-09-07 21:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01005.Wdf
2015-09-07 21:26 - 2007-01-19 18:24 - 00025312 ____R (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2015-09-07 21:23 - 2015-09-07 21:23 - 00000763 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk
2015-09-07 21:23 - 2015-09-07 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie
2015-09-07 21:23 - 2015-09-07 21:23 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-09-07 21:23 - 2011-12-12 17:37 - 01229568 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys
2015-09-07 21:23 - 2011-03-30 21:54 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2015-09-07 21:23 - 2011-03-30 21:51 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2015-09-07 21:23 - 2011-03-30 21:51 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2015-09-07 21:23 - 2010-02-03 11:20 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2015-09-07 21:23 - 2006-11-02 08:04 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll
2015-09-07 21:21 - 2015-09-07 21:21 - 35770251 _____ C:\Users\Khaos Dragon\Desktop\WNDA3100v2 Software Version 2.0.0.1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 13:19 - 2009-02-18 07:45 - 00003588 _____ C:\Windows\System32\Tasks\HP Health Check
2015-10-04 13:18 - 2009-04-07 16:02 - 01830913 _____ C:\Windows\WindowsUpdate.log
2015-10-04 13:15 - 2014-07-10 22:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 13:15 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 13:15 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 13:15 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 01:36 - 2006-11-02 11:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-04 01:16 - 2010-02-02 23:58 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Roaming\Mozilla
2015-10-04 00:44 - 2014-12-05 18:42 - 00000000 ____D C:\AdwCleaner
2015-10-04 00:30 - 2012-02-05 19:20 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
2015-10-03 22:45 - 2009-05-07 16:59 - 00000000 ____D C:\Users\Khaos Dragon
2015-10-03 21:30 - 2012-02-05 19:20 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
2015-10-02 13:30 - 2015-06-16 17:48 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Bills
2015-10-02 13:29 - 2014-10-06 22:09 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\Moorehouse
2015-10-02 13:26 - 2014-06-27 19:23 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\SchoolHome
2015-09-30 21:36 - 2014-08-04 20:58 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Roaming\DiskDefrag
2015-09-30 14:45 - 2013-11-06 22:44 - 00004284 _____ C:\Users\Khaos Dragon\AppData\Roaming\DreamCalc DC4G.dat
2015-09-30 14:45 - 2009-02-18 07:13 - 00000000 ____D C:\ProgramData\Temp
2015-09-26 08:21 - 2013-03-22 13:16 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Roaming\Skype
2015-09-26 07:07 - 2014-12-03 18:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-25 18:36 - 2014-12-03 18:16 - 00000000 ____D C:\Users\Khaos Dragon\Desktop\mbar
2015-09-25 17:41 - 2014-08-28 21:52 - 00005324 _____ C:\Users\Khaos Dragon\AppData\Local\d3d9caps.dat
2015-09-25 16:02 - 2006-11-02 08:46 - 00833914 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-24 17:01 - 2014-08-04 20:58 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-09-23 00:21 - 2014-08-04 20:58 - 00003328 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-09-23 00:21 - 2014-08-04 20:58 - 00002988 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-09-23 00:21 - 2014-08-04 20:58 - 00000893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-09-22 23:37 - 2015-04-16 18:57 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
2015-09-22 23:37 - 2015-04-16 18:57 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
2015-09-22 23:26 - 2015-04-16 18:57 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA
2015-09-22 23:26 - 2015-04-16 18:57 - 00003450 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core
2015-09-22 23:09 - 2015-07-26 22:43 - 00000000 ____D C:\ProgramData\PogoDGC
2015-09-22 23:09 - 2015-07-26 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2015-09-22 18:57 - 2012-04-03 14:14 - 00003718 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A726788E-C4ED-4EA4-8EA5-B8D640168EE0}
2015-09-22 18:55 - 2011-12-27 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-22 18:54 - 2010-04-25 00:05 - 00000000 ____D C:\Windows\Minidump
2015-09-22 17:16 - 2015-02-27 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-09-22 17:16 - 2015-02-27 15:08 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-09-22 17:16 - 2015-02-27 15:06 - 00000000 ____D C:\Program Files (x86)\epson
2015-09-22 17:16 - 2009-02-18 07:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-22 01:54 - 2015-05-18 13:14 - 00000000 ____D C:\Users\Khaos Dragon\Documents\UserTesting
2015-09-22 01:36 - 2015-04-29 15:11 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\UserTestingPlugin
2015-09-22 00:33 - 2010-02-02 23:55 - 00000000 ____D C:\Users\Khaos Dragon\Documents\Dungeons and Dragons Online
2015-09-22 00:00 - 2014-11-06 15:35 - 00000000 ____D C:\ProgramData\HappyCloud
2015-09-21 18:27 - 2009-05-07 17:07 - 00086736 _____ C:\Users\Khaos Dragon\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-21 18:24 - 2006-11-02 11:21 - 00341264 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-20 03:51 - 2014-11-06 15:30 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\Dungeons & Dragons Online
2015-09-19 06:23 - 2012-06-06 17:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-18 09:09 - 2009-05-08 09:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-15 01:00 - 2014-09-11 15:39 - 00000000 ____D C:\Users\Khaos Dragon\AppData\Local\NETGEARGenie
2015-09-11 20:45 - 2012-04-02 14:35 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-11 20:45 - 2011-05-13 00:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-11 14:42 - 2014-09-11 15:39 - 00001859 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-09-11 14:42 - 2014-09-11 15:38 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie

==================== Files in the root of some directories =======

2001-06-20 16:34 - 2004-09-23 20:57 - 0298496 _____ (Apple Computer, Inc.) C:\Program Files\PictureViewer.exe
2001-06-20 16:34 - 2004-09-23 20:57 - 0233984 _____ (Apple Computer, Inc.) C:\Program Files\QTInfo.exe
2012-02-07 23:35 - 2012-02-07 23:35 - 0796536 _____ (Apple Inc.) C:\Program Files\QTPlugin.ocx
2012-02-07 23:35 - 2012-02-07 23:35 - 0421888 _____ (Apple Inc.) C:\Program Files\qttask.exe
2004-09-23 17:57 - 2004-09-23 17:57 - 0003289 _____ () C:\Program Files\QuickTime Read Me.htm
2001-06-20 16:34 - 2004-09-23 20:57 - 1099776 _____ (Apple Computer, Inc.) C:\Program Files\QuickTimePlayer.exe
2001-06-20 16:34 - 2004-09-23 20:57 - 0147968 _____ (Apple Computer, Inc.) C:\Program Files\QuickTimeUpdater.exe
2001-06-20 16:34 - 2004-09-23 17:55 - 0082395 _____ () C:\Program Files\Sample.mov
2001-06-20 16:34 - 2004-09-23 17:55 - 0029363 _____ () C:\Program Files\Sample.qtif
2015-06-18 15:17 - 2015-06-18 15:17 - 0895304 _____ (Apple Inc.) C:\Program Files (x86)\QTOControl.dll
2015-06-18 15:17 - 2015-06-18 15:17 - 0821576 _____ (Apple Inc.) C:\Program Files (x86)\QTOLibrary.dll
2015-06-18 15:24 - 2015-06-18 15:24 - 0797000 _____ (Apple Inc.) C:\Program Files (x86)\QTPlugin.ocx
2015-06-17 00:23 - 2015-06-17 00:23 - 0421888 _____ (Apple Inc.) C:\Program Files (x86)\QTTask.exe
2015-06-18 15:17 - 2015-06-18 15:17 - 0366920 _____ (Apple Inc.) C:\Program Files (x86)\QTUIPanelControl.dll
2015-06-18 15:16 - 2015-06-18 15:16 - 0006238 _____ () C:\Program Files (x86)\QuickTime Read Me.htm
2015-06-18 15:17 - 2015-06-18 15:17 - 9288008 _____ (Apple Inc.) C:\Program Files (x86)\QuickTimePlayer.dll
2015-06-18 15:24 - 2015-06-18 15:24 - 1235288 _____ (Apple Inc.) C:\Program Files (x86)\QuickTimePlayer.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 0055622 _____ () C:\Program Files (x86)\Sample.mov
2013-11-06 22:44 - 2015-09-30 14:45 - 0004284 _____ () C:\Users\Khaos Dragon\AppData\Roaming\DreamCalc DC4G.dat
2015-09-21 15:18 - 2015-09-21 15:18 - 0002105 _____ () C:\Users\Khaos Dragon\AppData\Roaming\evpro32.prf
2014-03-31 00:53 - 2014-11-12 20:03 - 0009728 _____ () C:\Users\Khaos Dragon\AppData\Roaming\mcp.ico
2009-05-21 18:03 - 2014-03-31 17:04 - 0026710 _____ () C:\Users\Khaos Dragon\AppData\Roaming\UserTile.png
2011-10-22 00:59 - 2014-03-31 17:04 - 0001110 _____ () C:\Users\Khaos Dragon\AppData\Roaming\wabbitemu.gif
2009-11-12 17:13 - 2014-01-20 17:07 - 0003686 _____ () C:\Users\Khaos Dragon\AppData\Roaming\wklnhst.dat
2014-11-12 03:36 - 2014-11-12 03:36 - 0000448 ____H () C:\Users\Khaos Dragon\AppData\Roaming\麽鎒駓覜
2014-08-28 21:52 - 2015-09-25 17:41 - 0005324 _____ () C:\Users\Khaos Dragon\AppData\Local\d3d9caps.dat
2009-05-12 06:06 - 2014-08-02 00:02 - 0019968 _____ () C:\Users\Khaos Dragon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-27 18:25 - 2014-03-31 17:00 - 0551792 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0070768 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_depcheck_VB_EXP_90.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0000624 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_dotnetfx35error.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0371568 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_dotnetfx35install.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0004720 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_error_vb_xcor_90.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 1219696 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_ExpRemoteDbg_x64_MSI422B.txt
2013-11-08 19:36 - 2014-03-31 17:00 - 0306544 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_install_vb_xcor_90.txt
2013-11-08 19:49 - 2014-03-31 17:00 - 2487664 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_MSDNExp_MSI4650.txt
2013-11-08 19:49 - 2014-03-31 17:00 - 0351856 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_SQLCEToolsForVS2007_MSI45EE.txt
2013-11-08 19:48 - 2014-03-31 17:00 - 0379248 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_SSCERuntime_MSI45DE.txt
2015-06-13 15:39 - 2015-06-13 15:39 - 0388594 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI2841.txt
2010-08-09 18:03 - 2014-03-31 17:00 - 0372080 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI2DA9.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0498800 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI5EF5.txt
2011-12-27 18:34 - 2014-03-31 17:00 - 0448368 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI65FF.txt
2011-12-27 18:42 - 2014-03-31 17:00 - 0445296 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI6C5D.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 0387854 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistMSI74B7.txt
2015-06-13 15:39 - 2015-06-13 15:39 - 0014124 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI2841.txt
2010-08-09 18:03 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI2DA9.txt
2014-04-09 17:23 - 2014-04-09 17:23 - 0013328 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI3AB8.txt
2011-12-27 18:25 - 2014-03-31 17:00 - 0012400 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI5EF5.txt
2011-12-27 18:34 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI65FF.txt
2011-12-27 18:42 - 2014-03-31 17:00 - 0012144 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI6C5D.txt
2015-09-11 14:42 - 2015-09-11 14:42 - 0011434 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_vcredistUI74B7.txt
2013-11-08 19:43 - 2014-03-31 17:00 - 0920432 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_VC_MinRed_MSI41FA.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 0220272 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_WinSDK_ExpTools_x64_MSI4280.txt
2013-11-08 19:44 - 2014-03-31 17:00 - 0213872 _____ () C:\Users\Khaos Dragon\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI4297.txt
2010-02-02 23:45 - 2010-02-02 23:45 - 0000100 _____ () C:\Users\Khaos Dragon\AppData\Local\fusioncache.dat
2014-03-25 22:26 - 2014-03-25 22:26 - 0006866 _____ () C:\Users\Khaos Dragon\AppData\Local\recently-used.xbel
2015-08-03 15:56 - 2015-08-03 15:56 - 0136681 _____ () C:\Users\Khaos Dragon\AppData\Local\tmpIMG024(1).JPG
2015-08-03 16:01 - 2015-08-03 16:01 - 0104359 _____ () C:\Users\Khaos Dragon\AppData\Local\tmpIMG025.JPG
2011-12-27 18:25 - 2014-03-31 17:02 - 0011888 _____ () C:\Users\Khaos Dragon\AppData\Local\uxeventlog.txt
2013-11-08 19:44 - 2014-03-31 17:03 - 11415920 _____ () C:\Users\Khaos Dragon\AppData\Local\VSMsiLog42AA.txt

Some files in TEMP:
====================
C:\Users\Khaos Dragon\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-04 13:21

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Khaos Dragon (2015-10-04 14:36:23)
Running from C:\Users\Khaos Dragon\Desktop\Antimalware
Windows Vista Home Premium Service Pack 2 (X64) (2009-04-07 19:58:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2433799625-329232116-3839749839-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2433799625-329232116-3839749839-1002 - Limited - Enabled)
Guest (S-1-5-21-2433799625-329232116-3839749839-501 - Limited - Disabled)
Khaos Dragon (S-1-5-21-2433799625-329232116-3839749839-1000 - Administrator - Enabled) => C:\Users\Khaos Dragon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Activity Tracker (HKLM-x32\...\com.connectionsEducation.activityTracker) (Version: 2.1 - Connections Education, LLC)
Activity Tracker (x32 Version: 2.1 - Connections Education, LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Wonders (HKLM-x32\...\Age of Wonders) (Version:  - )
Age of Wonders II (HKLM-x32\...\Age of Wonders II) (Version:  - )
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Baldur's Gate & Tales of the Sword Coast (HKLM-x32\...\Baldur's Gate & Tales of the Sword Coast) (Version:  - )
Bejeweled (HKLM-x32\...\f35d0f28db1e9b4d3f0556ee3baee42c) (Version:  - GameHouse)
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Circuit Construction Kit (DC Only), Virtual Lab (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Circuit Construction Kit (DC Only), Virtual Lab) (Version:  - University of Colorado, Department of Physics)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DreamCalc DCG4.8.0 (CA2013-2014) (HKLM-x32\...\DreamCalcDC4G_is1) (Version: DCG4.8.0 - Big Angry Dog Ltd)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.10.01.801 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 01.10.01.8011 - Atari, Inc.)
Dungeons and Dragons Online (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\DDO_highres_en) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EverQuest (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
ExamView Pro (HKLM-x32\...\ExamView Pro) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Faraday's Electromagnetic Lab (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Faraday's Electromagnetic Lab) (Version:  - University of Colorado, Department of Physics)
Firefly Online Cortex (HKLM-x32\...\Steam App 343750) (Version:  - Spark Plug Games)
Forces in 1 Dimension (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Forces in 1 Dimension) (Version:  - University of Colorado, Department of Physics)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 2.5.0 - Blue Labs, LLC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.34 (HKLM-x32\...\Glary Utilities 5) (Version: 5.34.0.54 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 Map Editor (HKLM-x32\...\InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}) (Version: 1.00.0000 - Microsoft Game Studios)
Halo 2 Map Editor (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Happy Cloud Client (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP Demo (HKLM-x32\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2431 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{F1568AA6-5982-4AFB-A871-C68E4328BC3B}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1231 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Master of Orion 1 and 2 (HKLM-x32\...\Master of Orion 1 and 2_is1) (Version:  - GOG.com)
Master of Orion 3 (HKLM-x32\...\Master of Orion 3) (Version:  - )
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 12.8.908 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office Professional (HKLM-x32\...\MSOffice) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.363 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{62577E41-C350-3D07-97C8-2B6CDB4BAD60}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM-x32\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
MSN (HKLM-x32\...\MSNINST) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Fusion 2 (HKLM-x32\...\Multimedia Fusion 2) (Version:  - )
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
NPR Radio Toolbar (HKLM-x32\...\NPR_Radio Toolbar) (Version: 6.2.6.0 - NPR Radio)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.11 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Scrabble v2.0 (HKLM-x32\...\Scrabble v2.0) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Sound (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\Sound) (Version:  - University of Colorado, Department of Physics)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
The Lord of the Rings Online™ v03.03.05.8039 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.05.8039 - Turbine, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\UserTestingPlugin) (Version:  - UserTesting.com)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{4C5C54C1-176A-3C75-3BE2-DD8339DB2747}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{934CDBD0-57FF-7C9B-72E2-0127A0DD050C}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{9A3277D1-CDFD-68A2-1636-AAC5E086447A}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2433799625-329232116-3839749839-1000_Classes\CLSID\{F289B241-BA84-EE97-0993-0009F4BBEA70}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)

==================== Restore Points =========================

25-09-2015 18:35:57 Malwarebytes Anti-Rootkit Restore Point
28-09-2015 16:06:51 Scheduled Checkpoint
29-09-2015 19:40:44 Scheduled Checkpoint
30-09-2015 16:20:46 Scheduled Checkpoint
02-10-2015 16:29:25 Scheduled Checkpoint
03-10-2015 20:25:12 Scheduled Checkpoint
03-10-2015 22:45:41 Restore Point Created by FRST
04-10-2015 00:57:17 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B19B4FC-6E0D-4B5F-B71B-0D615F15BADC} - System32\Tasks\{3C5C5E2E-BD7E-4954-BB57-2AAD96A2C6C9} => pcalua.exe -a C:\MSOffice\Access\WRKGADM.EXE -d C:\MSOffice
Task: {2315D411-9C41-482E-A375-3649C3AFBDA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {2CEEB9BF-7216-42B8-B715-808BA0731A03} - System32\Tasks\{9A0766B5-0530-43FC-9B00-00B9AF95A188} => pcalua.exe -a "C:\Users\Khaos Dragon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WB200ME\aow136[1].exe" -d "C:\Users\Khaos Dragon"
Task: {35E7A53D-212A-4803-AF66-F3964540001B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {622F572A-FDDA-4D7F-8FCD-AB67C3A8C9BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {66EE142F-0AAE-4224-8BF4-D75B06D8BB62} - \RecoveryCD -> No File <==== ATTENTION
Task: {6F92FF09-DEC9-4320-94A7-4B8061218B9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.)
Task: {7325BAFF-18A6-44ED-B956-35744BFA7969} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-09-14] (Glarysoft Ltd)
Task: {7DCCFBAE-89B8-4C20-A137-694AE4823A66} - System32\Tasks\{AEB8153F-15FE-49AF-ABBB-72174E6AACF6} => pcalua.exe -a "C:\Users\Khaos Dragon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY8CRG4C\WordViewer2003SP3-KB934736-FullFile-ENU[1].exe" -d "C:\Users\Khaos Dragon\Desktop"
Task: {9E1EFA12-C63E-4D07-9CCF-1DFA2AF2B8B0} - System32\Tasks\{2D042B84-06E4-4D1C-BD2D-0FEE878E52D2} => pcalua.exe -a C:\PROGRA~2\NPR_RA~1\UNWISE.EXE -c   /U C:\PROGRA~2\NPR_RA~1\INSTALL.LOG
Task: {A0028F8C-4E07-4431-B836-4021CC17B785} - System32\Tasks\{41D972CE-089C-40AD-B7BF-2672D74196EC} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net --displayname="Battle.net"
Task: {A073A6EB-7A72-4902-AF4B-D5B295BB62E6} - System32\Tasks\{5B64DB17-8A53-4D3F-A939-5651D1092457} => pcalua.exe -a "C:\Program Files\QuickTimePlayer.exe" -d "c:\program files"
Task: {A3C96975-375E-4E98-B51A-7175BB403A99} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {BA31320E-B2AA-4613-8684-55BCBC5776B4} - System32\Tasks\{C965777B-860E-41DF-ABE7-B90317F61C03} => pcalua.exe -a "E:\Setup VPS.exe" -d E:\
Task: {D53A16D5-5B20-405D-A484-110FB0836E64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16] (Google Inc.)
Task: {D6C4590A-5083-49E2-A7AD-08696DF817A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {E3D6D537-0EC9-4F0F-8AA2-D15F143DAA6A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Khaos Dragon => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {F0AB6685-3BE9-4EFA-BF5D-7D29E74F614B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-09-14] (Glarysoft Ltd)
Task: {F2784252-AA6B-4749-A71A-7A5DE72C8565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job => C:\Users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job => C:\Users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-07 21:23 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2008-12-31 22:26 - 2008-12-31 22:26 - 00074536 ____N () c:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2015-09-07 21:23 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2015-09-07 21:23 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2015-09-07 21:23 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2008-12-15 20:15 - 2008-12-15 20:15 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-02-18 07:23 - 2008-12-03 14:14 - 00034088 _____ () c:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2015-09-14 02:15 - 2015-09-14 02:15 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2433799625-329232116-3839749839-1000\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2433799625-329232116-3839749839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Fast Start.lnk => C:\Windows\pss\Microsoft Office Fast Start.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Find Fast Indexer.lnk => C:\Windows\pss\Microsoft Office Find Fast Indexer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk => C:\Windows\pss\Microsoft Office Shortcut Bar.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Khaos Dragon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Adobe CSS5.1 Manager => C:\Users\Khaos Dragon\AppData\Local\fb82070d-3c61-48b3-9876-1fc7e73ab952ad\fbdcbfceabad.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Khaos Dragon\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: QuickTime Task => "C:\program files\qttask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
MSCONFIG\startupreg: TVAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [sLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles(x86)%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{FC754B08-7AA5-426A-82ED-5BF1CA913858}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{DF4C9DD6-9918-4A87-9116-35937E4DF5BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D880C128-74D1-4ACA-9A93-9F739D296335}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [uDP Query User{17C08194-C7C9-4906-9056-23D664967A02}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{7C2AD7BF-3C43-4E3C-8491-1CA99B4E7B74}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [uDP Query User{87FAEA2D-5937-45DA-9BB0-3838C0070079}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2015 01:15:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 01:27:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 01:25:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (10/04/2015 01:25:07 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (10/04/2015 12:46:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 12:35:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 12:30:08 AM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (10/03/2015 11:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2015 10:45:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {67d38b69-531f-444a-95ca-7a8114dab5e8}

Error: (10/03/2015 09:30:08 PM) (Source: Google Update) (EventID: 20) (User: ClanMoore)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

System errors:
=============
Error: (10/04/2015 02:34:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (10/04/2015 01:17:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/04/2015 01:15:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Anti-Malware Core%%1053

Error: (10/04/2015 01:15:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Anti-Malware Core

Error: (10/04/2015 01:15:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Inc. mfeapfk%%1243

Error: (10/04/2015 01:28:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (10/04/2015 01:27:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Anti-Malware Core%%1053

Error: (10/04/2015 01:27:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Anti-Malware Core

Error: (10/04/2015 01:27:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Inc. mfeapfk%%1243

Error: (10/04/2015 12:59:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Validation Trust Protection Service1

CodeIntegrity:
===================================
  Date: 2015-10-04 13:16:09.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 01:26:37.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:46:19.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:34:58.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:05.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:04.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:03.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:03.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:02.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-04 00:02:01.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 4085.33 MB
Available physical RAM: 2370.84 MB
Total Virtual: 8385.94 MB
Available Virtual: 6576.38 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.91 GB) (Free:178.28 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.85 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=452.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

The infection appears to be back, run the following:

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Download Combofix from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 


Ensure that Combofix is saved directly to the Desktop <--- Very important
 
Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
 
Close any open browsers and any other programs you might have running
 
Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
 
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
 
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
 
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

ComboFix 15-10-01.01 - Khaos Dragon 10/05/2015  15:50:08.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4085.2550 [GMT -4:00]
Running from: c:\users\Khaos Dragon\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Khaos Dragon\AppData\Roaming\.#
c:\users\Khaos Dragon\AppData\Roaming\FrameworkUpdate7
c:\users\Khaos Dragon\g2mdlhlpx.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\ir41_qc.dll.new00
c:\windows\SysWow64\ir41_qcx.dll.new00
c:\windows\SysWow64\ir50_qc.dll.new00
c:\windows\SysWow64\ir50_qcx.dll.new00
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\winhelp.ini
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-05 to 2015-10-05  )))))))))))))))))))))))))))))))
.
.
2015-10-02 22:29 . 2015-10-02 22:29 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-02 22:29 . 2015-10-02 23:19 -------- d-----w- c:\programdata\RogueKiller
2015-10-02 22:15 . 2015-10-04 18:37 -------- d-----w- C:\FRST
2015-09-25 21:41 . 2015-09-25 21:41 41080 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-09-23 20:31 . 2015-09-23 20:31 -------- d-----w- c:\program files\HitmanPro
2015-09-23 20:30 . 2015-09-23 20:52 -------- d-----w- c:\programdata\HitmanPro
2015-09-21 19:08 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe
2015-09-21 19:08 . 2015-09-21 19:08 -------- d-----w- C:\ExamView
2015-09-08 01:26 . 2007-01-19 22:24 25312 ----a-r- c:\windows\system32\drivers\SCMNdisP.sys
2015-09-08 01:23 . 2011-12-12 21:37 1229568 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys
2015-09-08 01:23 . 2011-03-31 01:54 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2015-09-08 01:23 . 2011-03-31 01:51 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2015-09-08 01:23 . 2011-03-31 01:51 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2015-09-08 01:23 . 2006-11-02 12:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2015-09-08 01:23 . 2015-09-08 01:23 -------- d-----w- c:\program files (x86)\NETGEAR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-05 20:13 . 2014-07-11 02:49 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-12 00:45 . 2012-04-02 18:35 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-12 00:45 . 2011-05-13 04:54 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-31 22:45 . 2015-09-22 05:39 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F734FFC3-3B4E-4A3D-B5EF-E9C09F3841E9}\mpengine.dll
2015-08-26 22:37 . 2006-11-02 12:35 134753440 ----a-w- c:\windows\system32\mrt.exe
2015-07-25 23:10 . 2014-04-03 21:53 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-18 19:24 . 2015-06-18 19:24 797000 ----a-w- c:\program files (x86)\QTPlugin.ocx
2015-06-18 19:24 . 2015-06-18 19:24 1235288 ----a-w- c:\program files (x86)\QuickTimePlayer.exe
2015-06-18 19:17 . 2015-06-18 19:17 9288008 ----a-w- c:\program files (x86)\QuickTimePlayer.dll
2015-06-18 19:17 . 2015-06-18 19:17 366920 ----a-w- c:\program files (x86)\QTUIPanelControl.dll
2015-06-18 19:17 . 2015-06-18 19:17 895304 ----a-w- c:\program files (x86)\QTOControl.dll
2015-06-18 19:17 . 2015-06-18 19:17 821576 ----a-w- c:\program files (x86)\QTOLibrary.dll
2015-06-17 04:23 . 2015-06-17 04:23 421888 ----a-w- c:\program files (x86)\QTTask.exe
2012-02-08 03:35 . 2012-02-08 03:35 421888 ----a-w- c:\program files\qttask.exe
2012-02-08 03:35 . 2012-02-08 03:35 796536 ----a-w- c:\program files\QTPlugin.ocx
2004-09-24 00:57 . 2001-06-20 20:34 147968 ----a-w- c:\program files\QuickTimeUpdater.exe
2004-09-24 00:57 . 2001-06-20 20:34 298496 ----a-w- c:\program files\PictureViewer.exe
2004-09-24 00:57 . 2001-06-20 20:34 233984 ----a-w- c:\program files\QTInfo.exe
2004-09-24 00:57 . 2001-06-20 20:34 1099776 ----a-w- c:\program files\QuickTimePlayer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1555968]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-09-14 37152]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2015-06-02 602880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2015-9-7 8453376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"QuickTime Task"="c:\program files (x86)\QTTask.exe" -atboottime
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
- c:\users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 01:25]
.
2015-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
- c:\users\Khaos Dragon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 01:25]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:11]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:11]
.
2015-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000Core.job
- c:\users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16 22:57]
.
2015-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2433799625-329232116-3839749839-1000UA.job
- c:\users\Khaos Dragon\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-16 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-27 154648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-27 202264]
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: driversupport.com\apps
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Malwarebytes' Anti-Malware - c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Circuit Construction Kit (DC Only), Virtual Lab - c:\windows\system32\javaws.exe
AddRemove-Faraday's Electromagnetic Lab - c:\windows\system32\javaws.exe
AddRemove-Forces in 1 Dimension - c:\windows\system32\javaws.exe
AddRemove-Sound - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Glary Utilities 5\Integrator.exe
c:\program files (x86)\Hewlett-Packard\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2015-10-05  16:22:55 - machine was rebooted
ComboFix-quarantined-files.txt  2015-10-05 20:22
.
Pre-Run: 185,109,356,544 bytes free
Post-Run: 184,444,985,344 bytes free
.
- - End Of File - - 3B00F6715654DA04C78C6AF4BE29985F
03BA8F890B47C0BE359A4D5A636D214D
 

Link to post
Share on other sites

Thanks for that log, we seem to have made progress. Continue please:

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/5/2015
Scan Time: 7:22:53 PM
Logfile: MBAM scan log Monday Eve.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.05.07
Rootkit Database: v2015.10.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Khaos Dragon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418018
Time Elapsed: 29 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Khaos Dragon [Administrator]
Started from : C:\Users\Khaos Dragon\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/05/2015 20:24:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : http://home.microsoft.com/search/lobby/search.asp  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://home.microsoft.com/search/search.asp  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2433799625-329232116-3839749839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 61c3243436e0d0ecb8e0a76c980138d9
[bSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463782 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 949827060 | Size: 13154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

Link to post
Share on other sites

Infection is not back, we make good progress. Continue please:

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Post those logs, also let me know if there are any remaining issues or concerns....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

# AdwCleaner v5.008 - Logfile created 06/10/2015 at 13:54:52
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Local]
# Operating system : Windows Vista Home Premium Service Pack 2 (x64)
# Username : Khaos Dragon - CLANMOORE
# Running from : C:\Users\Khaos Dragon\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

*************************

C:\AdwCleanerDebug.txt - [55 bytes] - [05/12/2014 18:42:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [736 bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows Vista Home Premium x64
Ran by Khaos Dragon on Tue 10/06/2015 at 14:06:51.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\Khaos Dragon\AppData\Roaming\mozilla\firefox\profiles\r3g4m4ed.default\minidumps [22 files]

 

~~~ Chrome

[C:\Users\Khaos Dragon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Khaos Dragon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Khaos Dragon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Khaos Dragon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/06/2015 at 14:13:46.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sun Oct 04 01:08:32 2015

Engine: 1.1.12002.0
Signatures: 1.205.646.0

Quick Scan Results:
-------------------
Threat Detected: Ransom:Win32/Crowti, for cleaning, the system needs to be restarted.
  Action: Remove, Result: 0x00000000
    regkey://HKCU@S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MozillaPlugins\thehappycloud.com/HappyCloudPlugin
    regkey://HKCU@S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin
    firefoxplugins://HKCU@S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MozillaPlugins\thehappycloud.com/HappyCloudPlugin
    firefoxplugins://HKCU@S-1-5-21-2433799625-329232116-3839749839-1000\SOFTWARE\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\moz-safe-about+home\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\chrome\idb\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\chrome\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\default\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\Users\Khaos Dragon\AppData\Local\Facebook\Video\Skype\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    file://C:\ProgramData\HappyCloud\Application\DECRYPT_INSTRUCTION.HTML->(UTF-16LE)
        SigSeq: 0x000010800ED49F98
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\moz-safe-about+home\idb\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\moz-safe-about+home\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\chrome\idb\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\permanent\chrome\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\default\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\storage\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\r3g4m4ed.default\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\Default\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\User Data\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Local\Google\Chrome\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\Users\Khaos Dragon\AppData\Local\Facebook\Video\Skype\DECRYPT_INSTRUCTION.HTML
    containerfile://C:\ProgramData\HappyCloud\Application\DECRYPT_INSTRUCTION.HTML

Results Summary:
----------------
Found Ransom:Win32/Crowti, for cleaning, the system needs to be restarted.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Oct 04 01:25:06 2015

Return code: 10 (0xa)
Failed to submit MAPS report: 0x83760002

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Tue Oct 06 13:45:54 2015

Engine: 1.1.12002.0
Signatures: 1.205.646.0
Failed to submit clean hearbeat MAPS report: 0x83760002
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 06 13:46:18 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Tue Oct 06 14:18:01 2015

Engine: 1.1.12002.0
Signatures: 1.205.646.0

Link to post
Share on other sites

I want you to run MRST again as follows:

 

Double-click run it again.

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

It may take several hours this time...
 

Link to post
Share on other sites

Yes the full scan is very thorough, it has found  and removed two very nasty infections....

 

Results Summary:
----------------
Found Ransom:Win32/Crowti and Removed!
Found Backdoor:Win32/Vawtrak and Removed!

 

What is the current status of your system, any remaining issues or concerns.....

 

Link to post
Share on other sites

Thanks for the update, run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe
 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.