TechSpot

Malwarebytes found PUPs

By Rakshata
Jan 11, 2015
  1. I'm a little worried, that my Malwarebytes found a couple of PUPs. I removed those with Malwarebytes but want to see if my computer is infected.

    Here are my Malwarebytes and DDS logs.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/01/2015
    Scan Time: 6:30:11 PM
    Logfile: malwarebytes scan log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.10.18
    Rootkit Database: v2015.01.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: Choko

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 566040
    Time Elapsed: 5 hr, 17 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 11.25.2
    Run by Choko at 17:20:44 on 2015-01-11
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.746 [GMT -5:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Gizmo Project\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wermgr.exe
    C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\choko\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] \HWSetup.exe hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [Plantronics MyHeadset Updater] c:\program files\plantronics\myheadsetupdater\MyHeadsetUpdater.exe
    mRun: [PLTSpokes.exe] c:\program files\plantronics\spokes3g\PLTSpokes.exe -min
    dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.kccsoft.com/authorware_web_files/awswaxd.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: NameServer = 64.71.255.204 64.71.255.198
    TCP: Interfaces\{53EDBA1B-E333-4612-98D7-50EB97FE9D02} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{85A34A61-8334-4386-9C0F-5AE90BDE5EFC} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} : DHCPNameServer = 64.71.255.204 64.71.255.198
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\choko\appdata\roaming\mozilla\firefox\profiles\iav4g5c1.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\users\choko\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
    FF - ExtSQL: !HIDDEN! 2010-05-03 21:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-26 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-26 206248]
    R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2014-6-15 17200]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-5-26 787800]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-5-26 423784]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-31 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-26 70384]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-12-20 50344]
    R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2014-6-1 8364848]
    R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-10-5 242728]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-12-8 91392]
    R3 DisplayLinkUsbIo;DisplayLinkUsbIo;c:\windows\system32\drivers\DisplayLinkUsbIo_7.6.55673.0.sys [2014-6-15 38192]
    R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2014-6-15 370480]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-19 18848]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1036104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-1-10 114904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2015-01-10 23:20:48 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-10 23:20:03 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-10 23:20:03 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-10 23:20:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-10 23:20:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-01-10 07:35:01 -------- d-----w- c:\users\choko\appdata\roaming\OpenOffice
    2015-01-10 04:25:53 -------- d-----w- c:\program files\OpenOffice 4
    2015-01-08 03:04:04 -------- d-----w- c:\program files\Canon
    2014-12-27 23:17:19 -------- d-----w- C:\vlc-2.1.5-win32
    2014-12-27 01:15:23 -------- d-----w- c:\users\choko\appdata\roaming\addpcs
    2014-12-26 23:22:03 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2014-12-26 23:22:03 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2014-12-26 23:22:03 297808 ----a-w- c:\windows\system32\mscoree.dll
    2014-12-26 23:22:03 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2014-12-26 23:22:03 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2014-12-26 23:17:10 -------- d-----w- c:\program files\Temp File Cleaner
    2014-12-26 22:01:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7797321-2637-4a25-8b45-028f0633a51d}\offreg.dll
    2014-12-26 21:32:52 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7797321-2637-4a25-8b45-028f0633a51d}\mpengine.dll
    2014-12-26 21:08:11 284160 ----a-w- c:\windows\system32\mvhlewsi.DLL
    2014-12-26 21:08:06 1511424 ----a-w- c:\windows\system32\HP1100SM.EXE
    2014-12-26 21:08:03 151552 ----a-w- c:\windows\system32\SET4791.tmp
    2014-12-26 21:08:03 151552 ----a-w- c:\windows\system32\HP1100LM.DLL
    2014-12-26 21:06:09 473088 ----a-w- c:\windows\system32\secproc_isv.dll
    2014-12-26 21:06:09 472576 ----a-w- c:\windows\system32\secproc.dll
    2014-12-26 21:06:07 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2014-12-26 21:06:06 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2014-12-26 21:06:06 515584 ----a-w- c:\windows\system32\RMActivate.exe
    2014-12-26 21:06:06 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2014-12-26 21:06:04 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2014-12-26 21:06:04 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
    2014-12-26 21:06:03 312320 ----a-w- c:\windows\system32\msdrm.dll
    2014-12-21 22:00:32 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HP1100PP.dll
    2014-12-21 22:00:31 -------- d-----w- c:\program files\HP
    2014-12-21 00:44:19 43152 ----a-w- c:\windows\avastSS.scr
    .
    ==================== Find3M ====================
    .
    2014-12-21 00:45:24 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-12-21 00:44:22 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-12-21 00:44:22 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-12-21 00:44:22 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-12-21 00:44:22 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-12-09 23:28:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-09 23:28:22 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-08 21:03:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-24 19:04:58 229000 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 17:21:56.97 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 03/01/2008 3:14:17 PM
    System Uptime: 11/01/2015 3:29:36 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | ISKAA
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 174 GiB total, 37.499 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 5.102 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 1863 GiB total, 1406.144 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    ALPS Touch Pad Driver
    Audacity 1.3.13 (Unicode)
    Avanquest update
    Avast Free Antivirus
    Budget Dialup Software
    Camera Assistant Software for Toshiba
    Canon MF Toolbox 4.9.1.1.mf17
    CD/DVD Drive Acoustic Silencer
    Classic PhoneTools
    Clearpointel
    Dell Voice
    Desktop eForms
    DisplayLink Core Software
    DisplayLink Graphics
    Documents To Go
    DVD MovieFactory for TOSHIBA
    Foxit Cloud
    Foxit Reader
    Freephoneline
    Gizmo5
    Google Chrome
    Google Drive
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iCall
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Java 8 Update 25
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) SE Runtime Environment 6
    Kensington Display Adapter
    Kensington Universal Notebook Docking Station with VGA and DVI
    KONICA MINOLTA PagePro 1350W
    LAME v3.98.3 for Audacity
    Malwarebytes Anti-Malware version 2.0.4.1028
    mCore
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XML Parser
    mMHouse
    MotoConnect
    Motorola Driver Installation 4.5.0
    Motorola Phone Tools
    Mozilla Firefox 34.0.5 (x86 en-US)
    Mozilla Maintenance Service
    mPfMgr
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    OnlinePlay 1.0
    OpenOffice 4.1.1
    Palm Desktop by ACCESS
    PC Connectivity Solution
    Peak Scanner Software v1.0
    Plantronics CSR Driver (32-bit)
    Plantronics CsrDfu Installer
    Plantronics HidDfu Installer
    Plantronics MyHeadset Updater
    Plantronics MyHeadset Updater Device Handlers (32-bit)
    Plantronics MyHeadset Updater DFU Handlers (32-bit)
    Plantronics MyHeadset Updater Install Check
    Plantronics MyHeadset Updater MLS
    Plantronics MyHeadset Updater Runtime
    Plantronics MyHeadset Updater Startup
    POP Peeper
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Recover Files 2.1
    reminder
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Media Encoder (KB954156)
    Skype Click to Call
    Skype™ 6.18
    SMPlayer 0.6.7
    StudioTax 2011
    StudioTax 2012
    StudioTax 2013
    Synaptics Pointing Device Driver
    Temp File Cleaner
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Utility Common Driver
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebWasher
    Winamp
    Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0)
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Encoder 9 Series
    WinRAR archiver
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Thanks for the quick reply. Here are the logs.

    RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6000 ) 32 bits version
    Started in : Normal mode
    User : Choko [Administrator]
    Mode : Delete -- Date : 01/11/2015 18:38:58

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\Choko\AppData\Local\Temp\mbr.sys) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\Choko\AppData\Local\Temp\mbr.sys) -> Not selected
    [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
    [ShwSSDT:Addr(Hook.Shadow)] NtUserEnumDisplayDevices[384] : C:\Windows\system32\drivers\dlkmd.sys @ 0x8d047d90

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] ea82cb3fd7f69bc7e2f0ec5425eaaa1d
    [BSP] 0b960a35c0c553641f1a7322b803b43a : HP MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 177798 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 367204352 | Size: 6020 MB
    3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 379533312 | Size: 5463 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
    --- User ---
    [MBR] 7a4ec4e08b9c0b7774c61db295f91382
    [BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_01112015_183619.log

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2015.01.11.11

    Windows Vista x86 NTFS
    Internet Explorer 8.0.6001.18904
    Choko :: GUNDAM [administrator]

    11/01/2015 6:57:35 PM
    mbar-log-2015-01-11 (18-57-35).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 362299
    Time elapsed: 43 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6000 Windows Vista x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18904

    Java version: 1.6.0_16

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 1.495000 GHz
    Memory total: 2136801280, free: 1015390208

    Could not load protection driver
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6000 Windows Vista x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18904

    Java version: 1.6.0_16

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 1.495000 GHz
    Memory total: 2136801280, free: 1016266752

    Could not load protection driver
    Downloaded database version: v2013.05.27.06
    Downloaded database version: v2013.05.22.01
    Initializing...
    ------------ Kernel report ------------
    05/27/2013 14:35:42
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\system32\DRIVERS\LPCFilter.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\Lbd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\dlkmdldr.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\system32\drivers\dlkmd.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtlh86.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\drivers\tifm21.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\AswRdr.SYS
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\wdcsam.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8e3377c8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000071\
    Lower Device Object: 0xffffffff8e31d570
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff863bc440
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff85201030
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff863bc440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff863bc148, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff863bc440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff8520fb60, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85201030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A6F84945

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 364130304
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 367204352 Numsec = 12328960

    Partition 3 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 379533312 Numsec = 11188224
    Partition is not bootable
    Hidden partition VBR is not infected.

    Disk Size: 200049647616 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8e3377c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8d0aa020, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8e3377c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff8e31d570, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5F107

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000365289472 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_3074048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_3_379533312_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6000 Windows Vista x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18904

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 1.496000 GHz
    Memory total: 2136801280, free: 857927680

    Could not load protection driver
    Downloaded database version: v2015.01.11.11
    Downloaded database version: v2015.01.07.01
    Downloaded database version: v2014.12.06.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    01/11/2015 18:57:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\system32\DRIVERS\LPCFilter.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\Lbd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\dlkmdldr.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\system32\drivers\dlkmd.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtlh86.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\drivers\tifm21.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\drivers\aswTdi.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\wdcsam.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \??\C:\Users\Choko\AppData\Local\Temp\mbr.sys
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff86f4aad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000006c\
    Lower Device Object: 0xffffffff86c00ce0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86786ad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff85615030
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86786ad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86683188, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86786ad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff855f5518, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85615030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A6F84945

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 364130304
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 367204352 Numsec = 12328960

    Partition 3 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 379533312 Numsec = 11188224
    Partition is not bootable
    Hidden partition VBR is not infected.

    Disk Size: 200049647616 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff86f4aad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8e7cea58, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86f4aad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff86c00ce0, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5F107

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000365289472 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-379533312-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Here is the Combofix.txt log.

    ComboFix 15-01-08.01 - Choko 11/01/2015 22:14:16.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.942 [GMT -5:00]
    Running from: c:\users\Choko\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\bszip.dll
    c:\windows\system32\SET4791.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-12 to 2015-01-12 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-01-11 23:22 . 2015-01-11 23:22 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-01-11 23:22 . 2015-01-11 23:22 -------- d-----w- c:\programdata\RogueKiller
    2015-01-10 23:20 . 2015-01-11 23:57 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-10 23:20 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-10 23:20 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-10 23:20 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-10 23:20 . 2015-01-10 23:20 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-01-10 07:35 . 2015-01-10 07:35 -------- d-----w- c:\users\Choko\AppData\Roaming\OpenOffice
    2015-01-10 04:25 . 2015-01-10 04:26 -------- d-----w- c:\program files\OpenOffice 4
    2015-01-08 03:05 . 2015-01-08 03:05 -------- d-----w- c:\users\Choko\AppData\Roaming\Canon
    2015-01-08 03:04 . 2015-01-08 03:04 -------- d-----w- c:\program files\Canon
    2014-12-27 23:26 . 2015-01-12 01:48 -------- d-----w- c:\users\Choko\AppData\Roaming\vlc
    2014-12-27 23:17 . 2014-12-27 23:17 -------- d-----w- C:\vlc-2.1.5-win32
    2014-12-27 01:15 . 2014-12-27 01:15 -------- d-----w- c:\users\Choko\AppData\Roaming\addpcs
    2014-12-26 23:24 . 2014-12-26 23:24 -------- d-----w- c:\program files\Microsoft.NET
    2014-12-26 23:22 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2014-12-26 23:22 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2014-12-26 23:22 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2014-12-26 23:22 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2014-12-26 23:22 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2014-12-26 23:17 . 2014-12-26 23:27 -------- d-----w- c:\program files\Temp File Cleaner
    2014-12-26 22:01 . 2014-12-26 22:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7797321-2637-4A25-8B45-028F0633A51D}\offreg.dll
    2014-12-26 21:32 . 2014-12-15 09:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7797321-2637-4A25-8B45-028F0633A51D}\mpengine.dll
    2014-12-26 21:08 . 2012-08-31 20:10 284160 ----a-w- c:\windows\system32\mvhlewsi.DLL
    2014-12-26 21:08 . 2012-08-31 20:01 1511424 ----a-w- c:\windows\system32\HP1100SM.EXE
    2014-12-26 21:08 . 2012-08-31 20:01 151552 ----a-w- c:\windows\system32\HP1100LM.DLL
    2014-12-26 21:06 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
    2014-12-26 21:06 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
    2014-12-26 21:06 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2014-12-26 21:06 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
    2014-12-26 21:06 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2014-12-26 21:06 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2014-12-26 21:06 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2014-12-26 21:06 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
    2014-12-26 21:06 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
    2014-12-21 22:00 . 2012-08-31 20:01 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1100PP.dll
    2014-12-21 22:00 . 2014-12-21 22:00 -------- d-----w- c:\program files\HP
    2014-12-21 00:44 . 2014-12-21 00:44 291352 ----a-w- c:\windows\system32\aswBoot.exe
    2014-12-21 00:44 . 2014-12-21 00:44 43152 ----a-w- c:\windows\avastSS.scr
    2014-12-20 03:30 . 2014-12-20 03:30 -------- d-----w- c:\users\Choko\AppData\Roaming\dvdcss
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-21 00:45 . 2013-05-26 23:04 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-12-21 00:45 . 2013-05-26 23:04 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-12-21 00:44 . 2014-05-31 19:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-12-21 00:44 . 2013-05-26 23:04 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
    2014-12-21 00:44 . 2013-05-26 23:04 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2014-12-21 00:44 . 2013-05-26 23:04 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-12-21 00:44 . 2013-05-26 23:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-12-21 00:44 . 2013-05-26 23:04 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-12-09 23:28 . 2013-05-27 19:27 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-09 23:28 . 2011-12-11 22:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-08 21:03 . 2014-05-31 19:09 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-24 19:04 . 2010-03-29 18:49 229000 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-12-21 00:43 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
    "POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HWSetup"="\HWSetup.exe hwSetUP" [X]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-12 528832]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
    "Plantronics MyHeadset Updater"="c:\program files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe" [2014-08-28 79872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-12 669936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2007-04-11 00:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
    2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
    2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:11]
    .
    2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-27 23:28]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
    .
    2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
    .
    2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job
    - c:\users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 07:34]
    .
    2015-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job
    - c:\users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 07:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: kccsoft.com\www
    TCP: DhcpNameServer = 64.71.255.204 64.71.255.198
    DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    FF - ProfilePath - c:\users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\
    FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - ExtSQL: !HIDDEN! 2010-05-03 21:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-PLTSpokes.exe - c:\program files\Plantronics\Spokes3G\PLTSpokes.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-11 22:29
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-01-11 22:33:46
    ComboFix-quarantined-files.txt 2015-01-12 03:33
    .
    Pre-Run: 43,196,678,144 bytes free
    Post-Run: 43,169,140,736 bytes free
    .
    - - End Of File - - 4A3609A18FA681332B3C2B2F7E1310CA
    5B5E648D12FCADC244C1EC30318E1EB9
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    When I run adwcleaner, the program just hangs. The status bar stays empty, and there is a message that says "Pending. Please uncheck elements you don't want to remove." It has been like that for the past couple hours. The "Scan" button is still greyed out and the computer did not reboot.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Restart computer and see if any log will pop-up.
    If not re-run AdwCleaner.
     
  9. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Here are the logs AdwCleaner[S0].txt and JRT.txt

    # AdwCleaner v4.107 - Report created 12/01/2015 at 18:25:34
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-12.3 [Live]
    # Operating System : Windows Vista (TM) Home Premium (32 bits)
    # Username : Choko - GUNDAM
    # Running from : C:\Users\Choko\Desktop\adwcleaner_4.107.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\invalidprefs.js
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
    File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKLM\SOFTWARE\PIP

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18904


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    -\\ Google Chrome v

    [C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={28CD8B4F-72EA-4CF8-9597-4244A69D1C1C}&mid=b85ca0c2db24daf9e6d30712da699332-dacaf78502bcdf16d8bfade8c05fba9e10c4dadf&lang=us&ds=AVG&pr=fr&d=2012-02-14 11:55:32&v=10.0.0.7&sap=dsp&q={searchTerms}
    [C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4295 octets] - [12/01/2015 15:29:21]
    AdwCleaner[R1].txt - [3037 octets] - [12/01/2015 18:17:14]
    AdwCleaner[S0].txt - [2994 octets] - [12/01/2015 18:25:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3054 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Choko on 12/01/2015 at 18:33:56.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Choko\AppData\Roaming\mozilla\firefox\profiles\iav4g5c1.default\prefs.js

    user_pref("socialfixer.100000713777621/cached_content/tips_pagelet", "{\"expires_on\":1372450440082,\"content\":[{\"id\":101,\"content\":\"<div style=\\\"border:2px solid #ccc
    Emptied folder: C:\Users\Choko\AppData\Roaming\mozilla\firefox\profiles\iav4g5c1.default\minidumps [119 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/01/2015 at 18:38:52.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    And FRST.log Part I

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
    Ran by Choko (administrator) on GUNDAM on 12-01-2015 18:48:46
    Running from C:\Users\Choko\Desktop
    Loaded Profile: Choko (Available profiles: Choko & Guest)
    Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Agere Systems) C:\Windows\System32\agrsmsvc.exe
    (Apple Computer, Inc.) C:\Program Files\Gizmo Project\mDNSResponder.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    (Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\wermgr.exe
    () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
    HKLM\...\Run: [Ad-Watch] => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832 2011-06-11] (Lavasoft)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
    HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
    HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
    HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
    HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [79872 2014-08-28] (Plantronics)
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-19] (Google Inc.)
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
    HKU\S-1-5-18\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1232896 2008-03-26] (Time Information Services Ltd.)
    HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe [669936 2011-06-11] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    BootExecute: autocheck autochk * lsdelete

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-4288754783-205699008-1328246205-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.com/authorware_web_files/awswaxd.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default
    FF DefaultSearchEngine: Startpage HTTPS
    FF SelectedSearchEngine: Startpage HTTPS
    FF Homepage: about:blank
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
    FF Plugin HKU\S-1-5-21-4288754783-205699008-1328246205-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-4288754783-205699008-1328246205-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\searchplugins\startpage-https.xml
    FF Extension: WOT - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
    FF Extension: Social Fixer - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\socialfixer@mattkruse.com.xpi [2015-01-03]
    FF Extension: Adblock Plus - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-03]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-26]

    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> startpage.com
    CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english_uk
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-17]
    CHR Extension: (Google Drive) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
    CHR Extension: (YouTube) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
    CHR Extension: (Google Search) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
    CHR Extension: (Avast Online Security) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
    CHR Extension: (Skype Click to Call) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-17]
    CHR Extension: (Google Wallet) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR Extension: (Gmail) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
    CHR StartMenuInternet: Google Chrome - C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software)
    R2 Bonjour Service; C:\Program Files\Gizmo Project\mDNSResponder.exe [229376 2006-07-06] (Apple Computer, Inc.) [File not signed]
    R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8364848 2014-06-01] (DisplayLink Corp.)
    R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
    R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1036104 2011-06-11] (Lavasoft)
    R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
    S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
    S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
    R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation) [File not signed]
    R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
    R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-20] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-20] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-20] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-20] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-20] ()
    S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [31744 2014-08-28] (CSR plc.)
    R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys [38192 2014-06-15] ()
    R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [370480 2014-06-01] (DisplayLink Corp.)
    R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [17200 2014-06-01] (DisplayLink Corp.)
    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-04-27] (Lavasoft AB)
    R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
    S2 MLPTDR_Q; C:\Windows\system32\MLPTDR_Q.sys [18848 2004-11-19] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed]
    S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
    S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider)
    R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Choko\AppData\Local\Temp\catchme.sys [X]

    ========================== Drivers MD5 =======================

    C:\Windows\System32\drivers\acpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
    C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
    C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Apfiltr.sys 7C2F57BCE81FA74933F0E1C84A97C9DB
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA
    C:\Windows\system32\drivers\aswMonFlt.sys 73A9014A9C4B19AA093DA05ED4246E27
    C:\Windows\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378E
    C:\Windows\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391
    C:\Windows\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D
    C:\Windows\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6
    C:\Windows\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9
    C:\Windows\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CmBatt.sys ED97AD3DF1B9005989EAF149BF06C821
    C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
    C:\Windows\System32\DRIVERS\compbatt.sys 722936AFB75A7F509662B69B5632F48A
    C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\csrbcx86.sys B2B3B745800CFF7F3739B00754EE34DA
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys D0F4E3FA1FE197F4C91C3E862A112585
    C:\Windows\system32\drivers\dlkmd.sys 61140F48B01A243A5042D668AA0AE0A2
    C:\Windows\System32\drivers\dlkmdldr.sys 1FD366F125EC85453133F9198ACB83F7
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Fs_Rec.sys ==> MD5 is legit
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys 01E7971E9F4BD6AC6A08DB52D0EA0418
    C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\iaStor.sys FD7F9D74C2B35DBDA400804A3F5ED5D8
    C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\igdkmd32.sys 038815297078D236D8CC064C295A74C6
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHDA.sys 0F16D98C3AF2138FABFA20ADDE4E01FE
    C:\Windows\System32\drivers\intelide.sys 988981C840084F480BA9E3319CEBDE1B
    C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Lbd.sys 419590EBE7855215BB157EA0CF0D0531
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\LPCFilter.sys 515FC18CABEE0158A324B08B1C2667CF
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\MLPTDR_Q.sys B39BF953A3A304A2D12751692EC355A0
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\motmodem.sys 54FEE02961C70FD9D4D7E2F87AFA23FA
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys FFFE00134C554E113EE186EEDDB0FF30
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NETw3v32.sys A15F219208843A5A210C8CB391384453
    C:\Windows\System32\DRIVERS\NETw4v32.sys 6522DD40A5F67CED020BD81B856613FB
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ccdcmb.sys 65AC8BAA2F916EE9203EE48D7FCEE605
    C:\Windows\System32\drivers\ccdcmbo.sys 29AF182734A247240D89A0FE63DBEF03
    C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Ntfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
    C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\drivers\PalmUSBD.sys DC450992EBA6F914080C1F7FBEEED72C
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pccsmcfd.sys 175CC28DCF819F78CAA3FBD44AD9E52A
    C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
    C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
    C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys 6C359AC71D7B550A0D41F9DB4563CE05
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\RDPWD.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Rtlh86.sys 5163F804256DEB8CF1EF64B780A18CAA
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\sdbus.sys BCCA63A3D143938273A3158757389DC7
    C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\sffdisk.sys 5381BDDF337DC4D4DDF6AA4304462FD4
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\sffp_sd.sys 2883E7A2C362DEB7BE5F43DBDD470BD5
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\SynTP.sys 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99
    C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tifm21.sys E4C85C291DDB3DC5E4A2F227CA465BA6
    C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
    C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tunmp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 2522747BA661514E3770E508CCE45B64
    C:\Windows\System32\drivers\usbaudio.sys F6BF998AE33E3FB6C7D27F0560F1173F
    C:\Windows\System32\DRIVERS\usbccgp.sys 51480458E6E9863F856EBF35AAE801B4
    C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbehci.sys 11FA3ACBF0DE0286829C69E01FE705E4
    C:\Windows\System32\DRIVERS\usbhub.sys 6A7858A38B5105731E219E7C6A238730
    C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
    C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbuhci.sys 4013315FED70A2D293B998CBBA4022EE
    C:\Windows\System32\Drivers\usbvideo.sys 0A6B81F01BC86399482E27E6FDA7B33B
    C:\Windows\System32\DRIVERS\usb8023x.sys DB4721908DAA0383EE82FFE430AEBAE1
    C:\Windows\System32\Drivers\UVCFTR_S.SYS 3B929A72AAEA96DC0150D3A6DA268C89
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7
    C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wpdusb.sys 2D27171B16A577EF14C1273668753485
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-12 18:48 - 2015-01-12 18:49 - 00036059 _____ () C:\Users\Choko\Desktop\FRST.txt
    2015-01-12 18:48 - 2015-01-12 18:49 - 00000000 ____D () C:\FRST
    2015-01-12 18:38 - 2015-01-12 18:38 - 00001069 _____ () C:\Users\Choko\Desktop\JRT.txt
    2015-01-12 18:31 - 2015-01-12 18:31 - 00003134 _____ () C:\Users\Choko\Desktop\AdwCleaner[S0].txt
    2015-01-12 18:06 - 2015-01-12 18:06 - 01115648 _____ (Farbar) C:\Users\Choko\Desktop\FRST.exe
    2015-01-12 18:05 - 2015-01-12 18:05 - 01707939 _____ (Thisisu) C:\Users\Choko\Desktop\JRT.exe
    2015-01-12 15:29 - 2015-01-12 18:25 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 00:16 - 2015-01-12 00:16 - 02191360 _____ () C:\Users\Choko\Desktop\adwcleaner_4.107.exe
    2015-01-11 22:33 - 2015-01-11 22:33 - 00015732 _____ () C:\ComboFix.txt
    2015-01-11 22:10 - 2015-01-11 22:33 - 00000000 ____D () C:\Qoobox
    2015-01-11 22:10 - 2015-01-11 22:33 - 00000000 ____D () C:\ComboFix
    2015-01-11 22:10 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-01-11 22:10 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-01-11 22:10 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-01-11 22:10 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-01-11 20:49 - 2015-01-11 20:50 - 05609736 ____R (Swearware) C:\Users\Choko\Desktop\ComboFix.exe
    2015-01-11 18:50 - 2015-01-11 18:51 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Choko\Desktop\mbar-1.08.2.1001.exe
    2015-01-11 18:39 - 2015-01-11 18:39 - 00003850 _____ () C:\Users\Choko\Desktop\RKreport_DEL_01112015_183858.log
    2015-01-11 18:22 - 2015-01-11 18:22 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-11 18:22 - 2015-01-11 18:22 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-01-11 18:19 - 2015-01-11 18:20 - 15340120 _____ () C:\Users\Choko\Downloads\RogueKiller.exe
    2015-01-11 17:22 - 2015-01-11 17:22 - 00005128 _____ () C:\Users\Choko\Desktop\attach.txt
    2015-01-11 17:22 - 2015-01-11 17:21 - 00015310 _____ () C:\Users\Choko\Desktop\dds.txt
    2015-01-11 15:30 - 2015-01-12 18:27 - 00001460 _____ () C:\Windows\PFRO.log
    2015-01-11 00:00 - 2015-01-11 00:00 - 00688992 ____R (Swearware) C:\Users\Choko\Desktop\dds (1).com
    2015-01-10 18:20 - 2015-01-11 18:57 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-10 18:20 - 2015-01-10 18:20 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-10 18:20 - 2015-01-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-10 18:20 - 2015-01-10 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-10 18:20 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-10 18:20 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-10 18:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-10 18:17 - 2015-01-10 18:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Choko\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-10 03:34 - 2015-01-10 03:34 - 00010240 _____ () C:\Users\Choko\Desktop\Expense Statement Blackberry Pearl.xls
    2015-01-10 02:35 - 2015-01-10 02:35 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\OpenOffice
    2015-01-09 23:29 - 2015-01-09 23:29 - 00000977 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2015-01-09 23:29 - 2015-01-09 23:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2015-01-09 23:25 - 2015-01-09 23:26 - 00000000 ____D () C:\Program Files\OpenOffice 4
    2015-01-09 23:13 - 2015-01-09 23:13 - 00000000 ____D () C:\Users\Choko\Desktop\OpenOffice 4.1.1 (en-GB) Installation Files
    2015-01-09 03:05 - 2015-01-09 03:15 - 00000000 ____D () C:\Users\Choko\Desktop\2015-01-09
    2015-01-08 10:09 - 2015-01-08 10:09 - 00000000 ____D () C:\Users\Choko\Desktop\2015-01-08
    2015-01-07 22:05 - 2015-01-07 22:05 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\Canon
    2015-01-07 22:04 - 2015-01-07 22:04 - 00001824 _____ () C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
    2015-01-07 22:04 - 2015-01-07 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2015-01-07 22:04 - 2015-01-07 22:04 - 00000000 ____D () C:\Program Files\Canon
    2015-01-07 22:00 - 2015-01-07 22:01 - 10452536 _____ () C:\Users\Choko\Downloads\ToolBox_4911mf17_Win_EN.exe
    2014-12-28 17:33 - 2014-12-28 17:33 - 00000661 _____ () C:\Users\Choko\Desktop\vlc - Shortcut.lnk
    2014-12-27 18:26 - 2015-01-11 20:48 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\vlc
    2014-12-27 18:17 - 2014-12-27 18:17 - 00000000 ____D () C:\vlc-2.1.5-win32
    2014-12-27 02:04 - 2014-12-27 02:04 - 00138736 _____ () C:\Windows\Minidump\Mini122714-01.dmp
    2014-12-27 02:04 - 2014-12-27 02:04 - 00000000 ____D () C:\Windows\Minidump
    2014-12-27 02:03 - 2014-12-27 02:04 - 220703336 _____ () C:\Windows\MEMORY.DMP
    2014-12-26 20:15 - 2014-12-26 20:15 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\addpcs
    2014-12-26 18:27 - 2014-12-26 18:27 - 00000833 _____ () C:\Users\Choko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
    2014-12-26 18:27 - 2014-12-26 18:27 - 00000803 _____ () C:\Users\Choko\Desktop\Temp File Cleaner.lnk
    2014-12-26 18:24 - 2014-12-26 18:24 - 00000000 ____D () C:\Program Files\Microsoft.NET
    2014-12-26 18:22 - 2009-11-08 12:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-12-26 18:22 - 2009-11-08 12:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
    2014-12-26 18:22 - 2009-11-08 12:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
    2014-12-26 18:22 - 2009-11-08 12:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
    2014-12-26 18:22 - 2009-11-08 12:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
    2014-12-26 18:17 - 2014-12-26 18:27 - 00000000 ____D () C:\Program Files\Temp File Cleaner
    2014-12-26 16:08 - 2012-08-31 15:10 - 00284160 _____ () C:\Windows\system32\mvhlewsi.DLL
    2014-12-26 16:08 - 2012-08-31 15:01 - 01511424 _____ () C:\Windows\system32\HP1100SM.EXE
    2014-12-26 16:08 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\system32\HP1100LM.DLL
    2014-12-26 16:06 - 2010-01-25 07:58 - 00473088 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2014-12-26 16:06 - 2010-01-25 07:58 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2014-12-26 16:06 - 2010-01-25 07:58 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-12-26 16:06 - 2010-01-25 07:58 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-12-26 16:06 - 2010-01-25 07:56 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-12-26 16:06 - 2010-01-25 03:36 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2014-12-26 16:06 - 2010-01-25 03:36 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-12-26 16:06 - 2010-01-25 03:36 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-12-26 16:06 - 2010-01-25 03:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2014-12-21 17:00 - 2014-12-21 17:00 - 00000000 ____D () C:\Program Files\HP
    2014-12-20 19:45 - 2014-12-20 19:45 - 00001842 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-12-20 19:44 - 2014-12-20 19:44 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-12-20 19:44 - 2014-12-20 19:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-12-20 19:34 - 2014-12-20 19:43 - 133616624 _____ () C:\Users\Choko\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe
    2014-12-19 22:30 - 2014-12-19 22:30 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\dvdcss

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-12 18:47 - 2008-01-13 18:29 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\POP Peeper
    2015-01-12 18:36 - 2008-01-03 15:13 - 01826709 _____ () C:\Windows\WindowsUpdate.log
    2015-01-12 18:28 - 2010-01-30 23:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 18:28 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-12 18:28 - 2006-11-02 07:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 18:28 - 2006-11-02 07:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 18:27 - 2009-03-22 12:39 - 00477564 _____ () C:\aaw7boot.log
    2015-01-12 18:26 - 2006-11-02 08:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-12 18:17 - 2011-09-04 14:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job
    2015-01-12 18:16 - 2013-05-26 18:05 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 17:28 - 2013-11-03 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-11 22:30 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
    2015-01-11 20:14 - 2009-10-22 22:23 - 00000000 ____D () C:\Users\Choko\.smplayer
    2015-01-11 20:06 - 2013-05-27 13:29 - 00000000 ____D () C:\Users\Choko\Desktop\mbar
    2015-01-11 20:06 - 2013-05-27 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-01-11 18:41 - 2008-01-03 12:47 - 00117088 _____ () C:\Users\Choko\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-11 18:21 - 2008-02-10 16:20 - 00000000 ____D () C:\misc
    2015-01-11 17:39 - 2008-02-10 16:37 - 00000000 ____D () C:\sweeps
    2015-01-10 22:11 - 2009-03-21 21:12 - 00000472 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2015-01-10 14:10 - 2006-11-02 07:47 - 00419768 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-10 03:42 - 2008-01-04 11:32 - 00178688 _____ () C:\Users\Choko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-09 23:35 - 2007-09-26 23:39 - 00000000 ____D () C:\Program Files\Microsoft Office
    2015-01-09 23:35 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew
    2015-01-09 23:35 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
    2015-01-09 23:35 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-01-08 11:17 - 2011-09-04 14:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job
    2015-01-08 10:18 - 2006-11-02 05:33 - 00733380 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-31 19:24 - 2009-12-08 00:17 - 00000680 _____ () C:\Users\Choko\AppData\Local\d3d9caps.dat
    2014-12-28 17:33 - 2008-01-06 04:27 - 00000000 ____D () C:\installation files
    2014-12-28 17:05 - 2008-01-04 11:33 - 00000885 _____ () C:\Users\Choko\Desktop\Windows Media Player.lnk
    2014-12-28 17:05 - 2008-01-03 12:46 - 00000915 _____ () C:\Users\Choko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-12-27 01:13 - 2008-02-10 16:03 - 00000000 ____D () C:\cell phone
    2014-12-26 19:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-12-26 19:02 - 2011-09-21 20:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-26 16:26 - 2014-06-22 19:37 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-26 16:13 - 2011-09-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-26 15:29 - 2012-09-08 14:00 - 00000000 ____D () C:\Program Files\VideoLAN
    2014-12-26 14:22 - 2011-07-02 18:58 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\Malwarebytes
    2014-12-26 14:21 - 2011-07-02 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-26 14:21 - 2011-07-02 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-12-21 17:00 - 2008-01-03 12:46 - 00000000 ____D () C:\Users\Choko
    2014-12-21 16:54 - 2011-04-25 11:27 - 00000000 ____D () C:\financial
    2014-12-20 19:45 - 2013-05-26 18:04 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-12-20 19:45 - 2013-05-26 18:04 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-12-20 19:44 - 2014-05-31 14:15 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-12-20 19:44 - 2013-05-26 18:04 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-12-20 19:44 - 2013-05-26 18:04 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-12-20 19:44 - 2013-05-26 18:04 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2014-12-20 19:44 - 2013-05-26 18:04 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
    2014-12-20 19:44 - 2013-05-26 18:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

    Some content of TEMP:
    ====================
    C:\Users\Choko\AppData\Local\temp\Quarantine.exe
    C:\Users\Choko\AppData\Local\temp\sqlite3.dll
     
  11. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    And FRST.txt part II

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {e48455a6-6c95-11dc-8303-0016d4f6297d}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
    device ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    path \windows\system32\boot\winload.exe
    description Windows Recovery Environment
    osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    systemroot \windows
    nx OptIn
    detecthal Yes
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Microsoft Windows Vista
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {e48455a6-6c95-11dc-8303-0016d4f6297d}
    nx OptIn

    Resume from Hibernate
    ---------------------
    identifier {e48455a6-6c95-11dc-8303-0016d4f6297d}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    pae Yes
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    Windows Legacy OS Loader
    ------------------------
    identifier {ntldr}
    device unknown
    path \ntldr
    description Earlier Version of Windows

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
    description Ramdisk Device Options
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \boot.sdi



    LastRegBack: 2015-01-12 18:34

    ==================== End Of Log ============================
     
  12. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    And Addition.txt Part I

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
    Ran by Choko at 2015-01-12 18:50:20
    Running from C:\Users\Choko\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft)
    Ad-Aware (Version: 8.0.0 - Lavasoft) Hidden
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.0.301.4 - ALPS ELECTRIC CO., LTD)
    Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
    Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.23 - Avanquest Software)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Budget Dialup Software (HKLM\...\Budget Dialup Software) (Version: 2004 - Budget Dialup)
    Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
    Canon MF Toolbox 4.9.1.1.mf17 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
    CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
    Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 9.00 - Avanquest software)
    Classic PhoneTools (Version: 9.00 - BVRP Software) Hidden
    Clearpointel (HKLM\...\{4CA4666D-4CDF-40F4-AE6D-7C742BF9A72F}) (Version: 1.1.1 - Clearpoint Telecom)
    Clearpointel (HKLM\...\{C4653293-E86B-4892-B8CB-4EC94D211B27}) (Version: 1.0.7 - Clearpointel)
    Dell Voice (HKLM\...\{3A0CBC70-6508-40BF-A52C-1638F6401E9D}) (Version: 1.1.0 - Fongo Inc.)
    Desktop eForms (HKLM\...\{82983A4C-AB68-4E49-A561-59C5A7F56165}) (Version: 4.2.00700.2246 - FileNet)
    DisplayLink Core Software (HKLM\...\{D8F76447-C498-47E2-8DA2-94826EBBBD7E}) (Version: 7.6.55673.0 - DisplayLink Corp.)
    DisplayLink Graphics (HKLM\...\{EC9ECF5F-6876-4F52-99B9-89A4636A1CAD}) (Version: 7.6.55705.0 - DisplayLink Corp.)
    Documents To Go (HKLM\...\{F2D45137-7631-4824-B285-52742329DE4B}) (Version: 11.000.501 - DataViz Inc.)
    DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
    Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.7.140.701 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
    Freephoneline (HKLM\...\{2AED3E0F-66AB-45DD-8D1A-FD75262DB2AE}) (Version: 3.2.7 - freephoneline.ca)
    Gizmo5 (HKLM\...\Gizmo5) (Version: 4.0.5.400 - Gizmo5 Technologies, Inc.)
    Google Chrome (HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    iCall (HKLM\...\iCall_is1) (Version: 4.0.0.22 - iCall, Inc.)
    Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: - )
    Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
    Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
    Kensington Display Adapter (HKLM\...\{22B889A1-CAC4-445A-B4E4-57DA1DAEBEB6}) (Version: 6.1.35912.0 - Kensington Computer Products Group)
    Kensington Universal Notebook Docking Station with VGA and DVI (HKLM\...\Kensington Universal Notebook Docking Station with VGA and DVI) (Version: 5.2 - )
    KONICA MINOLTA PagePro 1350W (HKLM\...\KONICA MINOLTA PagePro 1350W) (Version: - )
    LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    mCore (Version: 9.09.0000 - Intel Corporation) Hidden
    mHelp (Version: 9.09.0000 - Intel) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    mMHouse (Version: 9.09.0000 - Intel Corporation) Hidden
    MotoConnect (HKLM\...\{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}) (Version: 1.1.21 - Motorola)
    Motorola Driver Installation 4.5.0 (HKLM\...\{A0673E9E-4510-4AA0-B860-58FD5A7212A1}) (Version: 4.5.0 - Motorola Inc.)
    Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 5.31a 05/13/2010 - Avanquest Software)
    Motorola Phone Tools (Version: 4.30 - BVRP Software) Hidden
    Motorola Phone Tools (Version: 5.00 - BVRP Software) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    mPfMgr (Version: 9.09.0000 - Intel Corporation) Hidden
    MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nokia Connectivity Cable Driver (HKLM\...\{4F1DCA42-2030-437C-A94E-736692A499C1}) (Version: 6.86.11.0 - Nokia)
    Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 6.86.9.3 - Nokia)
    Nokia PC Suite (Version: 6.86.9.3 - Nokia) Hidden
    OnlinePlay 1.0 (HKLM\...\OnlinePlay) (Version: 1.0 - AOL LLC)
    OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
    Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
    PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
    Peak Scanner Software v1.0 (HKLM\...\InstallShield_{1373C855-146E-46D1-8105-FFFE8AFF2413}) (Version: 1.00.0000 - Applied Biosystems)
    Peak Scanner Software v1.0 (Version: 1.00.0000 - Applied Biosystems) Hidden
    Plantronics CSR Driver (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics CsrDfu Installer (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics HidDfu Installer (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater (HKLM\...\{b7053b54-3c7d-41e0-88ef-92d122848268}) (Version: 3.1.50774.5235 - Plantronics, Inc.)
    Plantronics MyHeadset Updater (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Device Handlers (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater DFU Handlers (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Install Check (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Runtime (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Startup (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
    POP Peeper (HKLM\...\POP Peeper) (Version: - Mortal Universe)
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
    Recover Files 2.1 (HKLM\...\Recover Files_is1) (Version: - Undelete & Unerase, Inc.)
    reminder (HKLM\...\{65D4DAA8-3611-4322-8E69-27880AFD90EC}) (Version: 3.0.0.5 - TOSHIBA)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
    Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    SMPlayer 0.6.7 (HKLM\...\SMPlayer) (Version: 0.6.7 - RVM)
    StudioTax 2011 (HKLM\...\{5E4ADF05-F045-4F82-9E98-422B2FCB944C}) (Version: 7.0.7.0 - BHOK IT Consulting)
    StudioTax 2012 (HKLM\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.3 - BHOK IT Consulting)
    StudioTax 2013 (HKLM\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.0 - BHOK IT Consulting)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
    TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
    TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
    TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
    TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
    TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1a - TOSHIBA Corporation)
    Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
    TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
    TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
    TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
    Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    WebWasher (HKLM\...\WebWasher) (Version: 3.4 - webwasher.com AG)
    Winamp (HKLM\...\Winamp) (Version: 5.52 - Nullsoft, Inc)
    Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
    Windows Driver Package - Nokia Modem (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) (HKLM\...\E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D) (Version: 03/13/2008 6.86.0.1 - Nokia)
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) (HKLM\...\819D45A9F73817F5B6D7C71A33ADAB88C5DA1765) (Version: 08/03/2007 6.84.0.2 - Nokia)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\WebEx\1426\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{7644204c-5eb0-4e21-b225-fc6c1fca74f7}\localserver32 -> C:\Program Files\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe (Nokia)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

    ==================== Restore Points =========================

    30-08-2014 12:51:59 Device Driver Package Install: Cambridge Silicon Radio Universal Serial Bus controllers
    01-09-2014 18:03:16 avast! antivirus system restore point
    08-09-2014 23:16:26 Scheduled Checkpoint
    20-12-2014 19:36:37 avast! antivirus system restore point
    21-12-2014 16:58:54 Device Driver Package Install: Marvell Printers
    26-12-2014 16:06:23 Windows Update
    26-12-2014 18:21:00 Windows Update
    09-01-2015 23:16:36 Installed OpenOffice 4.1.1
    09-01-2015 23:32:26 Removed Microsoft Office 2000 Premium
    11-01-2015 18:42:32 Restore Point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2015-01-11 22:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0FE50AC2-79D3-4CB0-9938-4CE97BEA7A45} - System32\Tasks\{BFC4A2CE-FEEF-4349-A7AD-70C2BBFCF743} => pcalua.exe -a "C:\installation files\PsmPlay5.41.exe" -d "C:\installation files"
    Task: {3423BB1F-E542-41F7-BC83-CE848B6E559A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software)
    Task: {3794843A-D922-457A-A389-43383366402C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {3B9B98D2-73A5-46AA-8291-657575180198} - System32\Tasks\SoftPlanet Software Assistant => C:\Program Files\SoftPlanet Software Assistant\spassist.exe
    Task: {490DECAF-5900-4327-9131-DD0D4CD93A00} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-11] (Lavasoft)
    Task: {5F6AADB3-40CA-459A-87C3-A9438EF80448} - System32\Tasks\{1E37F030-EC3E-4A04-97AE-A5378D4F52CC} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
    Task: {64EC8A58-0C35-499E-B024-1D6E6589DF11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {88F4CDA7-F6D0-4CC7-B2E5-8A0A568E227A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {D6FBB37E-58F1-414B-B890-147FC85F5CB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {FD8E5EE0-C0A3-49FC-914A-0D8BA52E275A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {FE3D9663-DC4B-414B-8A7A-336CF2AF2FEC} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2015-01-12 14:38 - 2015-01-12 14:38 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011201\algo.dll
    2006-10-17 17:13 - 2006-10-17 17:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
    2007-03-06 16:40 - 2007-03-06 16:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
    2014-12-26 16:08 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
    2014-12-21 17:00 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2009-12-08 00:57 - 2010-01-27 11:37 - 00091392 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    2007-09-27 00:35 - 2007-09-26 03:14 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
    2006-11-06 19:14 - 2006-11-06 19:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    2014-12-20 19:44 - 2014-12-20 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-28 04:34 - 2014-08-28 04:34 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Choko\AppData\Local\Re_ Morons.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    MSCONFIG\startupreg: iCall Internet Phone => "C:\Program Files\iCall\iCall.exe" /startup
    MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-4288754783-205699008-1328246205-500 - Administrator - Disabled)
    Choko (S-1-5-21-4288754783-205699008-1328246205-1000 - Administrator - Enabled) => C:\Users\Choko
    Guest (S-1-5-21-4288754783-205699008-1328246205-501 - Limited - Enabled) => C:\Users\Guest

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/12/2015 06:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x11a0, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x830, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x13a0, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x280, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x1154, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0xa90, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x3e8, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x1298, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x11f0, application start time 0xDisplayLinkKensingtonSupport.exe0.

    Error: (01/12/2015 06:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
    process id 0x1430, application start time 0xDisplayLinkKensingtonSupport.exe0.


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (01/12/2015 06:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc711a001d02ec2a4cd9ac2

    Error: (01/12/2015 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc783001d02ec27bb74372

    Error: (01/12/2015 06:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc713a001d02ec2527966f2

    Error: (01/12/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc728001d02ec22897a952

    Error: (01/12/2015 06:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7115401d02ec1ff477d52

    Error: (01/12/2015 06:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7a9001d02ec1d638ee32

    Error: (01/12/2015 06:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc73e801d02ec1ad3ab2c2

    Error: (01/12/2015 06:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7129801d02ec1843cec82

    Error: (01/12/2015 06:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc711f001d02ec15b489c22

    Error: (01/12/2015 06:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7143001d02ec132586a72


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-12 18:50:11.588
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:11.509
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:11.426
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:11.345
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:11.032
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:10.952
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:10.869
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-12 18:50:10.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-11 22:16:34.923
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-11 22:16:34.846
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
  13. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    And Addition.txt Part II

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
    Percentage of memory in use: 56%
    Total physical RAM: 2037.81 MB
    Available physical RAM: 879.06 MB
    Total Pagefile: 4281.14 MB
    Available Pagefile: 3035.62 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1916.9 MB

    ==================== Drives ================================

    Drive c: (S3A6101D004) (Fixed) (Total:173.63 GB) (Free:39.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:5.88 GB) (Free:5.17 GB) NTFS
    Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1406.14 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: A6F84945)
    Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Active) - (Size=173.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=5.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=5.3 GB) - (Type=17)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Here is the log.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02
    Ran by Choko at 2015-01-12 20:41:02 Run:1
    Running from C:\Users\Choko\Desktop
    Loaded Profile: Choko (Available profiles: Choko & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S3 catchme; \??\C:\Users\Choko\AppData\Local\Temp\catchme.sys [X]
    C:\Users\Choko\AppData\Local\temp\Quarantine.exe
    C:\Users\Choko\AppData\Local\temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    AlternateDataStreams: C:\Users\Choko\AppData\Local\Re_ Morons.eml:OECustomProperty

    *****************

    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    catchme => Service deleted successfully.
    C:\Users\Choko\AppData\Local\temp\Quarantine.exe => Moved successfully.
    C:\Users\Choko\AppData\Local\temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
    "HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\Users\Choko\AppData\Local\Re_ Morons.eml => ":OECustomProperty" ADS removed successfully.

    ==== End of Fixlog 20:41:04 ====
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  17. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Here is the Security Check log.

    Results of screen317's Security Check version 0.99.93
    Windows Vista x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Temp File Cleaner
    Java(TM) 6 Update 16
    Java 8 Update 25
    Java(TM) SE Runtime Environment 6
    Java version 32-bit out of Date!
    Adobe Flash Player 16.0.0.257
    Mozilla Firefox (34.0.5)
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    Google Chrome (Plugins...)
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    FSS log.

    Farbar Service Scanner Version: 21-07-2014
    Ran by Choko (administrator) on 12-01-2015 at 22:43:26
    Running from "C:\Users\Choko\Desktop"
    Microsoft® Windows Vista™ Home Premium (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Sophos?
     
  19. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Sophos found no threats and didn't show me a log. Is it in a directory somewhere?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  21. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Found the Sophos log.

    2015-01-13 05:18:13.428 Sophos Virus Removal Tool version 2.5.4
    2015-01-13 05:18:13.429 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-13 05:18:13.429 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-13 05:18:13.429 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
    2015-01-13 05:18:13.430 Checking for updates...
    2015-01-13 05:18:27.449 Update progress: proxy server not available
    2015-01-13 05:19:00.107 Option all = no
    2015-01-13 05:19:00.107 Option recurse = yes
    2015-01-13 05:19:00.107 Option archive = no
    2015-01-13 05:19:00.107 Option service = yes
    2015-01-13 05:19:00.107 Option confirm = yes
    2015-01-13 05:19:00.107 Option sxl = yes
    2015-01-13 05:19:00.111 Option max-data-age = 35
    2015-01-13 05:19:00.111 Option EnableSafeClean = yes
    2015-01-13 05:19:01.415 Option vdl-logging = yes
    2015-01-13 05:19:01.421 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-13 05:19:01.421 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-13 05:19:01.528 Component SVRTcli.exe version 2.5.4
    2015-01-13 05:19:01.528 Component control.dll version 2.5.4
    2015-01-13 05:19:01.530 Component SVRTservice.exe version 2.5.4
    2015-01-13 05:19:01.530 Component engine\osdp.dll version 1.44.1.2183
    2015-01-13 05:19:01.531 Component engine\veex.dll version 3.58.3.2183
    2015-01-13 05:19:01.532 Component engine\savi.dll version 8.1.5.2183
    2015-01-13 05:19:01.570 Component rkdisk.dll version 1.5.30.0
    2015-01-13 05:19:01.570 Version info: Product version 2.5.4
    2015-01-13 05:19:01.572 Version info: Detection engine 3.58.3
    2015-01-13 05:19:01.572 Version info: Detection data 5.08
    2015-01-13 05:19:01.573 Version info: Build date 11/11/2014
    2015-01-13 05:19:01.573 Version info: Data files added 563
    2015-01-13 05:19:01.573 Version info: Last successful update (not yet updated)
    2015-01-13 05:19:32.662 Downloading updates...
    2015-01-13 05:19:32.703 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-13 05:19:32.703 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-13 05:19:32.703 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-13 05:19:40.179 Update progress: [I19463] Syncing product IDE509 177
    2015-01-13 05:19:46.941 Installing updates...
    2015-01-13 05:19:48.743 Error level 1
    2015-01-13 05:19:51.893 Update progress: [I19463] Syncing product IDE510 179
    2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE511 170
    2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE512 42
    2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE513 1
    2015-01-13 05:21:35.994 Update successful
    2015-01-13 05:21:58.231 Option all = no
    2015-01-13 05:21:58.231 Option recurse = yes
    2015-01-13 05:21:58.231 Option archive = no
    2015-01-13 05:21:58.231 Option service = yes
    2015-01-13 05:21:58.231 Option confirm = yes
    2015-01-13 05:21:58.231 Option sxl = yes
    2015-01-13 05:21:58.234 Option max-data-age = 35
    2015-01-13 05:21:58.234 Option EnableSafeClean = yes
    2015-01-13 05:21:59.557 Option vdl-logging = yes
    2015-01-13 05:21:59.564 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-13 05:21:59.564 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-13 05:21:59.566 Component SVRTcli.exe version 2.5.4
    2015-01-13 05:21:59.567 Component control.dll version 2.5.4
    2015-01-13 05:21:59.568 Component SVRTservice.exe version 2.5.4
    2015-01-13 05:21:59.569 Component engine\osdp.dll version 1.44.1.2183
    2015-01-13 05:21:59.569 Component engine\veex.dll version 3.58.3.2183
    2015-01-13 05:21:59.570 Component engine\savi.dll version 8.1.5.2183
    2015-01-13 05:21:59.572 Component rkdisk.dll version 1.5.30.0
    2015-01-13 05:21:59.572 Version info: Product version 2.5.4
    2015-01-13 05:21:59.574 Version info: Detection engine 3.58.3
    2015-01-13 05:21:59.574 Version info: Detection data 5.08G
    2015-01-13 05:21:59.574 Version info: Build date 11/11/2014
    2015-01-13 05:21:59.574 Version info: Data files added 563
    2015-01-13 05:21:59.574 Version info: Last successful update 13/01/2015 12:21:35 AM

    2015-01-13 05:56:40.288 Password protected file C:\chronicles\TDC.xls
    2015-01-13 05:57:09.912 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
    2015-01-13 05:57:50.264 Could not open C:\hiberfil.sys
    2015-01-13 05:59:46.734 Could not open C:\pagefile.sys
    2015-01-13 06:16:29.245 Could not open C:\System Volume Information\{027c9250-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.246 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.248 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.249 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.249 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.250 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.251 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.252 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.253 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.254 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:16:29.255 Could not open C:\System Volume Information\{f7a60dd3-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 06:44:43.011 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-01-13 06:44:43.014 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-01-13 06:44:52.852 Could not open C:\Windows\System32\config\COMPONENTS
    2015-01-13 06:44:52.954 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
    2015-01-13 06:44:52.958 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-01-13 06:44:52.960 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-01-13 06:44:52.964 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-01-13 06:44:52.966 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-01-13 06:44:52.969 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-01-13 07:11:40.180 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.181 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.182 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.183 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.183 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.184 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.185 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.186 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.187 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.187 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.188 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.189 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.190 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.190 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.191 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:11:40.192 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 07:15:02.387 SafeClean bin directory is empty.
    2015-01-13 07:15:07.084 Error level 0

    2015-01-13 08:54:46.429 Scan completed.
    2015-01-13 08:54:46.429

    ------------------------------------------------------------

    2015-01-13 21:36:04.769 Sophos Virus Removal Tool version 2.5.4
    2015-01-13 21:36:04.770 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-13 21:36:04.770 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-13 21:36:04.770 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
    2015-01-13 21:36:04.771 Checking for updates...
    2015-01-13 21:36:18.118 Update progress: proxy server not available
    2015-01-13 21:37:06.133 Option all = no
    2015-01-13 21:37:06.133 Option recurse = yes
    2015-01-13 21:37:06.133 Option archive = no
    2015-01-13 21:37:06.133 Option service = yes
    2015-01-13 21:37:06.133 Option confirm = yes
    2015-01-13 21:37:06.133 Option sxl = yes
    2015-01-13 21:37:06.136 Option max-data-age = 35
    2015-01-13 21:37:06.136 Option EnableSafeClean = yes
    2015-01-13 21:37:06.275 Option vdl-logging = yes
    2015-01-13 21:37:06.319 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-13 21:37:06.319 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-13 21:37:06.453 Component SVRTcli.exe version 2.5.4
    2015-01-13 21:37:06.453 Component control.dll version 2.5.4
    2015-01-13 21:37:06.454 Component SVRTservice.exe version 2.5.4
    2015-01-13 21:37:06.455 Component engine\osdp.dll version 1.44.1.2183
    2015-01-13 21:37:06.456 Component engine\veex.dll version 3.58.3.2183
    2015-01-13 21:37:06.457 Component engine\savi.dll version 8.1.5.2183
    2015-01-13 21:37:06.524 Component rkdisk.dll version 1.5.30.0
    2015-01-13 21:37:06.524 Version info: Product version 2.5.4
    2015-01-13 21:37:06.526 Version info: Detection engine 3.58.3
    2015-01-13 21:37:06.526 Version info: Detection data 5.08G
    2015-01-13 21:37:06.526 Version info: Build date 11/11/2014
    2015-01-13 21:37:06.526 Version info: Data files added 563
    2015-01-13 21:37:06.527 Version info: Last successful update 13/01/2015 12:21:35 AM
    2015-01-13 21:37:26.316 Downloading updates...
    2015-01-13 21:37:26.320 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product IDE509 177
    2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE510 179
    2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE511 170
    2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE512 47
    2015-01-13 21:37:27.242 Installing updates...
    2015-01-13 21:37:28.245 Error level 1
    2015-01-13 21:37:29.136 Update progress: [I19463] Syncing product IDE513 1
    2015-01-13 21:37:29.278 Update successful
    2015-01-13 21:38:04.383 Option all = no
    2015-01-13 21:38:04.383 Option recurse = yes
    2015-01-13 21:38:04.383 Option archive = no
    2015-01-13 21:38:04.383 Option service = yes
    2015-01-13 21:38:04.383 Option confirm = yes
    2015-01-13 21:38:04.384 Option sxl = yes
    2015-01-13 21:38:04.387 Option max-data-age = 35
    2015-01-13 21:38:04.387 Option EnableSafeClean = yes
    2015-01-13 21:38:04.506 Option vdl-logging = yes
    2015-01-13 21:38:04.512 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-13 21:38:04.512 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-13 21:38:04.515 Component SVRTcli.exe version 2.5.4
    2015-01-13 21:38:04.515 Component control.dll version 2.5.4
    2015-01-13 21:38:04.516 Component SVRTservice.exe version 2.5.4
    2015-01-13 21:38:04.517 Component engine\osdp.dll version 1.44.1.2183
    2015-01-13 21:38:04.518 Component engine\veex.dll version 3.58.3.2183
    2015-01-13 21:38:04.519 Component engine\savi.dll version 8.1.5.2183
    2015-01-13 21:38:04.520 Component rkdisk.dll version 1.5.30.0
    2015-01-13 21:38:04.520 Version info: Product version 2.5.4
    2015-01-13 21:38:04.522 Version info: Detection engine 3.58.3
    2015-01-13 21:38:04.522 Version info: Detection data 5.08G
    2015-01-13 21:38:04.523 Version info: Build date 11/11/2014
    2015-01-13 21:38:04.523 Version info: Data files added 568
    2015-01-13 21:38:04.523 Version info: Last successful update 13/01/2015 4:37:29 PM

    2015-01-13 22:08:21.717 Could not open C:\Boot\BCD
    2015-01-13 22:11:29.877 Password protected file C:\chronicles\TDC.xls
    2015-01-13 22:12:01.616 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
    2015-01-13 22:12:37.053 Could not open C:\hiberfil.sys
    2015-01-13 22:14:40.963 Could not open C:\pagefile.sys
    2015-01-13 22:30:10.753 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.754 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.755 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.756 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.757 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.758 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.759 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.760 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:30:10.760 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 22:56:50.965 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-01-13 22:56:50.968 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-01-13 22:56:58.264 Could not open C:\Windows\System32\config\COMPONENTS
    2015-01-13 22:56:58.494 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
    2015-01-13 22:56:58.497 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-01-13 22:56:58.501 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-01-13 22:56:58.504 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-01-13 22:56:58.507 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-01-13 22:56:58.510 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-01-13 23:21:56.140 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.166 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.166 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.167 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.168 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:21:56.169 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-13 23:25:13.832 SafeClean bin directory is empty.
    2015-01-13 23:25:15.403 Error level 0

    2015-01-14 00:12:25.045 Scan completed.
    2015-01-14 00:12:25.045

    ------------------------------------------------------------

    2015-01-14 21:44:01.544 Sophos Virus Removal Tool version 2.5.4
    2015-01-14 21:44:01.545 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-14 21:44:01.545 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-14 21:44:01.545 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
    2015-01-14 21:44:01.548 Checking for updates...
    2015-01-14 21:44:15.815 Update progress: proxy server not available
    2015-01-14 21:44:51.765 Downloading updates...
    2015-01-14 21:44:51.939 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product IDE509 177
    2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE510 179
    2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE511 170
    2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE512 53
    2015-01-14 21:45:13.731 Installing updates...
    2015-01-14 21:45:38.238 Option all = no
    2015-01-14 21:45:41.239 Option recurse = yes
    2015-01-14 21:45:41.239 Option archive = no
    2015-01-14 21:45:41.239 Option service = yes
    2015-01-14 21:45:41.239 Option confirm = yes
    2015-01-14 21:45:41.240 Option sxl = yes
    2015-01-14 21:45:41.240 Option max-data-age = 35
    2015-01-14 21:45:41.240 Option EnableSafeClean = yes
    2015-01-14 21:45:41.240 Option vdl-logging = yes
    2015-01-14 21:45:41.240 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-14 21:45:41.240 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-14 21:45:41.240 Component SVRTcli.exe version 2.5.4
    2015-01-14 21:45:41.240 Component control.dll version 2.5.4
    2015-01-14 21:45:41.240 Component SVRTservice.exe version 2.5.4
    2015-01-14 21:45:41.240 Component engine\osdp.dll version 1.44.1.2183
    2015-01-14 21:45:41.240 Component engine\veex.dll version 3.58.3.2183
    2015-01-14 21:45:41.241 Component engine\savi.dll version 8.1.5.2183
    2015-01-14 21:45:41.241 Component rkdisk.dll version 1.5.30.0
    2015-01-14 21:45:41.276 Version info: Product version 2.5.4
    2015-01-14 21:45:41.276 Version info: Detection engine 3.58.3
    2015-01-14 21:45:41.276 Version info: Detection data 5.08G
    2015-01-14 21:45:41.276 Version info: Build date 11/11/2014
    2015-01-14 21:45:41.276 Version info: Data files added 568
    2015-01-14 21:45:41.276 Version info: Last successful update 13/01/2015 4:37:29 PM
    2015-01-14 21:45:41.277 Error level 1
    2015-01-14 21:45:43.828 Update progress: [I19463] Syncing product IDE513 1
    2015-01-14 21:45:44.174 Update successful
    2015-01-14 21:46:47.358 Option all = no
    2015-01-14 21:46:47.358 Option recurse = yes
    2015-01-14 21:46:47.358 Option archive = no
    2015-01-14 21:46:47.358 Option service = yes
    2015-01-14 21:46:47.358 Option confirm = yes
    2015-01-14 21:46:47.358 Option sxl = yes
    2015-01-14 21:46:47.368 Option max-data-age = 35
    2015-01-14 21:46:47.368 Option EnableSafeClean = yes
    2015-01-14 21:46:47.969 Option vdl-logging = yes
    2015-01-14 21:46:48.107 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-14 21:46:48.107 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-14 21:46:48.301 Component SVRTcli.exe version 2.5.4
    2015-01-14 21:46:48.303 Component control.dll version 2.5.4
    2015-01-14 21:46:48.303 Component SVRTservice.exe version 2.5.4
    2015-01-14 21:46:48.304 Component engine\osdp.dll version 1.44.1.2183
    2015-01-14 21:46:48.306 Component engine\veex.dll version 3.58.3.2183
    2015-01-14 21:46:48.306 Component engine\savi.dll version 8.1.5.2183
    2015-01-14 21:46:48.364 Component rkdisk.dll version 1.5.30.0
    2015-01-14 21:46:48.364 Version info: Product version 2.5.4
    2015-01-14 21:46:48.364 Version info: Detection engine 3.58.3
    2015-01-14 21:46:48.364 Version info: Detection data 5.08G
    2015-01-14 21:46:48.364 Version info: Build date 11/11/2014
    2015-01-14 21:46:48.364 Version info: Data files added 574
    2015-01-14 21:46:48.364 Version info: Last successful update 14/01/2015 4:45:44 PM

    2015-01-14 23:09:33.904 Could not open C:\Boot\BCD
    2015-01-14 23:14:16.790 Password protected file C:\chronicles\TDC.xls
    2015-01-14 23:14:54.508 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
    2015-01-14 23:15:42.412 Could not open C:\hiberfil.sys
    2015-01-14 23:18:38.318 Could not open C:\pagefile.sys
    2015-01-14 23:36:14.418 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.419 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.419 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.420 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.421 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.425 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.426 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.427 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:36:14.428 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-14 23:59:04.062 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-01-14 23:59:04.064 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-01-14 23:59:10.898 Could not open C:\Windows\System32\config\COMPONENTS
    2015-01-14 23:59:10.929 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
    2015-01-14 23:59:10.932 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-01-14 23:59:10.934 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-01-14 23:59:10.937 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-01-14 23:59:10.940 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-01-14 23:59:10.942 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-01-15 00:20:32.055 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.056 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.056 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.057 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.058 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.059 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.059 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.060 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.061 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.062 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.063 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.063 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.064 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.065 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.066 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:20:32.067 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-15 00:23:44.005 SafeClean bin directory is empty.
    2015-01-15 00:23:51.441 Error level 0

    2015-01-15 00:34:01.532 Scan completed.
    2015-01-15 00:34:01.532

    ------------------------------------------------------------

    2015-01-16 20:52:49.194 Sophos Virus Removal Tool version 2.5.4
    2015-01-16 20:52:49.195 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-16 20:52:49.195 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-16 20:52:49.195 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
    2015-01-16 20:52:49.197 Checking for updates...
    2015-01-16 20:53:02.981 Update progress: proxy server not available
    2015-01-16 20:53:38.119 Downloading updates...
    2015-01-16 20:53:38.131 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-16 20:53:38.132 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-16 20:53:38.132 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-16 20:53:38.132 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-16 20:53:38.132 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-16 20:53:47.457 Update progress: [I19463] Syncing product IDE509 177
    2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE510 179
    2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE511 170
    2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE512 67
    2015-01-16 20:54:10.023 Installing updates...
    2015-01-16 20:54:34.253 Option all = no
    2015-01-16 20:54:35.653 Option recurse = yes
    2015-01-16 20:54:35.653 Option archive = no
    2015-01-16 20:54:35.653 Option service = yes
    2015-01-16 20:54:35.654 Option confirm = yes
    2015-01-16 20:54:35.654 Option sxl = yes
    2015-01-16 20:54:35.654 Option max-data-age = 35
    2015-01-16 20:54:35.654 Option EnableSafeClean = yes
    2015-01-16 20:54:35.654 Option vdl-logging = yes
    2015-01-16 20:54:35.654 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-16 20:54:35.654 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-16 20:54:35.654 Component SVRTcli.exe version 2.5.4
    2015-01-16 20:54:35.654 Component control.dll version 2.5.4
    2015-01-16 20:54:35.654 Component SVRTservice.exe version 2.5.4
    2015-01-16 20:54:35.654 Component engine\osdp.dll version 1.44.1.2183
    2015-01-16 20:54:35.654 Component engine\veex.dll version 3.58.3.2183
    2015-01-16 20:54:35.655 Component engine\savi.dll version 8.1.5.2183
    2015-01-16 20:54:35.655 Component rkdisk.dll version 1.5.30.0
    2015-01-16 20:54:35.655 Version info: Product version 2.5.4
    2015-01-16 20:54:35.655 Version info: Detection engine 3.58.3
    2015-01-16 20:54:35.655 Version info: Detection data 5.08G
    2015-01-16 20:54:35.655 Version info: Build date 11/11/2014
    2015-01-16 20:54:35.655 Version info: Data files added 574
    2015-01-16 20:54:35.655 Version info: Last successful update 14/01/2015 4:45:44 PM
    2015-01-16 20:54:35.655 Error level 1
    2015-01-16 20:54:36.534 Update progress: [I19463] Syncing product IDE513 1
    2015-01-16 20:54:36.851 Update successful
    2015-01-16 20:54:56.484 Option all = no
    2015-01-16 20:54:56.484 Option recurse = yes
    2015-01-16 20:54:56.484 Option archive = no
    2015-01-16 20:54:56.484 Option service = yes
    2015-01-16 20:54:56.484 Option confirm = yes
    2015-01-16 20:54:56.484 Option sxl = yes
    2015-01-16 20:54:56.488 Option max-data-age = 35
    2015-01-16 20:54:56.488 Option EnableSafeClean = yes
    2015-01-16 20:54:56.706 Option vdl-logging = yes
    2015-01-16 20:54:56.728 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-16 20:54:56.728 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
    2015-01-16 20:54:56.732 Component SVRTcli.exe version 2.5.4
    2015-01-16 20:54:56.733 Component control.dll version 2.5.4
    2015-01-16 20:54:56.734 Component SVRTservice.exe version 2.5.4
    2015-01-16 20:54:56.736 Component engine\osdp.dll version 1.44.1.2183
    2015-01-16 20:54:56.738 Component engine\veex.dll version 3.58.3.2183
    2015-01-16 20:54:56.739 Component engine\savi.dll version 8.1.5.2183
    2015-01-16 20:54:56.742 Component rkdisk.dll version 1.5.30.0
    2015-01-16 20:54:56.742 Version info: Product version 2.5.4
    2015-01-16 20:54:56.745 Version info: Detection engine 3.58.3
    2015-01-16 20:54:56.745 Version info: Detection data 5.08G
    2015-01-16 20:54:56.745 Version info: Build date 11/11/2014
    2015-01-16 20:54:56.745 Version info: Data files added 588
    2015-01-16 20:54:56.745 Version info: Last successful update 16/01/2015 3:54:36 PM
     
  22. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    I had actually put RogueKiller in my Downloads folder. Should I move it to Desktop before running Delfix?
    Did I have any trojans, rootkits or bootkits?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Should I move it to Desktop before running Delfix?
    Yes.
    Did I have any trojans, rootkits or bootkits?
    No.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The issue seems to be resolved.
     
  25. Rakshata

    Rakshata TS Rookie Topic Starter Posts: 31

    Thanks for your help, Broni. Please check your PayPal account.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...