TechSpot

Possible odd internet behavior

By mrtraver
Jan 1, 2015
  1. Windows 7 SP1 64 bit
    IE 11 and Chrome browsers

    Today Avast kept telling me that it was blocking potentially malicious websites, but it did not find any infections. I also ran MBAM and SuperAntiSpyware, and the only things found were some registry entries and tracking cookies which I quarantined/deleted. PeerBlock 1.2 also shows tons of blocked incoming HTTP connections, even when all browsers, Steam, Origin, etc. are closed. I don't know what is causing these hits on Avast and Peerblock. (I never turned on HTTP blocking before in PeerBlock, so this may not be unusual behavior). RUBotted shows clean.
    My IE options keep getting changed to block downloads, also.

    In case it helps, early on, here are some logs from MBAM and dds,

    Thanks!


    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 1/1/2015
    Scan Time: 10:10:03 AM
    Logfile:
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2015.01.01.02
    Rootkit Database: v2014.12.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: michael
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 436153
    Time Elapsed: 8 min, 4 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 2
    PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [72c49c569dec3501a32c954e6c98659b],
    PUP.Optional.Conduit.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e84e8f6377125dd9a6ced4935ea50ff1],
    Registry Values: 2
    PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EECF410C-006C-4A05-AD13-6741A0814DBF}, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9],
    PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EECF410C-006C-4A05-AD13-6741A0814DBF}, Spam Free Search Toolbar, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9]
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 3
    PUP.Optional.NewHB.A, C:\Users\michael\AppData\Local\newhb.crx, Quarantined, [8ea8f9f97a0f5bdb0d18baaa35ce12ee],
    PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [64d26e84850462d49867f37154afb54b],
    PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [8fa781718ffa74c24cb3adb7976c08f8],
    Physical Sectors: 0
    (No malicious items detected)

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
    Run by michael at 20:51:13 on 2015-01-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2228 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    e:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    C:\Windows\system32\CISVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    E:\Program Files (x86)\VMware\vmware-authd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Windows\system32\wbem\unsecapp.exe
    D:\Program Files\PeerBlock\peerblock.exe
    C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    C:\Windows\System32\StikyNot.exe
    D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    E:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
    E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    e:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    e:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    e:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    e:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.facebook.com/
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    uProxyServer = 198.204.238.254:8085
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
    uRun: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
    uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Spotify Web Helper] "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Plex Media Server] "E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
    uRun: [Google Update] "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRunOnce: [Adobe Speed Launcher] 1420146036
    mRun: [UnlockerAssistant] "D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    mRun: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [AvastUI.exe] "e:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
    StartupFolder: C:\Users\michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: %windir%\system32\vsocklib.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www21.adrive.com/filemanager/landing
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
    DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
    TCP: NameServer = 192.168.0.1 205.171.2.226
    TCP: Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} : DHCPNameServer = 192.168.0.1 205.171.2.226
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
    FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15902
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42:39
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-21 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-21 267632]
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-23 73296]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-21 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-21 436624]
    R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-21 83280]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 116728]
    R2 avast! Antivirus;avast! Antivirus;E:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-17 50344]
    R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-9-16 122072]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-9-16 384728]
    R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-9-16 777944]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-10-25 441344]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-6-10 39568]
    R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-7-9 1141848]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-6-10 23552]
    R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-12-16 443416]
    R2 TeamViewer9;TeamViewer 9;E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-2 4799760]
    R2 VBoxAswDrv;VBoxAsw Support Driver;E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-17 271752]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
    R3 AvastVBoxSvc;AvastVBox COM Service;E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-17 4012248]
    R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-11 38216]
    R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2012-10-20 22600]
    R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
    S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-9-16 409304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-17 112496]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-1-5 21712]
    S3 GalaxyService;GalaxyService;C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2014-11-28 2191648]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 Origin Client Service;Origin Client Service;D:\Program Files (x86)\Origin\OriginClientService.exe [2012-10-8 1903472]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
    S3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-10 14544]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 380064]
    .
    =============== Created Last 30 ================
    .
    2015-01-01 05:43:01 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E90BC70-8092-4289-A40F-BB908C15921A}\mpengine.dll
    2014-12-18 07:09:09 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-12-18 07:09:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-12-16 20:32:41 -------- d-----w- C:\ProgramData\Trend Micro
    2014-12-16 20:32:11 -------- d-----w- C:\Program Files (x86)\WinPcap
    2014-12-16 20:32:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2014-12-16 17:52:00 38160 ----a-w- C:\Windows\SysWow64\LMRTREND.dll
    2014-12-16 17:52:00 182032 ----a-w- C:\Windows\SysWow64\dxtmsft3.dll
    2014-12-16 17:52:00 155408 ----a-w- C:\Windows\SysWow64\LMRT.dll
    2014-12-16 17:52:00 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
    2014-12-16 17:51:58 63488 ----a-w- C:\Windows\SysWow64\unam4ie.exe
    2014-12-16 17:51:58 217984 ----a-w- C:\Windows\SysWow64\strmdll.dll
    2014-12-16 17:51:58 109840 ----a-w- C:\Program Files (x86)\Windows Media Player\mplayer2.exe
    2014-12-16 17:51:56 5672 ----a-w- C:\Windows\SysWow64\quartz.vxd
    2014-12-16 17:51:56 194320 ----a-w- C:\Windows\SysWow64\qcut.dll
    2014-12-16 17:51:56 11776 ----a-w- C:\Windows\SysWow64\mciqtz.drv
    2014-12-16 17:51:56 10240 ----a-w- C:\Windows\SysWow64\vidx16.dll
    2014-12-16 17:51:55 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
    2014-12-16 17:51:55 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
    2014-12-11 13:24:18 4121600 ----a-w- C:\Windows\System32\mf.dll
    2014-12-11 13:24:18 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
    2014-12-10 05:59:26 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
    2014-12-04 03:07:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2014-12-04 03:07:49 89960 ----a-w- C:\Windows\SysWow64\SQSRVRES.DLL
    2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2014-12-03 04:42:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
    2014-12-03 04:41:07 -------- d-----w- C:\Windows\SysWow64\1033
    2014-12-03 04:41:07 -------- d-----w- C:\Windows\System32\1033
    2014-12-03 04:41:07 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2014-12-03 04:39:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008Templates
    2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008
    2014-12-03 04:38:00 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
    .
    ==================== Find3M ====================
    .
    2015-01-01 16:09:07 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-16 20:38:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-16 20:38:18 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-11-29 01:01:24 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:10:29 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-19 10:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
    2014-11-18 01:10:25 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-11-18 01:10:25 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-11-18 01:10:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-11-18 01:10:25 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-11-18 01:10:25 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-11-18 01:10:25 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-11-18 01:10:24 43152 ----a-w- C:\Windows\avastSS.scr
    2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-11-09 05:02:16 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
    2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-11-06 21:02:48 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-11-06 21:02:48 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-11-06 21:02:48 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-11-03 22:02:42 6882448 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-11-03 22:02:41 3531464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-11-03 22:02:38 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-11-03 22:02:38 61640 ----a-w- C:\Windows\System32\nvshext.dll
    2014-11-03 22:02:38 385352 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-11-03 22:02:38 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-11-03 11:58:36 4099264 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-11-02 23:34:34 862 ----a-w- C:\Windows\DSXWA.reg
    2014-11-02 23:34:34 1926 ----a-w- C:\Windows\DSXWA2.reg
    2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    2014-10-25 16:59:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
    2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
    2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-07 00:34:44 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    .
    ============= FINISH: 20:51:39.31 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    I still need Attach.txt log from DDS.
     
  3. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Thanks!! Zipped and attached, or just pasted?

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume5
    Install Date: 10/8/2012 11:29:01 AM
    System Uptime: 1/1/2015 2:59:41 PM (6 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 119 GiB total, 38.875 GiB free.
    D: is FIXED (NTFS) - 69 GiB total, 28.658 GiB free.
    E: is FIXED (NTFS) - 523 GiB total, 73.976 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 24 GiB total, 2.391 GiB free.
    H: is Removable
    I: is FIXED (NTFS) - 49 GiB total, 48.672 GiB free.
    M: is Removable
    N: is FIXED (NTFS) - 0 GiB total, 0.035 GiB free.
    O: is CDROM ()
    Q: is Removable
    R: is Removable
    Z: is NetworkDisk (NTFS) - 932 GiB total, 189.846 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SBRE
    Device ID: ROOT\LEGACY_SBRE\0000
    Manufacturer:
    Name: SBRE
    PNP Device ID: ROOT\LEGACY_SBRE\0000
    Service: SBRE
    .
    ==== System Restore Points ===================
    .
    RP525: 12/31/2014 11:42:39 PM - Windows Update
    RP526: 1/1/2015 10:56:26 AM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.22 (x64 edition)
    ACE COMBAT™ ASSAULT HORIZON Enhanced Edition
    Adblock Plus for IE (32-bit and 64-bit)
    Adobe AIR
    Adobe Digital Editions 2.0
    Adobe Flash Player 15 Plugin
    Adobe Flash Player 16 ActiveX
    Adobe Reader XI (11.0.10)
    Adobe Shockwave Player 12.1
    AI Suite
    Aliens vs Predator Classic 2000
    Amazon Kindle
    Amazon Music Importer
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    applicationupdater
    AquaNox
    Auslogics Duplicate File Finder
    Avast Free Antivirus
    AxCrypt 1.7.2931.0
    Batman: Arkham City GOTY
    Battlefield 1942™
    Battlefield 3™
    Battlefield: Bad Company™ 2
    Battlelog Web Plugins
    Battlezone version 1.5.2.25
    Bejeweled® 3
    BlueStacks App Player
    BlueStacks Notification Center
    Bonjour
    Burnout™ Paradise: The Ultimate Box
    CCleaner
    ChromecastApp
    Cisco AnyConnect Secure Mobility Client
    Cisco AnyConnect Secure Mobility Client
    Command & Conquer 3
    Command & Conquer™ 3: Kane's Wrath
    Conquest Frontier Wars
    Cool & Quiet
    CPUID CPU-Z 1.69
    Crusader No Remorse
    D3DX10
    Darksaber's Ultimate Craft Pack
    Dead Space™
    Definition Update for Microsoft Office 2010 (KB2910899) 64-Bit Edition
    Descent 3 with Mercenary Expansion
    Diaspora version 1.1.1
    Disk Space Fan 4 Free 4.5.1.129
    DivX Setup
    Dogfight 1942
    Dropbox
    Dual-Core Optimizer
    EasyBCD 2.2
    Elementary and Middle School - Multiplication
    erLT
    ESN Sonar
    Eternal Silence
    EVGA Precision X 4.2.1
    Fallout 3
    Far Cry® 3 Blood Dragon
    FormatFactory 3.3.4.0
    Free YouTube Downloader 3.5.136
    FreeSpace 2
    Galaxy Client
    Game Booster 3
    GDR 5520 for SQL Server 2008 (KB2977321)
    GOG.com Downloader version 3.6.0
    Google Chrome
    Google Earth
    Google Update Helper
    Gun Metal
    HandBrake 0.9.9.1
    HD Tune Pro 5.50
    HD Youtube Downloader Free
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    ImgBurn
    Incoming and Incoming Forces
    Independence War Deluxe
    Insaniquarium Deluxe 1.0
    Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
    iTunes
    Java 8 Update 25
    Java Auto Updater
    K-Lite Codec Pack 10.5.0 Standard
    Logitech Gaming Software
    Logitech Gaming Software 8.56
    Mace Griffin Bounty Hunter
    Malwarebytes Anti-Malware version 2.0.4.1028
    MediaCoder x64 0.8.17
    MediaHuman Audio Converter version 1.8.9
    Metro 2033
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 4 Runtime
    Microsoft Crimson Skies
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft StarLancer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Xbox 360 Accessories 1.2
    Minecraft PC Gamer Demo version 1.5
    Moodagent
    Movie Maker
    Mozilla Firefox 33.0.3 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Control Panel 344.65
    NVIDIA Graphics Driver 344.65
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA Virtual Audio 1.2.26
    OpenAL
    Origin
    PC Inspector File Recovery
    PC Probe II
    PCSX2 - Playstation 2 Emulator
    PeerBlock 1.2 (r693)
    Peggle
    Photo Common
    Photo Gallery
    Plants vs. Zombies™
    Plex Media Server
    PunkBuster Services
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer Cloud
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recuva (remove only)
    Red Baron Pack
    Remove Empty Directories version 2.2
    Revo Uninstaller 1.95
    RivaTuner Statistics Server 5.2.0
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Excel 2010 (KB2910902) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553154) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
    Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
    Security Update for Microsoft Word 2010 (KB2899519) 64-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
    Service Pack 3 for SQL Server 2008 (KB2546951)
    Shattered Steel
    SimCity 2000 Special Edition
    Skype™ 5.10
    SPORE™
    Spotify
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Star Wars Battlefront II
    Star Wars X-Wing Alliance
    Stargunner
    Steam
    Strike Suit Zero
    SUPERAntiSpyware
    Supreme Commander
    swMSM
    System Requirements Lab Detection
    Tachyon: The Fringe
    TeamSpeak 3 Client
    TeamViewer 9
    TGA Viewer
    The Sims 2: Ultimate Collection
    Titanfall™
    TN3270 Plus 3.1
    Tom Clancy's H.A.W.X. 2
    Trend Micro RUBotted 2.0 Beta
    TrueCrypt
    Tyrian 2000
    Unlocker 1.9.1
    Unlocker 1.9.1-x64
    Unreal Tournament G.O.T.Y. Edition
    Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
    Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
    UpdateService
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    VirtualCloneDrive
    Vista Shortcut Manager x64
    VLC media player
    VMware Player
    Wheelman
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Wing Commander IV
    WinPcap 4.1.3
    WinX DVD Ripper Platinum 7.0.0
    X3: Terran Conflict
    Xiph.Org Open Codecs 0.85.17777
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2014 5:20:51 AM, Error: Schannel [36887] - The following fatal alert was received: 42.
    12/30/2014 8:23:25 AM, Error: Schannel [36887] - The following fatal alert was received: 70.
    12/30/2014 2:43:42 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    12/29/2014 2:01:59 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    12/29/2014 2:01:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000032, 0x0000000000000002, 0x0000000000000000, 0xfffff8800146f6ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122914-19000-01.
    12/28/2014 9:48:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RACHEL-HOME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C}. The master browser is stopping or an election is being forced.
    12/27/2014 7:09:37 AM, Error: Schannel [36887] - The following fatal alert was received: 48.
    1/1/2015 8:51:37 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Win7.
    1/1/2015 8:47:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {06622D85-6856-4460-8DE1-A81921B41C4B} and APPID {06622D85-6856-4460-8DE1-A81921B41C4B} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/1/2015 7:02:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    1/1/2015 3:02:20 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
    1/1/2015 3:01:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    1/1/2015 3:01:26 PM, Error: Service Control Manager [7022] - The BlueStacks Android Service service hung on starting.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You did fine :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Here is the RK report (I did not see any additional logs). I'll run MBAR next and may have to post the logs tomorrow.

    RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : michael [Administrator]
    Mode : Delete -- Date : 01/01/2015 22:08:41
    ¤¤¤ Processes : 1 ¤¤¤
    [Tr.Poweliks] dllhost.exe -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
    ¤¤¤ Registry : 34 ¤¤¤
    [Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\e:\Program Files (x86)\Unlocker\UnlockerDriver5.sys) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.204.238.254:8085 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.204.238.254:8085 -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.facebook.com/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.facebook.com/ -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1303FF4D-CC07-4115-9143-8D1C442E7088} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1303FF4D-CC07-4115-9143-8D1C442E7088} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_84B3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_84B3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] g9aakevy.default : user_pref("browser.startup.homepage", "https://www.facebook.com/?ref=tn_tnmn"); -> Not selected
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 226cf308850d79de8fa516ea4c082bb8
    [BSP] 4b4b9059ed01ec62ec09b3026f91da30 : HP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 535478 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1096661160 | Size: 24991 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1147858944 | Size: 50000 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 4ed0cbe9e062df4a66cf1085ec9cf38d
    [BSP] 247d80e4b8d446623e850740b6e2963b : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 70909 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive2: +++++
    --- User ---
    [MBR] 6406d2fde0873e30118db564b0e0b1be
    [BSP] 2e5f379677b8053fa56ebbe96601e30d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive5: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive6: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_01012015_220445.log - RKreport_DEL_01012015_220701.log - RKreport_DEL_01012015_220743.log - RKreport_DEL_01012015_220758.log
    RKreport_DEL_01012015_220817.log - RKreport_DEL_01012015_220829.log
     
  6. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    MBAR info - there were three files I recognized from an old flash drive back-up, and I deleted those manually after running MBAR.

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org
    Database version: v2015.01.02.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17501
    michael :: MICHAEL-PC [administrator]
    1/1/2015 10:36:29 PM
    mbar-log-2015-01-01 (22-36-29).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 438163
    Time elapsed: 9 minute(s), 22 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [cbcef002ec9dbb7bce9d719133cdde22]
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\michael\Desktop\My flash drive backup\XP fixes\keyfinder.exe (Application.FindKey) -> No action taken. [1881886aff8abd79476081c8af53af51]
    C:\Users\michael\Desktop\My flash drive backup\XP fixes\wga-fix.exe (Hacktool.WGAFix) -> No action taken. [56432dc5a3e6f1453298c289659d8f71]
    C:\Users\michael\Desktop\My flash drive backup\XP fixes\Windows XP Keygen.exe (Malware.Tool) -> No action taken. [e7b205ed2069201607150547f40e19e7]
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17501
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, N:\ DRIVE_FIXED
    CPU speed: 3.166000 GHz
    Memory total: 4293976064, free: 1043292160
    Downloaded database version: v2015.01.02.01
    Downloaded database version: v2014.12.30.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/01/2015 22:36:12
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\vmci.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vsock.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\truecrypt.sys
    \SystemRoot\system32\drivers\termdd.sys
    \??\e:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\e:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\L1E62x64.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\vjoy.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\vmnetadapter.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \??\C:\Windows\system32\drivers\VMkbd.sys
    \SystemRoot\system32\DRIVERS\xusb21.sys
    \SystemRoot\system32\DRIVERS\SaiH8000.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \??\C:\Windows\system32\drivers\vmx86.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\D:\Program Files\PeerBlock\pbfilter.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk6\DR6
    Upper Device Object: 0xfffffa8004b83660
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000098\
    Lower Device Object: 0xfffffa80055d1b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR5
    Upper Device Object: 0xfffffa800586b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000097\
    Lower Device Object: 0xfffffa800480d590
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa8005849790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000096\
    Lower Device Object: 0xfffffa800482db60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800584b790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000095\
    Lower Device Object: 0xfffffa800482d060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa80040c9790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
    Lower Device Object: 0xfffffa8003feb680
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80040c8790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-6\
    Lower Device Object: 0xfffffa8003c79060
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80040c7680
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-7\
    Lower Device Object: 0xfffffa8003fe4060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa80040c9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80040ca040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80040c9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80039c3310, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8003feb680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80040c7680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80040c8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80040c7680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003c78520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8003fe4060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: ACD4630D
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1096659112
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1096661160 Numsec = 51183090
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1147858944 Numsec = 102400000
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 640135028736 bytes
    Sector size: 512 bytes
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80040c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80040c9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80040c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003fe3520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8003c79060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A52EA52E
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 145221632
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 74355769344 bytes
    Sector size: 512 bytes
    Done!
    Drive 2
    This is a System drive
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 65C3BC3B
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 249860096
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 128035676160 bytes
    Sector size: 512 bytes
    Done!
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa800584b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80048b1540, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800584b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800482d060, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa8005849790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80055c1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005849790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800482db60, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 5, DevicePointer: 0xfffffa800586b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80048b0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800586b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800480d590, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 6, DevicePointer: 0xfffffa8004b83660, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800582d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004b83660, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80055d1b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    <<<2>>>
    <<<3>>>
    Volume: E:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\keyfinder.exe --> [Application.FindKey]
    Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\wga-fix.exe --> [Hacktool.WGAFix]
    Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\Windows XP Keygen.exe --> [Malware.Tool]
    Infected: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Executing an action cmd.exe...
    Success!
    Executing an action cmd.exe...
    Success!
    Removal successful. No system shutdown is required.
    =======================================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download Powelikscleaner (by ESET) and save it to your Desktop.

    1. Double-click on ESETPoweliksCleaner.exe to start the tool.

    2. Read the terms of the End-user license agreement and click Agree.

    3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

    [​IMG]

    4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

    [​IMG]

    The tool will produce a log in the same directory the tool was run from.

    Please copy and paste the log in your next reply.
     
  8. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    [2015.01.01 23:14:22.669] - Begin
    [2015.01.01 23:14:22.670] -
    [2015.01.01 23:14:22.671] - ....................................
    [2015.01.01 23:14:22.672] - ..::::::::::::::::::....................
    [2015.01.01 23:14:22.673] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
    [2015.01.01 23:14:22.674] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
    [2015.01.01 23:14:22.675] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
    [2015.01.01 23:14:22.676] - .::EE:::::::::::::SS:.EE..........TT......
    [2015.01.01 23:14:22.677] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
    [2015.01.01 23:14:22.678] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
    [2015.01.01 23:14:22.678] - ....................................
    [2015.01.01 23:14:22.678] -
    [2015.01.01 23:14:22.678] - --------------------------------------------------------------------------------
    [2015.01.01 23:14:22.679] -
    [2015.01.01 23:14:22.680] - INFO: OS: 6.1.7601 SP1
    [2015.01.01 23:14:22.680] - INFO: Product Type: Workstation
    [2015.01.01 23:14:22.680] - INFO: WoW64: True
    [2015.01.01 23:14:22.680] - INFO: Machine guid: 4E5A2555-1A63-44DD-B6DF-02CBD6CC31A6
    [2015.01.01 23:14:22.680] -
    [2015.01.01 23:14:25.240] - INFO: Scanning for system infection...
    [2015.01.01 23:14:25.240] - --------------------------------------------------------------------------------
    [2015.01.01 23:14:25.240] -
    [2015.01.01 23:14:25.240] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
    [2015.01.01 23:14:25.241] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
    [2015.01.01 23:14:25.242] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
    [2015.01.01 23:14:25.242] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
    [2015.01.01 23:14:25.242] - INFO: Processing classes...
    [2015.01.01 23:14:25.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    [2015.01.01 23:14:25.244] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
    [2015.01.01 23:14:25.252] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
    [2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
    [2015.01.01 23:14:25.253] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
    [2015.01.01 23:14:25.253] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
    [2015.01.01 23:14:25.257] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
    [2015.01.01 23:14:25.259] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
    [2015.01.01 23:14:25.259] - INFO: Win32/Poweliks not found
    [2015.01.01 23:14:48.528] - End
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    ComboFix 15-01-02.01 - michael 01/02/2015 18:44:29.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2302 [GMT -6:00]
    Running from: c:\users\michael\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\cmdline.cfg
    c:\programdata\1358480392.bdinstall.bin
    c:\programdata\1358480697.bdinstall.bin
    c:\programdata\1358480947.bdinstall.bin
    c:\programdata\1358480986.2944.bin
    c:\programdata\1358480986.3244.bin
    c:\programdata\1358480986.4052.bin
    c:\programdata\1358481051.2400.bin
    c:\programdata\1358481051.2496.bin
    c:\programdata\1358481051.2696.bin
    c:\programdata\1358481051.2844.bin
    c:\programdata\1358481051.288.bin
    c:\programdata\1358481051.3456.bin
    c:\programdata\1358481051.4028.bin
    c:\programdata\1358481051.416.bin
    c:\programdata\1358483514.bdinstall.bin
    c:\programdata\1358483703.bdinstall.bin
    c:\programdata\1358483746.bdinstall.bin
    c:\programdata\1358483891.bdinstall.bin
    c:\programdata\1364134677.bdinstall.bin
    c:\programdata\1364134678.bdinstall.bin
    c:\programdata\Amazon.ico
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-03 to 2015-01-03 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Rachel\AppData\Local\temp
    2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Amberlie\AppData\Local\temp
    2015-01-03 00:11 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A76D3FC5-4F09-4083-BD07-8F0741274664}\mpengine.dll
    2015-01-02 04:39 . 2015-01-02 04:39 -------- d-----w- c:\users\michael\AppData\Local\CrashDumps
    2015-01-02 04:36 . 2015-01-02 04:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-01-02 03:20 . 2015-01-02 05:00 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-01-02 03:20 . 2015-01-02 03:20 -------- d-----w- c:\programdata\RogueKiller
    2014-12-18 07:09 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-18 07:09 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\programdata\Trend Micro
    2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\program files (x86)\WinPcap
    2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\program files (x86)\Trend Micro
    2014-12-16 17:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\SysWow64\LMRTREND.dll
    2014-12-16 17:52 . 1998-09-02 08:28 155408 ----a-w- c:\windows\SysWow64\LMRT.dll
    2014-12-16 17:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\SysWow64\dxtmsft3.dll
    2014-12-16 17:52 . 1998-08-20 11:02 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax
    2014-12-16 17:51 . 1998-09-02 08:28 63488 ----a-w- c:\windows\SysWow64\unam4ie.exe
    2014-12-16 17:51 . 1998-09-02 08:02 109840 ----a-w- c:\program files (x86)\Windows Media Player\mplayer2.exe
    2014-12-16 17:51 . 1998-08-20 10:38 217984 ----a-w- c:\windows\SysWow64\strmdll.dll
    2014-12-16 17:51 . 1998-09-02 08:02 194320 ----a-w- c:\windows\SysWow64\qcut.dll
    2014-12-16 17:51 . 1998-08-17 09:21 5672 ----a-w- c:\windows\SysWow64\quartz.vxd
    2014-12-16 17:51 . 1998-08-17 09:21 10240 ----a-w- c:\windows\SysWow64\vidx16.dll
    2014-12-16 17:51 . 1998-08-17 09:21 11776 ----a-w- c:\windows\SysWow64\mciqtz.drv
    2014-12-16 17:51 . 2014-12-16 17:51 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
    2014-12-16 17:51 . 2014-12-16 17:51 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
    2014-12-11 13:24 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-12-11 13:24 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-12-10 05:59 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-12-04 03:07 . 2011-09-22 23:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2014-12-04 03:07 . 2011-09-22 23:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-02 04:36 . 2014-08-16 12:32 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-02 04:33 . 2014-08-16 12:32 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-16 20:38 . 2012-10-08 18:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-16 20:38 . 2012-10-08 18:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-11 13:26 . 2012-10-08 16:51 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-11-29 05:24 . 2013-07-21 19:22 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-11-29 05:24 . 2012-10-11 02:52 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-11-29 01:01 . 2013-07-21 19:22 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2014-11-24 20:04 . 2012-10-08 16:52 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-11-22 01:10 . 2013-10-22 03:21 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-21 12:14 . 2014-08-16 12:32 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 12:14 . 2013-01-31 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-19 10:26 . 2014-11-19 10:26 1614504 ----a-w- c:\windows\system32\FM20.DLL
    2014-11-18 01:10 . 2014-11-18 01:10 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-18 01:10 . 2014-05-07 00:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-18 01:10 . 2013-12-22 20:42 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-11-18 01:10 . 2013-10-22 03:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-18 01:10 . 2013-10-22 03:21 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-18 01:10 . 2013-10-22 03:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-18 01:10 . 2013-10-22 03:21 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-11-18 01:10 . 2013-10-22 03:21 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-18 01:10 . 2014-11-18 01:10 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-11 03:08 . 2014-11-19 05:52 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-19 05:52 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-11-19 05:52 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-19 05:52 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-09 05:02 . 2014-11-09 05:02 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2014-11-06 21:02 . 2014-11-11 19:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
    2014-11-06 21:02 . 2014-11-11 19:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2014-11-06 21:02 . 2014-11-11 19:02 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2014-11-04 00:04 . 2014-11-11 19:02 962704 ----a-w- c:\windows\system32\NvIFR64.dll
    2014-11-04 00:04 . 2014-11-11 19:02 934216 ----a-w- c:\windows\system32\NvFBC64.dll
    2014-11-04 00:04 . 2014-11-11 19:02 922256 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2014-11-04 00:04 . 2014-11-11 19:02 898192 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2014-11-04 00:04 . 2014-11-11 19:02 870624 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2014-11-04 00:04 . 2014-11-11 19:02 4289168 ----a-w- c:\windows\system32\nvcuvid.dll
    2014-11-04 00:04 . 2014-11-11 19:02 4009672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2014-11-04 00:04 . 2014-11-11 19:02 352016 ----a-w- c:\windows\system32\nvoglshim64.dll
    2014-11-04 00:04 . 2014-11-11 19:02 31891784 ----a-w- c:\windows\system32\nvoglv64.dll
    2014-11-04 00:04 . 2014-11-11 19:02 303600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
    2014-11-04 00:04 . 2014-11-11 19:02 2849736 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-11-04 00:04 . 2014-11-11 19:02 24555208 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2014-11-04 00:04 . 2014-11-11 19:02 20923712 ----a-w- c:\windows\system32\nvcompiler.dll
    2014-11-04 00:04 . 2014-11-11 19:02 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
    2014-11-04 00:04 . 2014-11-11 19:02 174856 ----a-w- c:\windows\system32\nvinitx.dll
    2014-11-04 00:04 . 2014-11-11 19:02 17259848 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2014-11-04 00:04 . 2014-11-11 19:02 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
    2014-11-04 00:04 . 2014-11-11 19:02 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
    2014-11-04 00:04 . 2014-11-11 19:02 14031448 ----a-w- c:\windows\system32\nvopencl.dll
    2014-11-04 00:04 . 2014-11-11 19:02 13943904 ----a-w- c:\windows\system32\nvcuda.dll
    2014-11-04 00:04 . 2014-11-11 19:02 13207184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2014-11-04 00:04 . 2014-11-11 19:02 11397208 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2014-11-04 00:04 . 2014-11-11 19:02 11335408 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2014-11-04 00:04 . 2014-06-06 02:14 73872 ----a-w- c:\windows\system32\OpenCL.dll
    2014-11-04 00:04 . 2014-06-06 02:14 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-11-04 00:04 . 2014-06-06 02:13 987520 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-11-04 00:04 . 2014-06-06 02:13 20985544 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-11-04 00:04 . 2014-06-06 02:13 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
    2014-11-04 00:04 . 2014-06-06 02:13 18514080 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-11-04 00:04 . 2014-06-06 02:13 3238040 ----a-w- c:\windows\system32\nvapi64.dll
    2014-11-04 00:04 . 2014-06-06 02:13 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-11-03 22:02 . 2014-06-06 02:14 6882448 ----a-w- c:\windows\system32\nvcpl.dll
    2014-11-03 22:02 . 2014-06-06 02:14 3531464 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-11-03 22:02 . 2014-10-24 03:02 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-11-03 22:02 . 2014-06-06 02:14 935232 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-11-03 22:02 . 2014-06-06 02:14 61640 ----a-w- c:\windows\system32\nvshext.dll
    2014-11-03 22:02 . 2014-06-06 02:14 385352 ----a-w- c:\windows\system32\nvmctray.dll
    2014-11-03 11:58 . 2014-06-06 02:14 4099264 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-11-02 23:34 . 2014-11-02 23:34 862 ----a-w- c:\windows\DSXWA.reg
    2014-11-02 23:34 . 2014-11-02 23:34 1926 ----a-w- c:\windows\DSXWA2.reg
    2014-10-25 16:59 . 2014-10-25 16:59 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-25 01:57 . 2014-11-12 14:09 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-12 14:09 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-12 14:09 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-12 14:09 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-16 16:54 . 2014-10-24 03:01 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
    2014-10-16 16:54 . 2014-10-24 03:01 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
    2014-10-14 02:16 . 2014-11-12 14:10 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-12 14:10 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-12 14:09 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-12 14:10 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-12 14:10 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-12 14:10 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-12 14:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-12 14:09 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-12 14:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-12 14:10 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-12 14:10 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-10-10 00:57 . 2014-11-12 14:09 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-07 00:34 . 2012-10-17 05:04 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EADM"="d:\program files (x86)\Origin\Origin.exe" [2014-12-19 3618648]
    "PeerBlock"="d:\program files\PeerBlock\peerblock.exe" [2014-01-15 2513992]
    "Steam"="e:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
    "Spotify Web Helper"="c:\users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-16 1676344]
    "Plex Media Server"="e:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2014-10-15 5105288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UnlockerAssistant"="d:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "VirtualCloneDrive"="e:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2013-07-26 1102872]
    .
    c:\users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
    R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
    R3 GalaxyService;GalaxyService;c:\program files (x86)\GalaxyClient\GalaxyService.exe;c:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTCore64;RTCore64;e:\program files (x86)\EVGA Precision X\RTCore64.sys;e:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE64.EXE;e:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
    S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]
    S2 TeamViewer9;TeamViewer 9;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH8000.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 20:38]
    .
    2015-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 00:02]
    .
    2015-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 00:02]
    .
    2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job
    - c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08 18:29]
    .
    2015-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job
    - c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08 18:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-18 01:10 860984 ----a-w- e:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.facebook.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 198.204.238.254:8085
    LSP: %windir%\system32\vsocklib.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: sbuniv.edu
    Trusted Zone: sbuniv.edu\www
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.0.1 205.171.2.226
    DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
    DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
    FF - ProfilePath - c:\users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
    FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15902
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-ApplicationUpdater - c:\users\michael\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:92,c1,e1,97,b6,e2,6e,04,68,5c,81,c2,43,fc,62,ea,b6,c3,97,df,30,c2,78,
    f8,b3,3d,2c,ee,35,2a,86,af,c7,ec,0f,ad,0e,2f,73,05,a2,cc,fd,51,da,3b,86,e0,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\SecuROM\License information*]
    "datasecu"=hex:76,e2,d0,d1,1f,9e,9c,67,73,3d,03,cf,06,dd,8c,e2,c7,17,fe,ad,5f,
    e7,7a,c4,04,34,99,36,6c,70,7f,60,5f,72,f8,b5,ab,a1,52,f9,f6,b7,03,df,57,f0,\
    "rkeysecu"=hex:f6,ec,88,a8,21,1e,1d,aa,1a,74,92,23,62,c1,80,1d
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-01-02 18:54:28
    ComboFix-quarantined-files.txt 2015-01-03 00:54
    .
    Pre-Run: 38,715,224,064 bytes free
    Post-Run: 39,728,472,064 bytes free
    .
    - - End Of File - - 814B432AF1CCFA232D76B41B043758D4
    5C616939100B85E558DA92B899A0FC36
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  12. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    ADW log, others posted separately:

    # AdwCleaner v4.106 - Report created 02/01/2015 at 19:13:51
    # Updated 21/12/2014 by Xplode
    # Database : 2015-01-01.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : michael - MICHAEL-PC
    # Running from : C:\Users\michael\Desktop\adwcleaner_4.106.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
    Folder Deleted : C:\Users\michael\AppData\Local\Conduit
    Folder Deleted : C:\Users\michael\AppData\Local\eSupport.com
    Folder Deleted : C:\Users\michael\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\michael\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\michael\AppData\Roaming\ARecEngine
    Folder Deleted : C:\Users\michael\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\michael\AppData\Roaming\DSite
    Folder Deleted : C:\Users\michael\AppData\Roaming\WebCake
    File Deleted : C:\Users\michael\AppData\Local\BostonMarketOne.crx
    File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\invalidprefs.js
    File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\user.js
    File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnjcnjlaajofpendibcoodneacalfho
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{16976E15-10EA-44FD-804A-6ECBC9EBBFC7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BD0FCFF-AD64-4315-9F2C-960EF3C21623}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507C73BB-FC69-425E-8A49-9204F886B328}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6EC57031-1740-4151-93C5-C465D6063DD2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9D217B94-6FC9-44FE-94B1-30C711871266}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B48AC2CD-9662-47E0-A3C0-3B01BB3F463E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BE698E51-830B-447A-954D-901D6E05DDE2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BFCF748F-A56E-451F-AA45-0D7EB699E416}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D617CF84-B0BC-441F-9984-B676AFBA1E8D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27F49273-DE3A-4111-90F9-6C474C37AEFB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E4EF697F-434B-4DC7-A464-4412462206DB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F99DDD9A-07D0-47AB-86F1-193533DD2C60}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E44198-D164-4EC0-B2C0-F679D866C6DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9AE65823-3B11-458D-B6CA-89788A6D034E}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : [x64] HKLM\SOFTWARE\Conduit
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17496

    -\\ Mozilla Firefox v33.0.3 (x86 en-US)
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376160446311,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1382490938031,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...]
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "3e9271c9000000000000002215b35daa");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15902");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.516:42:39");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babExt", "");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4945");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.firstrun", "false");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...]
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.no_trace", "false");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1374018320503 - onFlagInfoReceived - Server mapping version: 0.21087\n1374018320503 - onFlagInfoReceived - No client-side server mapping version, don't update\[...]
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.unique_id", "0D0C8550BC8D6E9EE205109719D96B78");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.version", "1.26");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.installId", "6355730f-048b-4cd4-b7a6-fa8c4f5cef39");
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
    [g9aakevy.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "Q6XHJF5KVW34QEAR8EJTOP0MOKVXBDZFGPOQK6+W310UUKOVDZCPPRUKBY349WWL8XE5PDSDVA6XKDK7JOKCBA");
    -\\ Google Chrome v
    [C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3E92002215B35DAA&affID=119351&tsp=4945
    *************************
    AdwCleaner[R0].txt - [11919 octets] - [02/01/2015 19:12:12]
    AdwCleaner[S0].txt - [12118 octets] - [02/01/2015 19:13:51]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12179 octets] ##########
     
  13. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by michael on Fri 01/02/2015 at 19:20:51.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\Users\michael\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\michael\appdata\locallow\ytd"
    ~~~ FireFox
    Emptied folder: C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\g9aakevy.default\minidumps [66 files]
    ~~~ Chrome
    Successfully deleted: [Folder] C:\Users\michael\appdata\local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/02/2015 at 19:26:34.26
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    FRST.txt part 1:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
    Ran by michael (administrator) on MICHAEL-PC on 02-01-2015 19:29:31
    Running from C:\Users\michael\Desktop
    Loaded Profile: michael (Available profiles: michael & Rachel & Amberlie)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    () C:\Windows\System32\PnkBstrA.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (VMware, Inc.) E:\Program Files (x86)\VMware\vmware-authd.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
    (PeerBlock, LLC) D:\Program Files\PeerBlock\peerblock.exe
    (Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
    (Spotify Ltd) C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Plex, Inc.) E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    () D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    (Dropbox, Inc.) C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Elaborate Bytes AG) E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
    (TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (Python Software Foundation) E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Avast Software) E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Plex, Inc.) E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    (Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
    HKLM-x32\...\Run: [UnlockerAssistant] => D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
    HKLM-x32\...\Run: [VirtualCloneDrive] => e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => e:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [EADM] => D:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [PeerBlock] => D:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Spotify Web Helper] => C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Plex Media Server] => E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => e:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    BootExecute: autocheck autochk /k:C *
    GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User: Group Policy restriction detected <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-2018537783-2302853427-1186865814-1001] => 198.204.238.254:8085
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://my.yahoo.com/
    http://www.techspot.com/
    http://arstechnica.com/
    http://www.cracked.com/
    http://www.hard-light.net/forums/index.php?action=unread
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\java\bin\jp2ssv.dll No File
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    DPF: HKLM-x32 {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www21.adrive.com/filemanager/landing
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
    DPF: HKLM-x32 {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.weightwatchers.com/Scripts/ImageUploader6.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    FireFox:
    ========
    FF ProfilePath: C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default
    FF Homepage: https://www.facebook.com/?ref=tn_tnmn
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: @tools.google.com/Google Update;version=3 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: @tools.google.com/Google Update;version=9 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - e:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - e:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-21]
    FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-09]
    FF HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Firefox\Extensions: [{F7EC2BAD-F77B-4020-B3C6-58B97D0859E5}] - C:\Program Files (x86)\Super_Lyrics\122.xpi
    FF StartMenuInternet: FIREFOX.EXE - e:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
    CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
    CHR Extension: (Google Cast) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-20]
    CHR Extension: (Google Wallet) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
    CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Docs) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-20]
    CHR Extension: (Google Drive) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-20]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
    CHR Extension: (YouTube) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-20]
    CHR Extension: (uTorrentControl_v6) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-12-20]
    CHR Extension: (Google Search) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-20]
    CHR Extension: (Avast Online Security) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-20]
    CHR Extension: (Google Wallet) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
    CHR Extension: (Gmail) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-20]
    CHR HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - e:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 !SASCORE; e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; e:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
    R3 AvastVBoxSvc; e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
    S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
    R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
    R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
    S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-08] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-27] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-09] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
    S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
    R2 TeamViewer9; e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
    R2 VMAuthdService; E:\Program Files (x86)\VMware\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
     
  15. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    FRST.txt pt 2 of 2:
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
    S3 CrystalSysInfo; E:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [135384 2015-01-01] (Malwarebytes Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    R3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
    S3 RTCore64; E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
    R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
    R1 SASDIFSV; e:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; e:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-01] ()
    R2 VBoxAswDrv; e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
    R3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
    S3 WinRing0_1_2_0; D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-02 19:29 - 2015-01-02 19:29 - 00028997 _____ () C:\Users\michael\Desktop\FRST.txt
    2015-01-02 19:29 - 2015-01-02 19:29 - 00000000 ___DC () C:\FRST
    2015-01-02 19:28 - 2015-01-02 19:28 - 02123264 _____ (Farbar) C:\Users\michael\Desktop\FRST64.exe
    2015-01-02 19:26 - 2015-01-02 19:26 - 00001071 _____ () C:\Users\michael\Desktop\JRT.txt
    2015-01-02 19:18 - 2015-01-02 19:18 - 01707939 _____ (Thisisu) C:\Users\michael\Desktop\JRT.exe
    2015-01-02 19:11 - 2015-01-02 19:13 - 00000000 ___DC () C:\AdwCleaner
    2015-01-02 19:11 - 2015-01-02 19:11 - 02173952 _____ () C:\Users\michael\Desktop\adwcleaner_4.106.exe
    2015-01-02 18:54 - 2015-01-02 18:54 - 00037865 ____C () C:\ComboFix.txt
    2015-01-02 18:42 - 2015-01-02 18:54 - 00000000 ___DC () C:\Qoobox
    2015-01-02 18:42 - 2015-01-02 18:52 - 00000000 ____D () C:\Windows\erdnt
    2015-01-02 18:42 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-01-02 18:42 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-01-02 18:42 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-01-02 18:42 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-01-02 18:42 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-01-02 18:42 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-01-02 18:42 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-01-02 18:42 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-01-02 18:31 - 2015-01-02 18:31 - 05605575 ____R (Swearware) C:\Users\michael\Desktop\ComboFix.exe
    2015-01-01 23:14 - 2015-01-01 23:14 - 00012776 _____ () C:\Users\michael\Desktop\ESETPoweliksCleaner.exe_20150101.231422.8180.log
    2015-01-01 23:13 - 2015-01-01 23:13 - 00186568 _____ (ESET) C:\Users\michael\Desktop\ESETPoweliksCleaner.exe
    2015-01-01 22:39 - 2015-01-01 22:39 - 00000000 ____D () C:\Users\michael\AppData\Local\CrashDumps
    2015-01-01 22:36 - 2015-01-01 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-01-01 22:33 - 2015-01-01 22:47 - 00000000 ____D () C:\Users\michael\Desktop\mbar
    2015-01-01 21:57 - 2015-01-01 21:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\michael\Desktop\mbar-1.08.2.1001.exe
    2015-01-01 21:20 - 2015-01-01 23:00 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-01 21:20 - 2015-01-01 21:20 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-01-01 21:19 - 2015-01-01 21:19 - 15298136 _____ () C:\Users\michael\Desktop\RogueKiller.exe
    2015-01-01 14:20 - 2015-01-01 14:20 - 00001022 _____ () C:\Users\michael\Desktop\space.exe - Shortcut.lnk
    2014-12-29 14:01 - 2014-12-29 14:01 - 439415339 _____ () C:\Windows\MEMORY.DMP
    2014-12-29 14:01 - 2014-12-29 14:01 - 00292320 _____ () C:\Windows\Minidump\122914-19000-01.dmp
    2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F}
    2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5}
    2014-12-28 14:41 - 2014-12-28 14:41 - 00001854 _____ () C:\Windows\SysWOW64\gunmetal.log
    2014-12-21 09:20 - 2014-11-17 00:47 - 179457476 _____ () C:\Users\michael\Desktop\Hayley wedding 325.mov
    2014-12-21 09:14 - 2014-11-17 00:47 - 336532436 _____ () C:\Users\michael\Desktop\Hayley wedding 324.mov
    2014-12-21 09:11 - 2014-11-17 00:46 - 363157812 _____ () C:\Users\michael\Desktop\Hayley wedding 323.mov
    2014-12-18 20:21 - 2015-01-02 19:15 - 00001424 _____ () C:\Windows\setupact.log
    2014-12-18 20:21 - 2014-12-18 20:21 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-18 01:09 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-18 01:09 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Trend Micro
    2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
    2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\Program Files (x86)\WinPcap
    2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-12-16 11:56 - 2014-12-16 11:56 - 00003276 _____ () C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267}
    2014-12-16 11:52 - 1998-09-02 02:28 - 00155408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LMRT.dll
    2014-12-16 11:52 - 1998-09-02 02:28 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LMRTREND.dll
    2014-12-16 11:52 - 1998-08-26 22:51 - 00182032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft3.dll
    2014-12-16 11:52 - 1998-08-20 05:02 - 00140800 _____ (The Duck Corporation) C:\Windows\SysWOW64\tm20dec.ax
    2014-12-16 11:51 - 2014-12-16 11:51 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w95inf32.dll
    2014-12-16 11:51 - 2014-12-16 11:51 - 00002272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w95inf16.dll
    2014-12-16 11:51 - 1998-09-02 02:28 - 01088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\danim.dll
    2014-12-16 11:51 - 1998-09-02 02:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unam4ie.exe
    2014-12-16 11:51 - 1998-09-02 02:02 - 00194320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcut.dll
    2014-12-16 11:51 - 1998-08-20 04:38 - 00217984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\strmdll.dll
    2014-12-16 11:51 - 1998-08-17 03:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz.drv
    2014-12-16 11:51 - 1998-08-17 03:21 - 00010240 _____ () C:\Windows\SysWOW64\vidx16.dll
    2014-12-16 11:51 - 1998-08-17 03:21 - 00005672 _____ () C:\Windows\SysWOW64\quartz.vxd
    2014-12-16 11:20 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\michael\Desktop\MCSD card
    2014-12-11 07:24 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-11 07:24 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-10 00:00 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-10 00:00 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-10 00:00 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 00:00 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 00:00 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-10 00:00 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 00:00 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-10 00:00 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 00:00 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-10 00:00 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-10 00:00 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 00:00 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-10 00:00 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 00:00 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-10 00:00 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 00:00 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-10 00:00 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-10 00:00 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 00:00 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 00:00 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 00:00 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-10 00:00 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-10 00:00 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 00:00 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 00:00 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-10 00:00 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-10 00:00 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 00:00 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-10 00:00 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 00:00 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 00:00 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-10 00:00 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 00:00 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-10 00:00 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 00:00 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-10 00:00 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-10 00:00 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 00:00 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 00:00 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 00:00 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-10 00:00 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-10 00:00 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 00:00 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 00:00 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 00:00 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 00:00 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 00:00 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 00:00 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-10 00:00 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 00:00 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 00:00 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-10 00:00 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 00:00 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 00:00 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-10 00:00 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 00:00 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 00:00 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-09 23:59 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-09 23:59 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-09 23:59 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-09 23:59 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-09 23:59 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-09 23:59 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-09 23:59 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-09 23:59 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-09 23:59 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-09 23:59 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-09 23:59 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-09 23:59 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-09 23:59 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-09 23:59 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-07 14:39 - 2014-12-07 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition
    2014-12-06 07:37 - 2014-12-06 09:42 - 00000142 _____ () C:\Users\michael\Desktop\GoNoodle.url
    2014-12-06 07:18 - 2014-12-06 07:38 - 00000109 _____ () C:\Users\michael\Desktop\Starfall.url
    2014-12-03 21:07 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SQSRVRES.DLL
    2014-12-03 21:07 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-02 19:22 - 2009-07-13 22:45 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-02 19:22 - 2009-07-13 22:45 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-02 19:20 - 2012-10-08 10:28 - 01498807 _____ () C:\Windows\WindowsUpdate.log
    2015-01-02 19:16 - 2014-07-09 05:59 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001
    2015-01-02 19:16 - 2014-07-09 05:59 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001
    2015-01-02 19:16 - 2012-11-02 05:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-02 19:16 - 2012-10-08 12:35 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Dropbox
    2015-01-02 19:15 - 2014-10-13 04:18 - 00019140 _____ () C:\Windows\PFRO.log
    2015-01-02 19:15 - 2014-09-23 20:04 - 00000000 ____D () C:\ProgramData\VMware
    2015-01-02 19:15 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-02 19:12 - 2012-11-02 05:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-02 19:12 - 2012-10-08 12:29 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job
    2015-01-02 18:59 - 2012-10-08 14:53 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-02 18:51 - 2009-07-13 20:34 - 00000215 ____C () C:\Windows\system.ini
    2015-01-02 18:34 - 2013-02-02 00:27 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CC4B44F-D605-401D-98D1-E4A8D1BE9172}
    2015-01-02 18:31 - 2013-01-17 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-02 15:46 - 2012-11-23 20:49 - 00000000 ____D () C:\Users\michael\AppData\Roaming\vlc
    2015-01-01 22:55 - 2014-01-25 14:10 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-01-01 22:36 - 2014-08-16 06:32 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-01 22:33 - 2014-08-16 06:32 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-01 21:12 - 2012-10-08 12:29 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job
    2015-01-01 14:47 - 2012-10-13 14:28 - 00000000 ____D () C:\Windows\SysWOW64\directx
    2015-01-01 10:57 - 2014-10-12 22:16 - 00103232 _____ () C:\Windows\DirectX.log
    2015-01-01 10:57 - 2012-11-06 17:48 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-01 10:02 - 2014-08-16 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-01 09:29 - 2013-05-25 21:38 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-01 07:38 - 2013-04-22 07:09 - 00000000 ____D () C:\Users\michael\Desktop\1 - My stuff
    2014-12-30 22:16 - 2013-08-21 15:01 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001
    2014-12-30 22:16 - 2013-08-21 15:01 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001
    2014-12-29 14:01 - 2012-10-30 05:47 - 00000000 ____D () C:\Windows\Minidump
    2014-12-28 22:34 - 2014-09-04 13:59 - 00003644 _____ () C:\Users\michael\fsoinstaller.properties
    2014-12-28 22:34 - 2014-01-19 23:09 - 00000000 _____ () C:\Users\michael\.JarClassLoader
    2014-12-27 20:11 - 2013-11-12 16:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-12-23 17:47 - 2014-10-14 04:18 - 00000000 ____D () C:\Users\michael\Desktop\Recipes
    2014-12-22 13:08 - 2012-10-08 12:34 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Spotify
    2014-12-22 13:02 - 2012-10-11 20:57 - 00000000 ____D () C:\Users\michael\AppData\Local\Spotify
    2014-12-22 09:30 - 2014-05-22 18:29 - 00000019 _____ () C:\Windows\popcinfo.dat
    2014-12-22 09:25 - 2014-08-02 07:46 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F2E8E647-5B6B-421A-9E0B-3D9CA84EEFDB}
    2014-12-22 09:01 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-12-21 09:21 - 2009-04-05 20:53 - 11710976 ___SH () C:\Users\michael\Desktop\Thumbs.db
    2014-12-18 21:15 - 2012-10-08 12:35 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-18 20:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-16 16:18 - 2012-10-12 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
    2014-12-16 16:18 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-16 16:11 - 2012-10-08 13:27 - 00111136 _____ () C:\Users\michael\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-16 14:39 - 2014-08-26 10:58 - 00000000 ____D () C:\Users\michael\AppData\Local\Adobe
    2014-12-16 14:38 - 2013-01-17 21:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-16 14:38 - 2012-10-08 12:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-16 14:38 - 2012-10-08 12:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-16 14:34 - 2009-07-13 22:45 - 00412104 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-16 11:54 - 2014-09-05 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
    2014-12-16 11:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
    2014-12-16 11:13 - 2014-02-05 20:47 - 00000000 ____D () C:\Users\michael\AppData\Roaming\TeamViewer
    2014-12-15 22:50 - 2012-10-08 12:33 - 00000000 ____D () C:\Users\michael\AppData\Roaming\uTorrent
    2014-12-12 21:23 - 2014-10-13 09:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 10:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-11 07:26 - 2013-07-09 22:54 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-11 07:26 - 2012-10-08 10:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-11 07:25 - 2012-10-11 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-07 15:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-07 13:40 - 2012-11-02 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2014-12-06 07:35 - 2013-08-08 09:11 - 00000000 ____D () C:\Users\michael\Desktop\Ammi new sites
    2014-12-06 00:18 - 2014-12-02 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2014-12-03 21:08 - 2014-12-02 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ 2008 Express Edition
    2014-12-03 21:07 - 2014-12-02 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
    2014-12-03 21:07 - 2013-09-20 18:01 - 00007724 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    Files to move or delete:
    ====================
    C:\Users\Public\FixDwndp.exe

    Some content of TEMP:
    ====================
    C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
    C:\Users\michael\AppData\Local\Temp\Quarantine.exe
    C:\Users\michael\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-02 00:45
    ==================== End Of Log ============================
     
  16. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Addition.txt part 1:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
    Ran by michael at 2015-01-02 19:30:08
    Running from C:\Users\michael\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    µTorrent (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
    Aliens vs Predator Classic 2000 (HKLM-x32\...\1207665883_is1) (Version: 2.0.0.24 - GOG.com)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
    Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AquaNox (HKLM-x32\...\Steam App 39630) (Version: - Nordic Games)
    Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    AxCrypt 1.7.2931.0 (HKLM\...\{E191812E-F3A0-4F87-98D9-DCD03321278D}) (Version: 1.7.2931.0 - Axantum Software AB)
    Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
    Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
    Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
    Battlezone version 1.5.2.25 (HKLM-x32\...\{B3B61934-313A-44A2-B589-700FDAA6C758}_is1) (Version: 1.5.2.25 - www.battlezone1.com)
    Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{1CDC8E7D-CDFC-4C2B-A080-23D943354625}) (Version: 1.1.0.0 - Electronic Arts)
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    ChromecastApp (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
    Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
    Command & Conquer™ 3: Kane's Wrath (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Electronic Arts Inc.)
    Conquest Frontier Wars (HKLM-x32\...\GOGPACKCONQUESTFRONTIERWARS_is1) (Version: 2.0.0.6 - GOG.com)
    Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
    CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Darksaber's Ultimate Craft Pack (HKLM-x32\...\Darksaber's Ultimate Craft Pack) (Version: v2.1 - Darksaber's X-Wing Station)
    Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
    Descent 3 with Mercenary Expansion (HKLM-x32\...\GOGPACKDESCENT3_is1) (Version: 2.0.0.16 - GOG.com)
    Diaspora version 1.1.1 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.1.1 - Diaspora Development)
    Disk Space Fan 4 Free 4.5.1.129 (HKLM-x32\...\Disk Space Fan 4 Free_is1) (Version: - Disk Space Fan Team)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
    Dogfight 1942 (HKLM-x32\...\Steam App 217790) (Version: - City Interactive)
    Dropbox (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
    Elementary and Middle School - Multiplication (HKLM-x32\...\{2A7EC44B-EDC2-4A05-8BD8-898C90E801FA}) (Version: 7.0.0 - A+ Interactive MATH, an A+ TutorSoft Inc. company)
    erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    Eternal Silence (HKLM-x32\...\Steam App 17550) (Version: - ES Team)
    EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
    Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
    Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
    FormatFactory 3.3.4.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)
    Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
    FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version: - )
    Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
    GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    Google Chrome (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Gun Metal (HKLM-x32\...\Steam App 267920) (Version: - Rage Software)
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    HD Youtube Downloader Free (HKLM-x32\...\HD Youtube Downloader Free_is1) (Version: - HD Youtube Downloader Free)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Incoming and Incoming Forces (HKLM-x32\...\GOGPACKINCOMINGPACK_is1) (Version: 2.0.0.14 - GOG.com)
    Independence War Deluxe (HKLM-x32\...\GOGPACKIWAR_is1) (Version: 2.0.0.15 - GOG.com)
    Insaniquarium Deluxe 1.0 (HKLM-x32\...\Insaniquarium Deluxe 1.0) (Version: - )
    Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    K-Lite Codec Pack 10.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
    Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
    Mace Griffin Bounty Hunter (HKLM-x32\...\{BE87D165-3A5A-4CDC-9571-FD8EE66EB48B}) (Version: 1.00.000 - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MediaCoder x64 0.8.17 (HKLM\...\MediaCoder x64) (Version: 0.8.17 - Broad Intelligence)
    MediaHuman Audio Converter version 1.8.9 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.8.9 - MediaHuman)
    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Crimson Skies (HKLM-x32\...\Crimson Skies 1.0) (Version: - )
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft StarLancer (HKLM-x32\...\StarLancer 1.0) (Version: - )
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
    Moodagent (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\d816b567ade41a28) (Version: 1.0.0.18 - Moodagent)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
    PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
    PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
    Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
    Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
    RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recuva (remove only) (HKLM\...\Recuva) (Version: - Piriform)
    Red Baron Pack (HKLM-x32\...\GOGPACKREDBARON12_is1) (Version: 2.0.0.24 - GOG.com)
    Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
    Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    Shattered Steel (HKLM-x32\...\GOGPACKSHATTEREDSTEEL_is1) (Version: 2.0.0.6 - GOG.com)
    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
    Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
    Spotify (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
    Star Wars X-Wing Alliance (HKLM-x32\...\{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}) (Version: 1.0.0.0 - LucasArts, Totally Games)
    Stargunner (HKLM-x32\...\GOGPACKSTARGUNNER_is1) (Version: 2.0.0.4 - GOG.com)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - Gas Powered Games)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
    Tachyon: The Fringe (HKLM-x32\...\Steam App 32760) (Version: - NovaLogic)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    TGA Viewer (HKLM-x32\...\{4FA2DAFD-2D72-4ACF-BDD8-4178E8AFD459}_is1) (Version: - IdeaMK)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
    TN3270 Plus 3.1 (HKLM-x32\...\{A328ED44-1CFC-41E7-A893-5DBE578F421D}) (Version: 3.1.0 - SDI USA Inc.)
    Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
    Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
    TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
    Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
    Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
    Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
    Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version: - )
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
    VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
    Wheelman (HKLM-x32\...\{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}) (Version: 1.00.0000 - Ubisoft Entertainment)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wing Commander IV (HKLM-x32\...\Wing Commander IV_is1) (Version: - GOG.com)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version: - Egosoft)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
     
  17. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Addition.txt pt 2 of 2:

    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    ==================== Restore Points =========================
    31-12-2014 23:42:39 Windows Update
    01-01-2015 10:56:26 Installed DirectX
    01-01-2015 22:10:26 malware check
    01-01-2015 22:47:01 Malwarebytes Anti-Rootkit Restore Point
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 20:34 - 2015-01-02 18:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {175757F6-B00B-4A53-9E08-F45EB230511A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {21D1DE3E-9035-4A8D-AE10-1747E23E7F90} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
    Task: {2850526E-2C21-4EF5-840A-95D7FDC03A23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
    Task: {496DA467-8454-4065-899F-010F2AE0A228} - System32\Tasks\{9417DBD9-C530-41D8-A04B-E177DAA73B8E} => pcalua.exe -a H:\Software\ExpressGate\AsusSetup.exe -d H:\Software\ExpressGate
    Task: {610A5DFD-AC33-458A-B427-720F669B7FBC} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {61DFB090-B054-4D95-B78E-2395C17E2A2A} - System32\Tasks\Game_Booster_AutoUpdate => D:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-13] ()
    Task: {697F1AB9-2BC3-4C71-9632-48FB228B0CA5} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
    Task: {823197A9-0AE9-48E0-BD0C-B5BAFDC306CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
    Task: {83F9BA74-7C97-483D-A8D7-6B70F8BFA3C5} - System32\Tasks\{61EFB761-BB89-41F3-8FE9-F46821E51F0D} => pcalua.exe -a H:\setup.exe -d H:\
    Task: {968D515A-0E61-4DF9-9560-0F8A705CF31C} - System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F} => E:\Program Files (x86)\Steam\SteamApps\common\Gun Metal\Gunmetal.exe [2014-12-20] ()
    Task: {986894BB-7ABF-451D-A902-1802197EDC7F} - System32\Tasks\{828D8AA4-C54B-420C-83F0-847FEE7CF1AB} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W04QYR3U\MassEffect_EFIGS_1.02.exe" -d C:\Users\michael\Desktop
    Task: {99B17A6A-CAD9-464E-B088-F23B4634A296} - System32\Tasks\{6FA36FC4-64D3-4606-8EF3-B27B30A98CB0} => pcalua.exe -a H:\setup.exe -d H:\
    Task: {A2ED0762-CE13-4488-A7FE-1DC0BB5C4078} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
    Task: {A9033BE5-2015-493D-A5B8-A1AA01C45CAD} - System32\Tasks\{B6462DFB-9E7D-47BF-8101-3DDA77BDB5DC} => pcalua.exe -a E:\Downloads\MassEffect_BDtS_ES_a.exe -d C:\Users\michael\Desktop
    Task: {A947D452-FBB0-4EF4-8A5E-2B2D3A461EAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16] (Adobe Systems Incorporated)
    Task: {ABD5DED0-6E09-4A7F-808D-0BD9CD2E2151} - System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QNTCJ5S\crmsk102.exe" -d C:\Users\michael\Desktop
    Task: {B1BE827B-F39A-4AB3-B39A-AD7B479FDAAA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2018537783-2302853427-1186865814-1001
    Task: {BFADD163-2762-4C8A-AB54-E7ACD707E38A} - System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5} => E:\Program Files (x86)\Steam\SteamApps\common\Gun Metal\Gunmetal.exe [2014-12-20] ()
    Task: {CB14476F-D945-43E6-9A66-2B505AD7A868} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
    Task: {CD5B6A1B-10DF-4BF5-905B-82BABF785503} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
    Task: {D55411C1-C7CD-43A1-BF6E-9D5C523D0D78} - System32\Tasks\avast! Emergency Update => e:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
    Task: {DED76AD7-F1A2-43E4-9F3B-3F59B130F0A8} - System32\Tasks\{123A2AC0-8A56-47F5-86CD-F70B09D475F1} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B6R3C5X\unlocker setup.exe" -d C:\Users\michael\Desktop
    Task: {E6D67E61-F4D0-4047-ADF7-5FB5C86E2431} - System32\Tasks\{AE6F854D-96EA-4130-91E3-2C7B3A722E20} => pcalua.exe -a H:\Software\setupstb.exe -d H:\Software
    Task: {E8BA8C09-6B50-41AF-B5CE-6A26EF59739E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
    Task: {EBD763E7-A56F-45FE-A71E-05C5F84E0969} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
    Task: {EFEDEDF0-C8B4-4CE7-9317-874139AB6255} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => e:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
    Task: {F9E3F677-D987-4A14-A484-ED9AE6F772DE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-01-25] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2014-06-05 20:14 - 2014-11-03 16:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-11-08 23:02 - 2014-11-08 23:02 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
    2014-06-10 16:50 - 2014-06-10 16:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-06-10 21:03 - 2014-06-10 21:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2014-09-16 15:02 - 2014-09-16 15:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2014-09-16 15:02 - 2014-09-16 15:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2014-09-16 15:02 - 2014-09-16 15:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2014-09-16 15:02 - 2014-09-16 15:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2010-07-04 13:51 - 2010-07-04 13:51 - 00017408 _____ () D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    2014-11-17 19:10 - 2014-11-17 19:10 - 00388208 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-17 19:10 - 2014-11-17 19:10 - 05851328 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-06-10 21:34 - 2014-06-10 21:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2015-01-02 16:05 - 2015-01-02 16:05 - 02909696 _____ () e:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
    2014-11-17 19:10 - 2014-11-17 19:10 - 04495336 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-09 05:56 - 2014-07-09 05:56 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2014-12-16 14:32 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll
    2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () E:\Program Files (x86)\VMware\libxml2.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll
    2010-07-04 15:32 - 2010-07-04 15:32 - 00004608 _____ () D:\Program Files (x86)\Unlocker\UnlockerHook.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2013-12-18 06:29 - 2014-12-18 21:13 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll
    2014-08-28 19:13 - 2014-11-11 12:48 - 01171456 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-28 19:13 - 2014-11-11 12:48 - 00442368 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-28 19:13 - 2014-11-11 12:48 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
    2014-02-15 13:03 - 2014-11-11 12:47 - 00774656 _____ () E:\Program Files (x86)\Steam\SDL2.dll
    2014-05-21 21:30 - 2014-11-18 14:23 - 02227904 _____ () E:\Program Files (x86)\Steam\video.dll
    2014-08-28 19:13 - 2014-11-11 12:48 - 00403968 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-28 19:13 - 2014-11-11 12:48 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
    2014-02-15 13:03 - 2014-11-18 14:23 - 00690880 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-10-15 02:51 - 2014-10-15 02:51 - 00072840 _____ () E:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00196232 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00838792 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00049800 _____ () E:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00086664 _____ () E:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 02092680 _____ () E:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 01883784 _____ () E:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00502920 _____ () E:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-02 19:16 - 2015-01-02 19:16 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-11-17 19:10 - 2014-11-17 19:10 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00044680 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00027784 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00018568 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00034952 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00836232 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00062600 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00166024 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-10-15 02:51 - 2014-10-15 02:51 - 00192136 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00016520 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00054920 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00017032 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00043656 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00081544 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00111240 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-10-15 02:51 - 2014-10-15 02:51 - 00689800 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2014-02-15 13:03 - 2014-11-11 12:48 - 34589888 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "E:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: Google Update => "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-2018537783-2302853427-1186865814-500 - Administrator - Enabled)
    Amberlie (S-1-5-21-2018537783-2302853427-1186865814-1057 - Limited - Enabled) => C:\Users\Amberlie
    Guest (S-1-5-21-2018537783-2302853427-1186865814-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2018537783-2302853427-1186865814-1002 - Limited - Enabled)
    michael (S-1-5-21-2018537783-2302853427-1186865814-1001 - Administrator - Enabled) => C:\Users\michael
    Rachel (S-1-5-21-2018537783-2302853427-1186865814-1056 - Limited - Enabled) => C:\Users\Rachel
    ==================== Faulty Device Manager Devices =============
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    Name: SBRE
    Description: SBRE
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SBRE
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-02 18:51:21.509
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-02 18:51:21.477
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2013-03-24 09:17:50.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2013-03-24 08:32:50.989
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2013-03-24 08:32:50.929
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2013-03-24 08:32:50.869
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2013-03-24 08:32:50.809
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2013-03-24 06:57:05.491
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2013-03-24 05:56:45.639
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
    Date: 2013-03-24 05:43:07.266
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
    Percentage of memory in use: 52%
    Total physical RAM: 4095.05 MB
    Available physical RAM: 1942.92 MB
    Total Pagefile: 8188.29 MB
    Available Pagefile: 5876.07 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
    ==================== Drives ================================
    Drive c: (Win7) (Fixed) (Total:119.14 GB) (Free:36.7 GB) NTFS
    Drive d: (Programs) (Fixed) (Total:69.25 GB) (Free:28.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: () (Fixed) (Total:522.93 GB) (Free:70.75 GB) NTFS
    Drive g: (WinXP) (Fixed) (Total:24.41 GB) (Free:2.38 GB) NTFS
    Drive I: (Windows 10 preview) (Fixed) (Total:48.83 GB) (Free:48.67 GB) NTFS
    Drive n: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive z: () (Network) (Total:931.51 GB) (Free:189.85 GB)
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: ACD4630D)
    Partition 1: (Not Active) - (Size=522.9 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=24.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 69.2 GB) (Disk ID: A52EA52E)
    Partition 1: (Active) - (Size=69.2 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 65C3BC3B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2015
    Ran by michael at 2015-01-02 19:58:19 Run:1
    Running from C:\Users\michael\Desktop
    Loaded Profile: michael (Available profiles: michael & Rachel & Amberlie)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
    GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User: Group Policy restriction detected <======= ATTENTION
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-2018537783-2302853427-1186865814-1001] => 198.204.238.254:8085
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\java\bin\jp2ssv.dll No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
    FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
    CHR HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F}
    2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5}
    2014-12-16 11:56 - 2014-12-16 11:56 - 00003276 _____ () C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267}
    C:\Users\Public\FixDwndp.exe
    C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
    C:\Users\michael\AppData\Local\Temp\Quarantine.exe
    C:\Users\michael\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    *****************
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.140.0" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
    "HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
    C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
    "HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
    catchme => Service deleted successfully.
    lmimirr => Service deleted successfully.
    MREMP50a64 => Service deleted successfully.
    MREMPR5 => Service deleted successfully.
    MRENDIS5 => Service deleted successfully.
    MRESP50a64 => Service deleted successfully.
    SBRE => Service deleted successfully.
    C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F} => Moved successfully.
    C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5} => Moved successfully.
    C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267} => Moved successfully.
    C:\Users\Public\FixDwndp.exe => Moved successfully.
    C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll => Moved successfully.
    C:\Users\michael\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\michael\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

    The system needed a reboot.
    ==== End of Fixlog 19:58:20 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  21. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Results of screen317's Security Check version 0.99.93
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Flash Player 15.0.0.246 Flash Player out of Date!
    Adobe Reader XI
    Mozilla Firefox 33.0.3 Firefox out of Date!
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    Google Chrome (plugins...)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast ng ngservice.exe
    AVAST Software Avast avastui.exe
    Trend Micro RUBotted RUBotSrv.exe
    Trend Micro RUBotted RUBottedGUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 21-07-2014
    Ran by michael (administrator) on 02-01-2015 at 21:17:11
    Running from "C:\Users\michael\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****
     
  22. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Sophos said PC is clean; nothing to report! Thank you so much for your help!!
     
    Last edited: Jan 2, 2015
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Update Firefox to the current 34.0 version.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ======================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  24. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +43

    Thank you again! Avast hasn't shown any more hits since Roguekiller took out Poweliks yesterday, and I have not had any more issues with IE settings being changed.

    And once Flash Player was updated, I stopped getting the HTTP blocks on PeerBlock, so I guess something was exploiting that.

    I'm still curious as to how I contracted this, as I try to practice safe browsing, but I suppose I will not ever know for certain. The most recent thing I remember doing before noting the oddities was download a couple of Steam games, but my kids also use this PC while I am work so no telling what the clicked on. I suppose I should enable UAC even though it drives me insane 99% of the time since I am doing something intentionally.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Kids are usually main suspects :)
    I suggest creating different (limited) user accounts for them.

    Good luck and stay safe :)
     
    mrtraver likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...