Solved Mbam log posting more than 1,000 infected files please assist me!

BillAllen55

BillAllen55

Posts: 363   +0
Can someone take a look at this mbam and advise? This log shows more than 6000 virus infections listed. Help greatly appreciated.
 

Attachments

  • 1.5 of mbam file.txt
    32.3 KB · Views: 2
I only see 81 items so I'm not sure about 6000.

Then you've been to this forum before so you should know exactly what to do...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I'm sending a zipped folder such that you are able to see the mbam results. The DDS scan is part of this folder.
 

Attachments

  • TechSpot logs.zip
    72.4 KB · Views: 0
I'm sending you a snipet of the results of my mbam scan. Is there another way to go about removing the listed files short of clicking more than 6000 times to remove each file?
upload_2014-3-9_8-46-49.png
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2011 6:36:07 AM
System Uptime: 3/9/2014 8:17:36 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0FT292
Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 30.399 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Sftfs
Device ID: ROOT\LEGACY_SFTFS\0000
Manufacturer:
Name: Sftfs
PNP Device ID: ROOT\LEGACY_SFTFS\0000
Service: Sftfs
.
==== System Restore Points ===================
.
RP964: 3/8/2014 11:22:13 AM - Installed MozyHome
RP965: 3/8/2014 11:31:09 AM - Removed MozyHome
RP966: 3/8/2014 4:59:06 PM - 03-08-2014
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics DiskDefrag
avast! Free Antivirus
Bonjour
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
Broadcom NetXtreme-I Netlink Driver and Management Installer
Broadcom TPM Driver Installer
CCleaner
Compatibility Pack for the 2007 Office system
Dell System Detect
Digital Line Detect
FileHippo.com Update Checker
Google Apps
Google Chrome
Google Drive
Google Update Helper
Google+ Auto Backup
HiJackThis
iCloud
IHA_MessageCenter
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
IObit Uninstaller
iTunes
Kits Configuration Installer
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft DirectX SDK (June 2010)
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper MergeModules
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NetBeans IDE 7.3.1
NVIDIA Drivers
Online Games Manager v1.21
OZ776 SCR Driver V1.1.4.202
Picasa 3
Picasa Uploader
QuickSet
QuickTime 7
Rich Media Player
Royal Jigsaw
Safari
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SigmaTel Audio
SlimCleaner
SlimComputer
SlimDrivers
Smart Defrag 3
SUPERAntiSpyware
Surfing Protection
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Profile Pack
Vz In-Home Agent
Windows Driver Kit
Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
Windows Installer Clean Up
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 8:22:16 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
3/9/2014 8:22:16 AM, Error: Service Control Manager [7001] - The Application Virtualization Client service depends on the Sftfs service which failed to start because of the following error: A device attached to the system is not functioning.
3/9/2014 8:22:16 AM, Error: Service Control Manager [7000] - The Sftfs service failed to start due to the following error: A device attached to the system is not functioning.
3/9/2014 8:20:28 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
3/9/2014 8:20:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Internal Network Card Power Management service to connect.
3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
3/9/2014 8:17:41 AM, Error: volmgr [46] - Crash dump initialization failed!
3/8/2014 7:39:59 PM, Error: Service Control Manager [7034] - The Dell Internal Network Card Power Management service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 5:31:36 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/8/2014 5:24:23 PM, Error: Service Control Manager [7034] - The pcregservice Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 5:24:23 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 4:54:47 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2 O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
3/8/2014 4:18:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
3/8/2014 4:18:16 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2014 4:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
3/8/2014 4:17:43 PM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2014 8:27:41 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by Owner at 8:23:42 on 2014-03-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.406 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: NoScrSavPage = dword:0
uPolicies-System: NoDispApprearancePage = dword:0
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 216.228.160.4 216.228.160.3
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A} : DHCPNameServer = 198.224.166.135 198.224.167.135
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DHCPNameServer = 216.228.160.4 216.228.160.3
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DHCPNameServer = 172.16.44.186 172.16.44.185
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DHCPNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\m68v3rw9.default-1391359149158\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1209149.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_154.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 180248]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-10 410784]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-9 37664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
R2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-2-1 18224]
R2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [2014-2-1 18224]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 64168]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-9-4 384824]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
.
=============== Created Last 30 ================
.
2014-03-09 15:21:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-09 01:38:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-09 01:23:29 -------- d-----w- C:\ComboFix
2014-03-09 01:00:00 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 00:15:48 -------- d-----w- c:\users\owner\appdata\local\temp
2014-03-05 11:38:58 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-01 18:42:20 -------- d-----w- c:\program files\Online Games Manager
2014-03-01 18:41:55 -------- d-----w- c:\programdata\Trymedia
2014-03-01 18:41:24 -------- d-----w- C:\GameHouse Games
2014-03-01 18:19:20 -------- d-----w- c:\program files\Jigsaw Mania demo
2014-03-01 17:59:10 -------- d-----w- c:\program files\iPod
2014-03-01 17:59:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 17:59:08 -------- d-----w- c:\program files\iTunes
2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-02-16 21:29:17 -------- d-----w- c:\users\owner\appdata\local\Downloaded Installations
2014-02-15 18:33:32 -------- d-----w- c:\program files\GUMFD33.tmp
2014-02-15 16:56:19 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-15 16:54:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-15 16:54:13 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-15 16:53:36 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-15 16:53:36 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-10 18:18:52 102400 ----a-w- c:\windows\system32\stacsv.exe
2014-02-10 18:18:51 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2014-02-10 18:18:51 1601536 ----a-w- c:\windows\system32\stlang.dll
2014-02-10 17:58:01 -------- d-----w- C:\Dell Management Packs
2014-02-10 17:49:16 595456 ----a-w- c:\windows\system32\stapo.dll
2014-02-10 17:49:16 328704 ----a-w- c:\windows\system32\stcplx.dll
2014-02-10 17:49:16 299520 ----a-w- c:\windows\system32\stapi32.dll
2014-02-10 17:37:47 -------- d-----w- c:\users\owner\appdata\local\Deployment
2014-02-10 17:37:47 -------- d-----w- c:\users\owner\appdata\local\Apps
2014-02-08 22:19:28 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-08 22:18:57 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-08 22:18:25 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-08 22:18:13 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-02-08 22:06:50 -------- d-----w- c:\users\owner\appdata\roaming\ProductData
2014-02-08 22:05:41 -------- d-----w- c:\programdata\IObit
2014-02-08 22:05:38 -------- d-----w- c:\programdata\ProductData
2014-02-08 19:51:20 -------- d-----w- c:\windows\system32\Wat
.
==================== Find3M ====================
.
2014-03-08 19:36:46 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-08 19:36:46 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-01 16:17:03 18224 ----a-w- c:\windows\system32\drivers\mi2c.sys
2014-02-01 16:14:27 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
2014-01-26 19:27:08 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-26 19:27:08 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-26 19:27:08 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-26 19:27:07 43152 ----a-w- c:\windows\avastSS.scr
2014-01-18 00:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-18 00:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-10 11:32:12 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-10 11:32:12 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-10 11:32:12 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 14:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-13 18:35:56 249856 ----a-w- c:\windows\system32\uxtheme.dll
2013-12-13 18:35:51 2755072 ----a-w- c:\windows\system32\themeui.dll
2013-12-13 18:35:45 37376 ----a-w- c:\windows\system32\themeservice.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_HM080HI rev.AB100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8303C000]<< >>UNKNOWN [0x895B0000]<< >>UNKNOWN [0x8959F000]<< >>UNKNOWN [0x88EA3000]<< >>UNKNOWN [0x83005000]<< >>UNKNOWN [0x890E9000]<< >>UNKNOWN [0x88FF3000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83072BBA] -> \Device\Harddisk0\DR0[0x86061720]
\Driver\Disk[0x86060D00] -> IRP_MJ_CREATE -> 0x895B439F
3 [0x895B459E] -> ntkrnlpa!IofCallDriver[0x83072BBA] -> [0x85B89938]
\Driver\ACPI[0x85231030] -> IRP_MJ_CREATE -> 0x88EAC4CC
5 [0x88EAC3D4] -> ntkrnlpa!IofCallDriver[0x83072BBA] -> \Device\Ide\IdeDeviceP0T0L0-0[0x852A8610]
\Driver\atapi[0x85B7D658] -> IRP_MJ_CREATE -> 0x891038CE
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:28:39.16 ===============

mbam log to follow
 
Latest mbam log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Owner :: OWNER-PC [limited]

3/9/2014 9:08:55 AM
mbam-log-2014-03-09 (09-08-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214770
Time elapsed: 15 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
The TDDS file was too large to paste into this reply, I hope it's not a problem for me to upload the file.
 

Attachments

  • TDDS.txt
    103.9 KB · Views: 1
I'll accept it this time but in the future please paste all logs.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Mr Broni,
This is always been exceptional support whenever I have issues with infections on my systems. While I'm waiting for the rouge killer to finish with it's scan I want to ask you if I want to dive into attempting to restore my device back to a useable state moving forward, am I able to follow the directions as you have earlier dictated them to me?

Or is this the type of thing that based on one group of text logs gives the adviser direction in what should happen next?

I'm asking such that I would not have to pester you guys in future should this type of event occur again.

I know there are preliminary scans that are ask for but what about the specifics that you provide can these actions be done without supervision?
 
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 03/09/2014 10:34:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x65EE1FD9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM080HI ATA Device +++++
--- User ---
[MBR] 0c73aefa2c61e73e8d63966c70cbbc91
[BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03092014_103409.txt >>
RKreport[0]_D_03082014_165734.txt;RKreport[0]_S_03082014_165710.txt;RKreport[0]_S_03092014_102924.txt
 
ComboFix 14-03-05.01 - Owner 03/09/2014 11:03:24.27.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.860 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-09 to 2014-03-09 )))))))))))))))))))))))))))))))
.
.
2014-03-09 18:15 . 2014-03-09 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-09 18:15 . 2014-03-09 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-09 17:37 . 2014-03-09 17:37 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-09 16:56 . 2014-03-09 16:56 -------- d-----w- c:\program files\RealArcade
2014-03-09 16:46 . 2014-03-09 16:51 -------- d-----w- c:\programdata\Trymedia
2014-03-09 01:00 . 2014-03-09 17:37 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 00:15 . 2014-03-09 18:18 -------- d-----w- c:\users\Owner\AppData\Local\temp
2014-03-05 11:38 . 2014-03-05 11:38 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-01 18:42 . 2014-03-01 18:42 -------- d-----w- c:\program files\Online Games Manager
2014-03-01 18:41 . 2014-03-09 16:56 -------- d-----w- C:\GameHouse Games
2014-03-01 18:19 . 2014-03-01 18:37 -------- d-----w- c:\program files\Jigsaw Mania demo
2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\program files\iPod
2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\program files\iTunes
2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-01 17:54 . 2014-03-01 17:54 -------- d-----w- c:\program files\QuickTime
2014-02-16 21:29 . 2014-02-16 21:29 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
2014-02-15 18:33 . 2014-02-15 18:34 -------- d-----w- c:\program files\GUMFD33.tmp
2014-02-15 16:56 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-15 16:54 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-15 16:54 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-15 16:53 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-15 16:53 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-10 18:18 . 2007-09-13 22:45 102400 ----a-w- c:\windows\system32\stacsv.exe
2014-02-10 18:18 . 2007-09-13 22:45 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2014-02-10 18:18 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2014-02-10 17:58 . 2014-02-10 17:58 -------- d-----w- C:\Dell Management Packs
2014-02-10 17:49 . 2007-09-13 22:45 328704 ----a-w- c:\windows\system32\stcplx.dll
2014-02-10 17:49 . 2007-09-13 22:45 595456 ----a-w- c:\windows\system32\stapo.dll
2014-02-10 17:49 . 2007-09-13 22:44 299520 ----a-w- c:\windows\system32\stapi32.dll
2014-02-10 17:37 . 2014-03-08 23:32 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2014-02-10 17:37 . 2014-02-10 17:37 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2014-02-08 22:19 . 2014-02-08 22:19 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-08 22:18 . 2013-11-20 00:52 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-02-08 22:18 . 2014-01-08 23:54 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-08 22:18 . 2013-12-24 18:40 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-02-08 22:06 . 2014-02-08 22:06 -------- d-----w- c:\users\Owner\AppData\Roaming\ProductData
2014-02-08 22:05 . 2014-02-08 22:22 -------- d-----w- c:\programdata\IObit
2014-02-08 22:05 . 2014-03-09 15:20 -------- d-----w- c:\programdata\ProductData
2014-02-08 19:51 . 2014-02-08 19:51 -------- d-----w- c:\windows\system32\Wat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 19:36 . 2013-12-07 17:22 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-08 19:36 . 2012-03-02 17:33 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-01 16:17 . 2014-02-01 16:17 18224 ----a-w- c:\windows\system32\drivers\mi2c.sys
2014-02-01 16:14 . 2014-02-01 16:14 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
2014-01-26 19:27 . 2014-01-10 11:32 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-26 19:27 . 2014-01-10 11:32 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-26 19:27 . 2014-01-10 11:32 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-26 19:27 . 2014-01-10 11:32 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-26 19:27 . 2014-01-10 11:32 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-26 19:27 . 2014-01-10 11:32 43152 ----a-w- c:\windows\avastSS.scr
2014-01-18 00:24 . 2014-01-18 00:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-18 00:24 . 2014-01-18 00:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-01-10 11:32 . 2014-01-10 11:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-10 11:32 . 2014-01-10 11:32 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-10 11:32 . 2014-01-10 11:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-18 14:13 . 2011-03-12 14:58 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-13 18:35 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2013-12-13 18:35 . 2011-04-30 17:17 2755072 ----a-w- c:\windows\system32\themeui.dll
2013-12-13 18:35 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-02-08 22:05 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-26 19:27 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoScrSavPage"= 0 (0x0)
"NoDispApprearancePage"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 03:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleIEDAV]
2013-11-15 20:01 1326408 ----a-w- c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-11-20 23:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-13 04:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]
2014-01-06 18:59 3619096 ----a-w- c:\users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HowToSimplified Search Scope Monitor]
c:\progra~1\HOWTOS~2\bar\1.bin\8esrchmn.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-11-20 23:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
c:\program files\Microsoft Security Client\msseces.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-18 00:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 22:44 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
c:\users\Owner\AppData\Roaming\Spotify\Spotify.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-01-06 21:37 5625624 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
c:\program files\AVG SafeGuard toolbar\vprot.exe [BU]
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-08 822624]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-02-08 2151744]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-09-03 115008]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2012-08-23 24416]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 581480]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 21864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-08 1343400]
R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-08 127488]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [2010-11-04 102728]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-26 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-26 410784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-16 37664]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-26 67824]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-03 154624]
S2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-02-01 18224]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-14 350792]
S2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [2014-02-01 18224]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-08-08 559552]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe [2013-12-05 25600]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-26 64168]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-11-07 13824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 194408]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 19:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 14:50]
.
2014-01-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-10 19:27]
.
2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2014-02-01 c:\windows\Tasks\SlimCleaner Run.job
- c:\program files\SlimCleaner\SlimCleaner.exe [2013-07-10 16:53]
.
2014-02-16 c:\windows\Tasks\SlimComputer Run.job
- c:\program files\SlimComputer\SlimComputer.exe [2013-07-10 17:19]
.
2014-03-08 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
- c:\program files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-08 22:05]
.
2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{A73C834D-636D-46F7-A165-BE4EE7F25BAD}.job
- c:\windows\system32\msfeedssync.exe [2013-11-16 18:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = https://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 216.228.160.4 216.228.160.3
TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: DhcpNameServer = 198.224.166.135 198.224.167.135
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,c0,aa,
31,75,5c,5e,35,aa,62,82,42,b5,d5,f4,71
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
.
[HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
.
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_154_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_154_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\STacSV.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2014-03-09 11:22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-09 18:22
ComboFix2.txt 2014-03-09 01:44
ComboFix3.txt 2014-03-09 00:23
.
Pre-Run: 32,517,402,624 bytes free
Post-Run: 32,728,715,264 bytes free
.
- - End Of File - - A814B9E32858A1F381252314080153D4
A36C5E4F47E84449FF07ED3517B43A31
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Owner :: OWNER-PC [administrator]

3/9/2014 11:26:27 AM
mbam-log-2014-03-09 (11-26-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 361410
Time elapsed: 1 hour(s), 42 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
if I want to dive into attempting to restore my device back to a useable state
Click to expand...
I'm not sure what your question is.

Re-read my rules:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...
Like Combofix....

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.020 - Report created 09/03/2014 at 14:44:58
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner(4).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\prefs.js ]


[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [29221 octets] - [24/11/2013 10:05:18]
AdwCleaner[R1].txt - [1154 octets] - [28/11/2013 12:20:27]
AdwCleaner[R2].txt - [6004 octets] - [07/12/2013 14:52:35]
AdwCleaner[R3].txt - [7854 octets] - [09/03/2014 08:58:23]
AdwCleaner[R4].txt - [1551 octets] - [09/03/2014 14:42:01]
AdwCleaner[S0].txt - [28083 octets] - [24/11/2013 10:07:31]
AdwCleaner[S1].txt - [1218 octets] - [28/11/2013 12:22:50]
AdwCleaner[S2].txt - [6087 octets] - [07/12/2013 14:53:26]
AdwCleaner[S3].txt - [5541 octets] - [09/03/2014 08:59:26]
AdwCleaner[S4].txt - [1474 octets] - [09/03/2014 14:44:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1534 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by Owner on Sun 03/09/2014 at 14:50:49.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/09/2014 at 14:54:21.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 3/9/2014 2:56:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.53% Memory free
1.99 Gb Paging File | 0.84 Gb Available in Paging File | 42.03% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 30.51 Gb Free Space | 40.99% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/09 09:32:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(2).exe
PRC - [2014/03/08 12:36:46 | 001,863,344 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
PRC - [2014/03/08 12:12:12 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/01/26 12:27:02 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/26 12:27:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/04 17:53:42 | 000,025,600 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2013/08/08 07:18:38 | 000,559,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] () -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/20 19:11:12 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/08 12:36:46 | 016,337,584 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_154.dll
MOD - [2014/03/08 12:12:11 | 003,641,968 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/10 04:32:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
========== Services (SafeList) ==========
SRV - [2014/03/08 12:12:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/22 07:50:11 | 000,257,920 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/08 15:05:32 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/02/08 12:51:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014/02/06 02:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/26 12:27:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/04 17:53:42 | 000,025,600 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/08/08 07:18:38 | 000,559,552 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2012/07/25 19:04:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/20 19:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2006/11/07 18:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2014/02/01 09:17:03 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mi2c.sys -- (mi2c)
DRV - [2014/02/01 09:14:27 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ei2c.sys -- (ei2c)
DRV - [2014/01/26 12:27:08 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/26 12:27:08 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/26 12:27:08 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/26 12:27:08 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/01/10 04:32:12 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/10 04:32:12 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/01/10 04:32:12 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/24 11:40:32 | 000,018,624 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/11/16 10:37:01 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/25 14:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)
DRV - [2012/08/23 15:56:08 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2012/06/06 10:50:54 | 000,113,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvolwin7.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirwin7.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaywin7.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfswin7.sys -- (Sftfs)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 03:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/10/07 05:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/05/28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2008/03/17 09:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 23:13:36 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.com"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/26 12:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Users\Owner\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2014/01/26 15:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/08 12:12:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files\Social Privacy\FF\
[2013/07/24 10:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/02/08 15:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions
[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com
[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions
[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com
[2013/07/02 10:59:36 | 000,068,722 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\NoiaFoxoption@davidvincent.tld.xpi
[2013/07/02 10:59:36 | 002,511,800 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2014/03/08 12:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/08 12:12:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/12 01:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg.com?cid={19FB14...n&ds=ts024&coid=avgtbdists&pr=sa&d=2013-11-09 15:44:11&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_2\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_2\
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_3\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_2\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_3\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_2\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_3\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_3\
CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_0\
CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_1\
CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_2\
CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_3\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_3\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_4\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_5\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_6\
O1 HOSTS File: ([2014/03/09 11:17:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
 
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoScrSavPage = 0
O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispApprearancePage = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.4 216.228.160.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: DhcpNameServer = 198.224.166.135 198.224.167.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: DhcpNameServer = 216.228.160.4 216.228.160.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/09 14:50:17 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe
[2014/03/09 11:17:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/03/09 11:02:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/03/09 09:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2014/03/09 08:30:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TechSpot logs
[2014/03/08 18:00:00 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/03/08 17:59:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar
[2014/03/08 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2014/03/08 17:15:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/08 17:15:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2014/03/08 12:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/01 11:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\8floor
[2014/03/01 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Online Games Manager
[2014/03/01 11:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
[2014/03/01 11:41:24 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2014/03/01 11:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaw Mania
[2014/03/01 11:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Jigsaw Mania demo
[2014/03/01 10:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/01 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/01 10:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/03/01 10:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/01 10:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/02/16 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
[2014/02/10 11:18:52 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2014/02/10 11:18:51 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2014/02/10 10:58:01 | 000,000,000 | ---D | C] -- C:\Dell Management Packs
[2014/02/10 10:49:16 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2014/02/10 10:49:16 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2014/02/10 10:49:16 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2014/02/10 10:38:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014/02/10 10:37:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2014/02/10 10:37:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2014/02/08 15:23:00 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/02/08 15:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/02/08 15:18:57 | 000,031,008 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2014/02/08 15:18:25 | 000,103,424 | ---- | C] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll
[2014/02/08 15:18:13 | 000,018,624 | ---- | C] (IObit) -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2014/02/08 15:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/02/08 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ProductData
[2014/02/08 15:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/02/08 15:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/02/08 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/02/08 12:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/09 14:54:13 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 14:54:13 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 14:53:58 | 000,665,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/09 14:53:58 | 000,123,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/09 14:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/09 11:17:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/03/09 10:37:06 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/03/09 09:57:17 | 000,000,834 | ---- | M] () -- C:\Users\Owner\Desktop\Royal Jigsaw.lnk
[2014/03/09 09:56:55 | 000,000,140 | ---- | M] () -- C:\Users\Owner\Desktop\More Games at GameHouse.com.url
[2014/03/09 09:36:03 | 000,462,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/09 09:12:12 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/08 12:41:23 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2014/03/08 12:36:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/08 12:30:43 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014/03/01 10:59:47 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/01 10:54:18 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/23 15:19:00 | 000,002,201 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2014/02/19 22:33:41 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe
[2014/02/16 15:40:10 | 000,001,866 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20140216_144005.reg
[2014/02/16 15:36:22 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\SlimComputer Run.job
[2014/02/15 11:34:34 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/02/15 11:34:34 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/02/15 11:34:34 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/02/15 11:33:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
[2014/02/09 11:49:40 | 042,681,344 | ---- | M] () -- C:\Sandynphilip@bendbroadband (3).pst
[2014/02/09 10:43:22 | 016,778,240 | ---- | M] () -- C:\heavenbound47@icloud.com.pst
[2014/02/08 15:18:12 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/02/08 15:05:39 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/09 09:57:17 | 000,000,834 | ---- | C] () -- C:\Users\Owner\Desktop\Royal Jigsaw.lnk
[2014/03/09 09:35:41 | 000,462,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/01 11:41:28 | 000,000,140 | ---- | C] () -- C:\Users\Owner\Desktop\More Games at GameHouse.com.url
[2014/03/01 10:59:47 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/01 10:54:18 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/16 15:40:08 | 000,001,866 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20140216_144005.reg
[2014/02/16 14:36:58 | 000,002,201 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2014/02/15 11:33:38 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
[2014/02/09 10:20:42 | 042,681,344 | ---- | C] () -- C:\Sandynphilip@bendbroadband (3).pst
[2014/02/09 10:11:45 | 016,778,240 | ---- | C] () -- C:\heavenbound47@icloud.com.pst
[2014/02/08 15:18:12 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/02/08 15:05:44 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
[2014/02/08 15:05:39 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2014/01/11 17:13:27 | 000,093,016 | ---- | C] () -- C:\Users\Owner\logger.PNG
[2014/01/10 04:32:17 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/10 04:32:16 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/13 11:25:45 | 000,082,664 | ---- | C] () -- C:\Users\Owner\UniversalThemePatcher_20090409.zip
[2013/12/08 09:25:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2013/12/01 10:47:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/12/01 10:47:00 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/12/01 10:46:20 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013/12/01 10:46:20 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2013/12/01 10:46:20 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/12/01 10:46:20 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/11/28 14:00:45 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/08/01 14:49:19 | 000,385,768 | ---- | C] () -- C:\Users\Owner\COCC-certificates.PNG
[2013/08/01 14:17:16 | 015,046,808 | ---- | C] () -- C:\Users\Owner\COCC-4 001.tif
[2013/08/01 14:15:34 | 018,402,336 | ---- | C] () -- C:\Users\Owner\COCC-3 001.tif
[2013/08/01 14:08:54 | 001,029,195 | ---- | C] () -- C:\Users\Owner\COCC-2 001.jpg
[2013/08/01 14:04:40 | 018,367,284 | ---- | C] () -- C:\Users\Owner\COCC-1 005.tif
[2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/25 13:42:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/25 13:42:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/25 13:42:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/25 13:42:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/25 13:42:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/24 14:23:14 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/03/09 20:11:02 | 000,030,926 | ---- | C] () -- C:\Users\Owner\alex7.jpg
[2013/03/09 20:10:45 | 000,022,789 | ---- | C] () -- C:\Users\Owner\alex6.jpg
[2013/03/09 20:09:28 | 000,065,555 | ---- | C] () -- C:\Users\Owner\alex5.jpg
[2013/03/09 20:09:04 | 000,044,542 | ---- | C] () -- C:\Users\Owner\alex4.jpg
[2013/03/09 20:07:58 | 000,040,506 | ---- | C] () -- C:\Users\Owner\alex3.jpg
[2013/03/09 20:06:51 | 000,031,286 | ---- | C] () -- C:\Users\Owner\alex2.jpg
[2013/03/09 20:06:03 | 000,002,575 | ---- | C] () -- C:\Users\Owner\alex1.jpg
[2012/12/02 13:07:59 | 000,002,012 | ---- | C] () -- C:\Users\Owner\Avira Control Center.lnk
[2012/11/22 13:00:12 | 000,000,592 | ---- | C] () -- C:\Windows\RegistryKit.ini
[2012/11/22 12:59:41 | 000,001,032 | ---- | C] () -- C:\Users\Owner\Registry Kit.lnk
[2012/11/10 14:21:27 | 000,001,815 | ---- | C] () -- C:\Users\Owner\QuickTime Player.lnk
[2012/11/04 14:59:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012/10/29 15:31:29 | 000,001,787 | ---- | C] () -- C:\Users\Owner\Tech-101 - Shortcut.lnk
[2012/10/29 14:01:46 | 000,001,385 | ---- | C] () -- C:\Users\Owner\google gmail name philipmoore59passworduserid - Shortcut.lnk
[2012/10/29 12:04:42 | 000,000,512 | ---- | C] () -- C:\Users\Owner\MBR.dat
[2012/10/07 15:04:14 | 000,001,142 | ---- | C] () -- C:\Users\Owner\bettycrockeruserid - Shortcut.lnk
[2012/09/15 15:11:05 | 000,000,099 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/06 08:53:03 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/09/04 19:17:27 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/08/30 11:00:08 | 000,001,688 | ---- | C] () -- C:\Users\Owner\08-30-2012.reg
[2012/08/30 09:00:09 | 000,005,602 | ---- | C] () -- C:\Users\Owner\ESETexe-fix.bat
[2012/08/08 15:00:33 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2012/08/02 10:17:07 | 000,000,984 | ---- | C] () -- C:\Users\Owner\PDF Reader.lnk
[2012/07/20 14:19:43 | 000,001,683 | ---- | C] () -- C:\Users\Owner\Google Drive.lnk
[2012/06/25 16:19:10 | 000,646,461 | ---- | C] () -- C:\Users\Owner\OED.pdf
[2012/06/25 16:09:42 | 000,650,648 | ---- | C] () -- C:\Users\Owner\IMG_0001_NEW.pdf
[2012/06/25 15:53:41 | 000,475,979 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscriptII.pdf
[2012/06/25 15:52:27 | 000,674,649 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscript.pdf
[2012/06/09 14:39:36 | 004,116,163 | ---- | C] () -- C:\Users\Owner\SGC Power Point.pdf
[2012/05/25 10:53:57 | 000,169,078 | ---- | C] () -- C:\Users\Owner\RMH letter for donations.pdf
[2012/05/15 07:35:31 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/05/11 13:23:43 | 000,009,097 | ---- | C] () -- C:\Users\Owner\3.2 Solving Linear Equations.SAV
[2012/04/05 18:46:10 | 000,215,220 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/28 10:52:33 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access.cod
[2012/03/23 13:18:34 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\MSBlint.dat
[2012/03/23 13:18:33 | 000,000,288 | ---- | C] () -- C:\ProgramData\PDF2XL-4-14.TrialData
[2012/03/17 08:07:49 | 000,009,185 | ---- | C] () -- C:\Users\Owner\II.5 Metric System Weight and Volume.SAV
[2012/03/16 15:48:49 | 000,024,926 | ---- | C] () -- C:\Users\Owner\II.6 U.S. Customary Measurements and Metric Equivalents.SAV
[2012/03/02 08:13:52 | 000,197,608 | ---- | C] () -- C:\Users\Owner\Capture.PNG
[2011/12/17 16:55:55 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut.lnk
[2011/12/14 08:41:02 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut (2).lnk
[2011/09/17 12:08:44 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.googlewebacchosts
[2011/08/30 13:09:59 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access code.COD
[2011/05/23 08:21:54 | 000,000,598 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/17 09:43:48 | 000,012,945 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/05/17 09:37:28 | 000,038,383 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
========== ZeroAccess Check ==========
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/10/13 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2014/01/10 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2012/05/15 09:15:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/08/30 06:42:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BACS.exe
[2012/01/24 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard
[2013/05/11 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/01/24 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Collaborate
[2011/10/21 09:50:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ColorCop
[2011/12/26 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/27 14:36:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.webkinesis.PicasaUploaderDesktop
[2011/12/17 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CSR
[2012/12/02 18:08:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/08/02 17:21:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easeware
[2012/08/30 10:55:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeFixer
[2013/07/12 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft
[2012/07/13 08:20:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICQ Search
[2014/02/08 15:18:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/08/26 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iolo
[2011/12/26 10:09:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2013/09/14 11:46:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeeperData
[2012/07/22 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
[2012/12/01 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MotoCast
[2012/12/01 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola
[2012/06/15 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola Mobility
[2011/03/12 08:05:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/05/15 08:34:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security
[2012/08/31 08:37:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
[2014/02/08 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProductData
[2012/11/22 10:04:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Qualcomm
[2013/09/02 10:43:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Radiocom
[2012/11/22 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Kit
[2012/02/07 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife
[2012/10/30 11:55:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/10/13 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
[2013/07/09 07:54:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SyncTunesDesktop
[2012/05/16 08:14:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/09/02 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/09/17 11:32:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/09/13 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\URSoft
[2012/03/29 06:45:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2011/12/08 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZeoBIT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/10/19 12:21:07 | 101,983,560 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
[2013/10/19 12:21:07 | 101,983,560 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
[2013/10/18 15:44:49 | 101,880,815 | ---- | M] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
[2013/10/18 15:44:49 | 101,880,815 | ---- | C] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
[2013/10/13 08:15:14 | 100,742,045 | ---- | M] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
[2013/10/13 08:15:14 | 100,742,045 | ---- | C] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
[2013/09/29 14:02:51 | 098,466,785 | ---- | M] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_
[2013/09/29 14:02:51 | 098,466,785 | ---- | C] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_

< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)
[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com
[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit


:Services

:Reg

:Files
C:\FRST
C:\Program Files\IObit

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)> in the current context!
Error: Unable to interpret <DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)> in the current context!
Error: Unable to interpret <[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com> in the current context!
Error: Unable to interpret <[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com> in the current context!
Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\> in the current context!
Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\> in the current context!
Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\> in the current context!
Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\> in the current context!
Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\> in the current context!
Error: Unable to interpret <O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)> in the current context!
Error: Unable to interpret <[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit> in the current context!
Error: Unable to interpret <[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
C:\Program Files\IObit\Surfing Protection\Language folder moved successfully.
C:\Program Files\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\images folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully.
C:\Program Files\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files\IObit\Surfing Protection folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Update folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Temp folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Skins\White folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Skins\Blue folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Skins\Black folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Skins folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\SDReport folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Language folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Help\img folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Help folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Freeware folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Extension folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wxp_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wxp_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wnet_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wnet_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wlh_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\wlh_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\win8_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\win8_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\win7_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers\win7_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\drivers folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3\Database folder moved successfully.
C:\Program Files\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update\Uninstaller folder moved successfully.
C:\Program Files\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files\IObit\LiveUpdate folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller\LatestNews folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller\Lan_LiveUpt folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller\Images folder moved successfully.
C:\Program Files\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 2221037 bytes
->Temporary Internet Files folder emptied: 687571 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20619562 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 815 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205 bytes
RecycleBin emptied: 9069649 bytes
Total Files Cleaned = 32.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Owner
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Owner
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03092014_152952

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
OTL fix log is incorrect.
It looks like you didn't copy my entire script especially a colon in front of "OTL" (first line).
Redo.
 
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
SlimCleaner
Adobe Flash Player 13.0.0.154
Adobe Reader XI
Mozilla Firefox (28.0)
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Online Games Manager ogmservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
All processes killed
========== OTL ==========
Service motusbdevice stopped successfully!
Service motusbdevice deleted successfully!
File system32\DRIVERS\motusbdevice.sys not found.
Service Motousbnet stopped successfully!
Service Motousbnet deleted successfully!
File system32\DRIVERS\Motousbnet.sys not found.
Service MotoSwitchService stopped successfully!
Service MotoSwitchService deleted successfully!
File system32\DRIVERS\motswch.sys not found.
Service motmodem stopped successfully!
Service motmodem deleted successfully!
File system32\DRIVERS\motmodem.sys not found.
Service motccgpfl stopped successfully!
Service motccgpfl deleted successfully!
File system32\DRIVERS\motccgpfl.sys not found.
Service motccgp stopped successfully!
Service motccgp deleted successfully!
File system32\DRIVERS\motccgp.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Owner\AppData\Local\Temp\catchme.sys not found.
Service BTCFilterService stopped successfully!
Service BTCFilterService deleted successfully!
File system32\DRIVERS\motfilt.sys not found.
Service efavdrv stopped successfully!
Service efavdrv deleted successfully!
C:\Windows\System32\drivers\efavdrv.sys moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin\img folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1 folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\Plugin\img folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\Plugin folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2 folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\Plugin\img folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\Plugin folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3 folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\Plugin\img folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\Plugin folder moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
File C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll not found.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
File\Folder C:\Program Files\IObit not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 1056683 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18132867 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Owner
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Owner
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03092014_154548

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

Scorpus
Nvidia app launches in beta: Nvidia's new GPU control panel is much faster, no log in...
2
Replies
28
Views
607
RaXelliX
R
Shawn Knight
MegaCortex ransomware victims can now unlock their files for free
Replies
0
Views
456
Shawn Knight
Shawn Knight
Scorpus
AMD / Nvidia / Intel CES 2023 Recap and Analysis: 3D V-Cache, "RTX 4090" for laptops,...
Replies
13
Views
1K
OortCloud
O

Latest posts

Back