Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop infected with ZeroAccess!


  • This topic is locked This topic is locked
16 replies to this topic

#1 cory92

cory92

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 27 February 2014 - 11:35 AM

So I now Know my laptop is infected with ZeroAccess. I used hitman pro to reveal it, and with the help of another member from bleeping computer I realise how bad it is. So far my laptop has been showing different signs of problems, my firewall would not turn of for about a month, Windows update cannot search for new updates due to an unknown error, and mircrosoft security essentials/center does not respond this is my original topic:

 

http://www.bleepingcomputer.com/forums/t/525759/windows-defender-and-microsoft-security-essentials/ 

 

these are the logs that I have got from running dds:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by cory at 16:15:02 on 2014-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6058.3208 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll
mURLSearchHooks: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: BitTorrentControl_v12 Toolbar: {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll
TB: BitTorrentControl_v12 Toolbar: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\cory\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5dbdd14413a247d387f43958743b784c-9be5dab5c5df53085e2a669d6c9985cd6a1a9eaf /CMPID=1213b
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\cory\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=5dbdd14413a247d387f43958743b784c-9be5dab5c5df53085e2a669d6c9985cd6a1a9eaf /CMPID=0214c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KNOWHOW™ APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}\35B4954313530313 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}\4514C4B44514C4B4D2443443349343 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}\56465727F616D6 : DHCPNameServer = 144.124.16.12 144.124.16.11
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
TCP: Interfaces\{8FF4A37C-3C56-416E-A364-0525877CA2D2} : DHCPNameServer = 192.168.42.129
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-30 46368]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-9-7 13824]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-5 173192]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-26 127752]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-1-2 1907896]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-10-25 31624]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-7 2656536]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-30 1772056]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-1-1 39464]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-5-9 280912]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-3 19456]
S3 Samsung UPD Service2;Samsung UPD Service2;C:\Windows\System32\SUPDSvc2.exe [2011-12-2 165456]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-1-19 27584]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-27 12:06:20 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1F7AAE8-F0EB-4B62-84C5-6BF82750D888}\gapaengine.dll
2014-02-27 12:06:03 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA1875D2-7011-481C-BB0E-B2D02434F86F}\mpengine.dll
2014-02-26 09:58:33 -------- d-----w- C:\Program Files\HitmanPro
2014-02-26 09:57:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-26 09:53:04 -------- d-----w- C:\Windows\System32\catroot2
2014-02-26 08:42:40 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 04:24:30 -------- d-----w- C:\Windows\CheckSur
2014-02-26 03:14:03 -------- d-----w- C:\Windows\System32\wbem\repository
2014-02-26 02:34:52 -------- d-----w- C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-26 02:34:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-26 02:34:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 00:50:48 -------- d-----w- C:\Windows\System32\wbem\repository.002
2014-02-26 00:49:38 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-02-26 00:35:16 -------- d-----w- C:\RegBackup
2014-02-26 00:32:27 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-02-21 04:03:11 -------- d-----w- C:\Windows\Migration
2014-02-20 02:23:50 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC99FC-EE14-447C-8858-CDB408F27FE0}\gapaengine.dll
2014-02-18 02:49:56 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-11 22:52:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-05 14:48:45 -------- d-----w- C:\Program Files\iPod
2014-02-05 14:48:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-05 14:48:44 -------- d-----w- C:\Program Files\iTunes
2014-02-05 14:48:44 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-30 11:08:35 -------- d-----w- C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-01-30 11:08:26 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-01-30 11:08:16 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-01-30 11:07:35 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-01-30 11:07:30 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2014-01-30 11:07:27 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
.
==================== Find3M  ====================
.
2014-02-26 05:00:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-26 05:00:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-20 04:00:16 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:16:17.90 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 27 February 2014 - 12:56 PM

Hi there,
 
please run the following scans:


Step 1

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)



Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 01 March 2014 - 10:06 AM

Thank you for helping me. 

 

combofix results :

 

ComboFix 14-02-24.02 - cory 03/01/2014  14:43:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6058.4009 [GMT 0:00]
Running from: c:\users\cory\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-01 to 2014-03-01  )))))))))))))))))))))))))))))))
.
.
2014-03-01 14:54 . 2014-03-01 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-28 17:21 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F0DFBAE-4F26-4186-8B6B-5EB8322E3E45}\mpengine.dll
2014-02-27 17:54 . 2014-02-27 17:57 -------- d-----w- c:\users\cory\AppData\Local\Windows Live
2014-02-27 12:06 . 2014-02-20 02:23 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1F7AAE8-F0EB-4B62-84C5-6BF82750D888}\gapaengine.dll
2014-02-27 12:06 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 09:58 . 2014-02-26 09:58 -------- d-----w- c:\program files\HitmanPro
2014-02-26 09:57 . 2014-02-26 10:13 -------- d-----w- c:\programdata\HitmanPro
2014-02-26 09:53 . 2014-02-26 09:57 -------- d-----w- c:\windows\system32\catroot2
2014-02-26 04:24 . 2014-02-26 04:24 -------- d-----w- c:\windows\CheckSur
2014-02-26 03:14 . 2014-02-26 10:21 -------- d-----w- c:\windows\system32\wbem\repository
2014-02-26 02:34 . 2014-02-26 02:34 -------- d-----w- c:\users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 . 2014-02-26 02:34 -------- d-----w- c:\programdata\Malwarebytes
2014-02-26 02:34 . 2014-02-26 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:34 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-26 00:49 . 2014-02-26 03:13 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-02-26 00:41 . 2014-02-26 09:47 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-02-26 00:35 . 2014-02-26 00:35 -------- d-----w- C:\RegBackup
2014-02-26 00:32 . 2014-02-26 00:32 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-02-21 04:03 . 2014-02-21 04:03 -------- d-----w- c:\windows\Migration
2014-02-20 02:23 . 2014-02-20 02:23 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC99FC-EE14-447C-8858-CDB408F27FE0}\gapaengine.dll
2014-02-18 02:49 . 2014-02-20 02:23 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-11 22:52 . 2014-02-11 22:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-02-05 14:48 . 2014-02-05 14:48 -------- d-----w- c:\program files\iPod
2014-02-05 14:48 . 2014-02-05 14:50 -------- d-----w- c:\program files\iTunes
2014-02-05 14:48 . 2014-02-05 14:50 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-26 05:00 . 2013-02-26 17:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-26 05:00 . 2012-01-27 11:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 19:09 . 2012-01-07 03:50 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-30 11:07 . 2014-01-30 11:08 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-01-20 04:00 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 11:23 . 2014-01-02 20:21 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files (x86)\BitTorrentControl_v12\prxtbBit0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-01-30 11:07 3401752 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
2012-11-06 13:01 183112 ----a-w- c:\program files (x86)\BitTorrentControl_v12\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files (x86)\BitTorrentControl_v12\prxtbBit0.dll" [2012-11-06 183112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll" [2014-01-30 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-02 20:48 222832 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-02 20:48 222832 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-02 20:48 222832 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-05 2249352]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-02-03 2552856]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"KNOWHOW™ APP CENTRE"="c:\program files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk" [2011-09-07 1339]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-10-15 3526776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 SBIOSIO;SBIOSIO;c:\users\cory\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\cory\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 20:02 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 05:00]
.
2014-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job
- c:\users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-22 00:21]
.
2014-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job
- c:\users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-22 00:21]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 00:06]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-02 20:48 261744 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-02 20:48 261744 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-02 20:48 261744 ----a-w- c:\users\cory\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-17 11:24 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-17 11:24 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-17 11:24 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30CAA875-8179-4B99-A7AD-7DD52E6BA549}\56465727F616D6: DhcpNameServer = 144.124.16.12 144.124.16.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1213b - c:\users\cory\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\cory\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2014\avgui.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-01  14:57:59
ComboFix-quarantined-files.txt  2014-03-01 14:57
.
Pre-Run: 149,665,239,040 bytes free
Post-Run: 149,514,977,280 bytes free
.
- - End Of File - - DB6AE7609A65B76AA174FC78B1AF71E2
 
 
FRST results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by cory (administrator) on CORY-PC on 01-03-2014 15:00:57
Running from C:\Users\cory\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-03] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1339 2011-09-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-740809286-1293212477-2799158089-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll (Conduit Ltd.)
URLSearchHook: HKCU - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10007&barid={CDCB806C-1C85-11E2-8D40-E81132DF91BF}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={508B9351-E18B-492D-B242-EE2952847CA8}&mid=5dbdd14413a247d387f43958743b784c-9be5dab5c5df53085e2a669d6c9985cd6a1a9eaf&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-30 11:08:19&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={508B9351-E18B-492D-B242-EE2952847CA8}&mid=5dbdd14413a247d387f43958743b784c-9be5dab5c5df53085e2a669d6c9985cd6a1a9eaf&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-30 11:08:19&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9EEAB62A-41E8-4C63-AD32-E8339F270A6D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?crg=3.1010000.10007&barid={CDCB806C-1C85-11E2-8D40-E81132DF91BF}
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\cory\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Adblock Plus) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-20]
CHR Extension: (Google Search) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (Bleach Theme2) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgbfeiijkpelbhpmbdliomlgbdiggho [2013-09-15]
CHR Extension: (My Browser Page) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2013-09-15]
CHR Extension: (FBPHOTOZOOM) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid [2012-03-22]
CHR Extension: (Google Wallet) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\cory\AppData\Local\Temp\ccex.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom14.crx [2012-03-22]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-22]
 
==================== Services (Whitelisted) =================
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-02-26] (SurfRight B.V.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
S2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-30] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-30] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\cory\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:40 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-01 14:40 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-01 14:40 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-01 14:37 - 2014-03-01 14:58 - 00000000 ____D () C:\Qoobox
2014-03-01 14:37 - 2014-03-01 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:35 - 2014-03-01 14:36 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-02-27 17:54 - 2014-02-27 17:57 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:16 - 2014-02-27 16:18 - 00020227 _____ () C:\Users\cory\Desktop\dds.txt
2014-02-27 16:16 - 2014-02-27 16:18 - 00011353 _____ () C:\Users\cory\Desktop\attach.txt
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-26 21:00 - 2014-02-26 21:01 - 00002758 _____ () C:\Users\cory\Desktop\Rkill.txt
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:34 - 2014-03-01 15:01 - 00017126 _____ () C:\Users\cory\Downloads\FRST.txt
2014-02-26 10:34 - 2014-02-26 10:34 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64.exe
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 10:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 03:55 - 2014-02-26 04:23 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 00:41 - 2014-02-26 09:47 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:31 - 2014-02-26 00:32 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2014-02-11 22:52 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2014-02-11 22:34 - 2014-02-11 22:35 - 13670584 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall.exe
2014-02-11 22:31 - 2014-02-11 22:32 - 11125072 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall (1).exe
2014-02-11 22:25 - 2014-02-11 22:31 - 101830416 _____ (Microsoft Corporation) C:\Users\cory\Downloads\msert.exe
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-01-30 11:08 - 2014-01-30 11:08 - 00000000 ____D () C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-01-30 11:08 - 2014-01-30 11:08 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-01-30 11:08 - 2014-01-30 11:07 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-01-30 11:07 - 2014-02-08 12:49 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-30 11:07 - 2014-01-30 11:08 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
 
==================== One Month Modified Files and Folders =======
 
2014-03-01 15:01 - 2014-02-26 10:34 - 00017126 _____ () C:\Users\cory\Downloads\FRST.txt
2014-03-01 15:01 - 2013-09-15 00:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 15:00 - 2013-09-15 15:12 - 00000000 ____D () C:\FRST
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:58 - 2014-03-01 14:37 - 00000000 ____D () C:\Qoobox
2014-03-01 14:58 - 2013-02-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 14:58 - 2009-07-14 03:20 - 00000000 ___RD () C:\Users\Default
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:55 - 2014-03-01 14:37 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:55 - 2012-07-08 21:32 - 01208614 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 14:54 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-01 14:36 - 2014-03-01 14:35 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-03-01 13:26 - 2012-01-22 16:16 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job
2014-03-01 11:55 - 2012-01-22 16:16 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job
2014-02-28 21:52 - 2013-09-15 00:07 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 17:57 - 2014-02-27 17:54 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:18 - 2014-02-27 16:16 - 00020227 _____ () C:\Users\cory\Desktop\dds.txt
2014-02-27 16:18 - 2014-02-27 16:16 - 00011353 _____ () C:\Users\cory\Desktop\attach.txt
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-27 12:10 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 12:10 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 11:23 - 2012-09-14 02:02 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Skype
2014-02-26 21:01 - 2014-02-26 21:00 - 00002758 _____ () C:\Users\cory\Desktop\Rkill.txt
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:34 - 2014-02-26 10:34 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64.exe
2014-02-26 10:25 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 10:22 - 2013-12-28 21:52 - 00247924 _____ () C:\Windows\setupact.log
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:20 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 10:13 - 2014-02-26 09:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 09:48 - 2013-12-28 21:52 - 00216250 _____ () C:\Windows\PFRO.log
2014-02-26 09:47 - 2014-02-26 00:41 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 05:00 - 2013-02-26 17:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 05:00 - 2013-02-26 17:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-26 05:00 - 2012-01-27 11:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 04:23 - 2014-02-26 03:55 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 03:44 - 2012-01-05 20:42 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:22 - 2012-01-03 16:06 - 00116624 _____ () C:\Users\cory\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 03:21 - 2009-07-14 04:45 - 00448760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 03:18 - 2012-10-25 13:33 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:52 - 2013-09-11 18:38 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-02-26 02:52 - 2012-10-22 20:19 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 01:11 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 00:55 - 2009-07-14 02:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_247
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:31 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-21 04:39 - 2012-11-08 02:15 - 00000000 ____D () C:\Users\cory\AppData\Roaming\BitTorrent
2014-02-21 04:06 - 2012-03-20 15:53 - 00763276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-12 00:01 - 2013-08-19 13:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-11 23:40 - 2012-09-15 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 22:53 - 2012-03-20 15:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2012-03-20 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 22:48 - 2013-09-15 00:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-11 22:48 - 2013-09-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-11 22:35 - 2014-02-11 22:34 - 13670584 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall.exe
2014-02-11 22:32 - 2014-02-11 22:31 - 11125072 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall (1).exe
2014-02-11 22:31 - 2014-02-11 22:25 - 101830416 _____ (Microsoft Corporation) C:\Users\cory\Downloads\msert.exe
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-11 21:46 - 2012-01-01 17:13 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Samsung
2014-02-11 20:55 - 2012-01-20 04:33 - 00000000 ____D () C:\Users\cory\AppData\Local\Adobe
2014-02-11 19:56 - 2013-09-15 00:07 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 19:56 - 2013-09-15 00:07 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 12:49 - 2014-01-30 11:07 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-02-05 14:41 - 2012-01-01 18:32 - 00000000 ____D () C:\ProgramData\Apple
2014-02-04 19:09 - 2012-01-07 03:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-30 11:08 - 2014-01-30 11:08 - 00000000 ____D () C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-01-30 11:08 - 2014-01-30 11:08 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-01-30 11:08 - 2014-01-30 11:07 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-01-30 11:07 - 2014-01-30 11:08 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2014-02-28 16:04
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by cory at 2014-03-01 15:01:59
Running from C:\Users\cory\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.167.0 - Microsoft Corporation)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.2.28499 - BitTorrent Inc.)
BitTorrentControl_v12 Toolbar (HKLM-x32\...\BitTorrentControl_v12 Toolbar) (Version: 6.10.3.27 - BitTorrentControl_v12) <==== ATTENTION
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Content Manager Assistant for PlayStation® (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.1 - )
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KNOWHOW™ APP CENTRE (HKLM-x32\...\KNOWHOW™ APP CENTRE 22447) (Version: 22447 - KNOWHOW)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.01.00:36 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.4.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8500 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
21-02-2014 04:51:27 Windows Update
21-02-2014 04:58:52 Windows Update
21-02-2014 13:00:13 Windows Update
22-02-2014 13:00:13 Windows Update
23-02-2014 13:00:13 Windows Update
23-02-2014 23:44:35 Windows Update
25-02-2014 21:09:00 Windows Update
26-02-2014 00:09:35 Windows Update
26-02-2014 00:17:26 Windows Update
26-02-2014 00:34:46 Tweaking.com - Windows Repair
26-02-2014 01:07:47 Tweaking.com - Windows Repair
26-02-2014 01:21:40 Tweaking.com - Windows Repair
26-02-2014 04:24:05 Windows Update
26-02-2014 04:29:47 Windows Update
01-03-2014 14:40:31 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2014-03-01 14:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0267F368-4D71-4A32-8CA7-D8FFD49430B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-17] (Microsoft Corporation)
Task: {111E735F-33F0-449B-90BD-A63E9DA6B02C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1ABCCD74-AE4D-48AD-8B62-D5165CE3774A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {269A691C-54AA-4B2E-A95F-4BE1C5B7B94E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {26BE9BB8-5478-4B77-B84A-357FAFB8A001} - System32\Tasks\RunAsStdUser Task => C:\Users\cory\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe
Task: {28A7555A-100D-4DD9-B7BC-7C97A5D8C092} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {28F58562-7CDF-4436-BC67-E6DBE93E7CF9} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {35C52EB8-E2FF-4C84-916F-A583C1D4F975} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {3AD9E88A-AAAA-445A-8841-48D25B299D22} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-26] (Facebook Inc.)
Task: {40F6F6B1-66A4-4951-8FAF-312D5A91D580} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {53E55613-AB19-494F-915B-48B84E10BE5A} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A06\EPM.exe
Task: {735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {75295B7B-241F-43E4-B7DF-68E4FFD691D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {78639D98-B364-489A-9559-77B1AD355BC5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {895AE506-6B4A-4DE7-A83F-6075B5DC2E64} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-26] (Facebook Inc.)
Task: {9BB4BB91-F04D-42CF-9FD6-0F20C11431FD} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {B25B1C8D-278B-4E49-9D85-72AC6D5C31EE} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {B7280187-B51A-4954-A5F4-C08A8FBE1934} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {BB8D9348-A766-42AF-B5EE-BCA3CB72A81E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {C16FDC98-26AA-40BC-9797-D7E131C25EF0} - System32\Tasks\4626 => Wscript.exe C:\Users\cory\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C32E85C2-9CB0-4F47-BA28-0384C9A7D48E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-26] (Adobe Systems Incorporated)
Task: {D1DAA830-C636-4F20-A2B9-715B26CD4A66} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {DC99D18A-29E9-461A-B906-BA69964EE426} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {DF41A46C-F8FB-44B1-B678-1C4E956A8CFD} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {E286A09B-49B9-4A11-A40B-3FF17558B131} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Task: {F707B42D-2F46-48D9-AAFF-D2362452F28F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F8315E78-46BD-4F84-876C-E3FB89F2B4D4} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-11 13:26 - 2011-04-11 13:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2014-01-02 19:58 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-02 19:58 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-02 19:58 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-01-27 14:28 - 2011-01-27 14:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2014-01-30 11:07 - 2014-01-30 11:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2014-01-30 11:07 - 2014-02-03 19:06 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2011-08-12 07:33 - 2011-04-04 10:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2011-09-07 09:56 - 2009-12-01 07:21 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-01-17 11:24 - 2014-01-17 11:24 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-30 11:07 - 2014-01-30 11:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 02452992 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00375808 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00322048 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00013312 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 01008640 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00195584 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00062464 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00400384 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll
2011-09-07 10:15 - 2011-04-19 18:02 - 03622128 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll
2009-11-02 05:20 - 2009-11-02 05:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 05:23 - 2009-11-02 05:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-02-03 22:06 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00655872 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2012-10-25 00:51 - 2011-02-17 00:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-02-21 20:03 - 2014-02-20 01:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 20:03 - 2014-02-20 01:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-21 20:03 - 2014-02-20 01:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2014 01:53:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (03/01/2014 01:53:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (03/01/2014 01:27:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2014 00:20:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 169230
 
Error: (03/01/2014 00:20:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 169230
 
Error: (03/01/2014 00:20:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2014 00:20:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 168232
 
Error: (03/01/2014 00:20:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 168232
 
Error: (03/01/2014 00:20:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/01/2014 00:18:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
System errors:
=============
Error: (03/01/2014 03:00:55 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/01/2014 02:54:35 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/01/2014 02:53:23 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/01/2014 02:48:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/01/2014 02:43:15 PM) (Source: Service Control Manager) (User: )
Description: The SamsungDeviceConfiguration service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2014 02:37:12 PM) (Source: Service Control Manager) (User: )
Description: The SW Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/28/2014 09:52:51 AM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
Error: (02/26/2014 10:22:41 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (02/26/2014 10:20:50 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (02/26/2014 09:57:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-01 14:53:23.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-01 14:53:22.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 6057.55 MB
Available physical RAM: 3773.07 MB
Total Pagefile: 12113.28 MB
Available Pagefile: 9799.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:272 GB) (Free:139.33 GB) NTFS
Drive d: () (Fixed) (Total:407.19 GB) (Free:407.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 590F7681)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=272 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=407 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19 GB) - (Type=27)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 01 March 2014 - 10:24 AM

Great. What problem and symptoms do you experience after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   317bytes   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Restart your computer.



Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 01 March 2014 - 12:34 PM

the program did not run correctly, when I try to run FRST it says Aut2exe has stopped working. it still creates a fixlog.txt. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-02-2014
Ran by cory at 2014-03-01 17:32:55 Run:6
Running from C:\Users\cory\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
Task: {735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C16FDC98-26AA-40BC-9797-D7E131C25EF0} - System32\Tasks\4626 => Wscript.exe C:\Users\cory\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
*****************
 
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
 
was this supposed to happen?


#6 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 01 March 2014 - 01:35 PM

I restarted and followed the next steps just incase this was meant to happen. 

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 18:09:55
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : cory - CORY-PC
# Running from : C:\Users\cory\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater17.3.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\fbphotozoom
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\BitTorrentControl_v12
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\cory\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\cory\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\cory\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\cory\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\cory\AppData\Roaming\PerformerSoft
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
File Deleted : C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\d578fd0b068bf45
Key Deleted : HKLM\SOFTWARE\d578fd0b068bf45
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender-the-eight-pages_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender-the-eight-pages_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C1661DA-38CA-4363-AFBC-15C0EF86C9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B93FD659-FEFE-4750-9A5A-836FCDF6107B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
*************************
 
AdwCleaner[R0].txt - [11238 octets] - [01/03/2014 18:06:54]
AdwCleaner[S0].txt - [10808 octets] - [01/03/2014 18:09:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10869 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by cory (administrator) on CORY-PC on 01-03-2014 18:19:19
Running from C:\Users\cory\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1339 2011-09-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-740809286-1293212477-2799158089-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9EEAB62A-41E8-4C63-AD32-E8339F270A6D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Google Search) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (BitTorrentControl_v12) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\cory\AppData\Local\Temp\ccex.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom14.crx [2012-09-09]
 
==================== Services (Whitelisted) =================
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-02-26] (SurfRight B.V.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-30] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\cory\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-01 18:06 - 2014-03-01 18:10 - 00000000 ____D () C:\AdwCleaner
2014-03-01 18:05 - 2014-03-01 18:15 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 17:59 - 2014-03-01 17:59 - 01244192 _____ () C:\Users\cory\Downloads\AdwCleaner.exe
2014-03-01 17:17 - 2014-03-01 17:17 - 00000317 _____ () C:\Users\cory\Desktop\fixlist.txt
2014-03-01 15:01 - 2014-03-01 15:02 - 00045141 _____ () C:\Users\cory\Downloads\Addition.txt
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:40 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-01 14:40 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-01 14:40 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-01 14:37 - 2014-03-01 14:58 - 00000000 ____D () C:\Qoobox
2014-03-01 14:37 - 2014-03-01 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:35 - 2014-03-01 14:36 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-02-27 17:54 - 2014-02-27 17:57 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:34 - 2014-03-01 18:21 - 00011743 _____ () C:\Users\cory\Desktop\FRST.txt
2014-02-26 10:34 - 2014-02-26 10:34 - 02155520 _____ (Farbar) C:\Users\cory\Desktop\FRST64.exe
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 10:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 03:55 - 2014-02-26 04:23 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 00:41 - 2014-02-26 09:47 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:31 - 2014-02-26 00:32 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2014-02-11 22:52 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2014-02-11 22:34 - 2014-02-11 22:35 - 13670584 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall.exe
2014-02-11 22:31 - 2014-02-11 22:32 - 11125072 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall (1).exe
2014-02-11 22:25 - 2014-02-11 22:31 - 101830416 _____ (Microsoft Corporation) C:\Users\cory\Downloads\msert.exe
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-01-30 11:08 - 2014-03-01 18:11 - 00000000 ____D () C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-01-30 11:08 - 2014-01-30 11:07 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-01 18:21 - 2014-02-26 10:34 - 00011743 _____ () C:\Users\cory\Desktop\FRST.txt
2014-03-01 18:16 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 18:16 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 18:15 - 2014-03-01 18:05 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 18:15 - 2012-09-14 02:02 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Skype
2014-03-01 18:15 - 2012-07-08 21:32 - 01228366 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 18:13 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 18:12 - 2013-12-28 21:52 - 00254820 _____ () C:\Windows\setupact.log
2014-03-01 18:11 - 2014-01-30 11:08 - 00000000 ____D () C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-03-01 18:11 - 2013-12-28 21:52 - 00217652 _____ () C:\Windows\PFRO.log
2014-03-01 18:11 - 2013-09-15 00:07 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 18:11 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 18:10 - 2014-03-01 18:06 - 00000000 ____D () C:\AdwCleaner
2014-03-01 18:03 - 2012-01-12 04:16 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-01 17:59 - 2014-03-01 17:59 - 01244192 _____ () C:\Users\cory\Downloads\AdwCleaner.exe
2014-03-01 17:58 - 2013-02-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 17:21 - 2013-09-15 15:12 - 00000000 ____D () C:\FRST
2014-03-01 17:17 - 2014-03-01 17:17 - 00000317 _____ () C:\Users\cory\Desktop\fixlist.txt
2014-03-01 17:02 - 2013-09-15 00:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 17:02 - 2012-01-22 16:16 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job
2014-03-01 15:02 - 2014-03-01 15:01 - 00045141 _____ () C:\Users\cory\Downloads\Addition.txt
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:58 - 2014-03-01 14:37 - 00000000 ____D () C:\Qoobox
2014-03-01 14:58 - 2009-07-14 03:20 - 00000000 ___RD () C:\Users\Default
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:55 - 2014-03-01 14:37 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:54 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-01 14:36 - 2014-03-01 14:35 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-03-01 11:55 - 2012-01-22 16:16 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job
2014-02-27 17:57 - 2014-02-27 17:54 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:34 - 2014-02-26 10:34 - 02155520 _____ (Farbar) C:\Users\cory\Desktop\FRST64.exe
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 10:13 - 2014-02-26 09:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 09:47 - 2014-02-26 00:41 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 05:00 - 2013-02-26 17:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 05:00 - 2013-02-26 17:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-26 05:00 - 2012-01-27 11:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 04:23 - 2014-02-26 03:55 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 03:44 - 2012-01-05 20:42 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:22 - 2012-01-03 16:06 - 00116624 _____ () C:\Users\cory\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 03:21 - 2009-07-14 04:45 - 00448760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 03:18 - 2012-10-25 13:33 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 01:11 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 00:55 - 2009-07-14 02:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_247
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:31 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-21 04:39 - 2012-11-08 02:15 - 00000000 ____D () C:\Users\cory\AppData\Roaming\BitTorrent
2014-02-21 04:06 - 2012-03-20 15:53 - 00763276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-12 00:01 - 2013-08-19 13:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-11 23:40 - 2012-09-15 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 22:53 - 2012-03-20 15:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2012-03-20 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 22:48 - 2013-09-15 00:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-11 22:48 - 2013-09-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-11 22:35 - 2014-02-11 22:34 - 13670584 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall.exe
2014-02-11 22:32 - 2014-02-11 22:31 - 11125072 _____ (Microsoft Corporation) C:\Users\cory\Downloads\MSEInstall (1).exe
2014-02-11 22:31 - 2014-02-11 22:25 - 101830416 _____ (Microsoft Corporation) C:\Users\cory\Downloads\msert.exe
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-11 21:46 - 2012-01-01 17:13 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Samsung
2014-02-11 20:55 - 2012-01-20 04:33 - 00000000 ____D () C:\Users\cory\AppData\Local\Adobe
2014-02-11 19:56 - 2013-09-15 00:07 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 19:56 - 2013-09-15 00:07 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-02-05 14:41 - 2012-01-01 18:32 - 00000000 ____D () C:\ProgramData\Apple
2014-02-04 19:09 - 2012-01-07 03:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-30 11:07 - 2014-01-30 11:08 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
 
Some content of TEMP:
====================
C:\Users\cory\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2014-02-28 16:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014
Ran by cory at 2014-03-01 18:23:04
Running from C:\Users\cory\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.167.0 - Microsoft Corporation)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.1.30016 - BitTorrent Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.2.28499 - BitTorrent Inc.)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Content Manager Assistant for PlayStation® (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.1 - )
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KNOWHOW™ APP CENTRE (HKLM-x32\...\KNOWHOW™ APP CENTRE 22447) (Version: 22447 - KNOWHOW)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.01.00:36 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.4.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.1 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8500 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
21-02-2014 04:51:27 Windows Update
21-02-2014 04:58:52 Windows Update
21-02-2014 13:00:13 Windows Update
22-02-2014 13:00:13 Windows Update
23-02-2014 13:00:13 Windows Update
23-02-2014 23:44:35 Windows Update
25-02-2014 21:09:00 Windows Update
26-02-2014 00:09:35 Windows Update
26-02-2014 00:17:26 Windows Update
26-02-2014 00:34:46 Tweaking.com - Windows Repair
26-02-2014 01:07:47 Tweaking.com - Windows Repair
26-02-2014 01:21:40 Tweaking.com - Windows Repair
26-02-2014 04:24:05 Windows Update
26-02-2014 04:29:47 Windows Update
01-03-2014 14:40:31 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2014-03-01 14:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0267F368-4D71-4A32-8CA7-D8FFD49430B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-17] (Microsoft Corporation)
Task: {111E735F-33F0-449B-90BD-A63E9DA6B02C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1ABCCD74-AE4D-48AD-8B62-D5165CE3774A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {269A691C-54AA-4B2E-A95F-4BE1C5B7B94E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {26BE9BB8-5478-4B77-B84A-357FAFB8A001} - System32\Tasks\RunAsStdUser Task => C:\Users\cory\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe
Task: {28A7555A-100D-4DD9-B7BC-7C97A5D8C092} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {28F58562-7CDF-4436-BC67-E6DBE93E7CF9} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {35C52EB8-E2FF-4C84-916F-A583C1D4F975} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {3AD9E88A-AAAA-445A-8841-48D25B299D22} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-26] (Facebook Inc.)
Task: {40F6F6B1-66A4-4951-8FAF-312D5A91D580} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {53E55613-AB19-494F-915B-48B84E10BE5A} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A06\EPM.exe
Task: {735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {75295B7B-241F-43E4-B7DF-68E4FFD691D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {78639D98-B364-489A-9559-77B1AD355BC5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {895AE506-6B4A-4DE7-A83F-6075B5DC2E64} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-26] (Facebook Inc.)
Task: {9BB4BB91-F04D-42CF-9FD6-0F20C11431FD} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {B25B1C8D-278B-4E49-9D85-72AC6D5C31EE} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {B7280187-B51A-4954-A5F4-C08A8FBE1934} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {BB8D9348-A766-42AF-B5EE-BCA3CB72A81E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {C16FDC98-26AA-40BC-9797-D7E131C25EF0} - System32\Tasks\4626 => Wscript.exe C:\Users\cory\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C32E85C2-9CB0-4F47-BA28-0384C9A7D48E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-26] (Adobe Systems Incorporated)
Task: {D1DAA830-C636-4F20-A2B9-715B26CD4A66} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {DC99D18A-29E9-461A-B906-BA69964EE426} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {DF41A46C-F8FB-44B1-B678-1C4E956A8CFD} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {E286A09B-49B9-4A11-A40B-3FF17558B131} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Task: {F707B42D-2F46-48D9-AAFF-D2362452F28F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F8315E78-46BD-4F84-876C-E3FB89F2B4D4} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job => C:\Users\cory\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-17 11:24 - 2014-01-17 11:24 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-04-11 13:26 - 2011-04-11 13:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2014-01-02 19:58 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-02 19:58 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-02 19:58 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-10-25 00:51 - 2012-02-13 14:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2011-01-27 14:28 - 2011-01-27 14:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2011-09-07 09:56 - 2009-12-01 07:21 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-08-12 07:33 - 2011-04-04 10:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-25 00:51 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-10-25 00:51 - 2011-02-17 00:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 02452992 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00375808 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00322048 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00013312 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 01008640 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00195584 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00062464 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll
2011-09-07 10:15 - 2010-12-01 14:26 - 00400384 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll
2011-09-07 10:15 - 2011-04-19 18:02 - 03622128 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2013-02-03 22:06 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 05:20 - 2009-11-02 05:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 05:23 - 2009-11-02 05:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00655872 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-01-18 15:10 - 2012-01-18 15:10 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-06 14:40 - 2012-01-06 14:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-02-21 20:03 - 2014-02-20 01:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 20:03 - 2014-02-20 01:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 20:03 - 2014-02-20 01:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2014 05:32:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.10.2, time stamp: 0x530d2277
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0x1cf0
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (03/01/2014 05:31:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.10.2, time stamp: 0x530d2277
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0x1dc4
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (03/01/2014 05:30:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.10.2, time stamp: 0x530d2277
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0xa84
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (03/01/2014 05:28:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.10.2, time stamp: 0x530d2277
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0x8b4
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (03/01/2014 05:24:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64 (1).exe, version: 3.3.10.2, time stamp: 0x5311dfd4
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0xe60
Faulting application start time: 0xFRST64 (1).exe0
Faulting application path: FRST64 (1).exe1
Faulting module path: FRST64 (1).exe2
Report Id: FRST64 (1).exe3
 
Error: (03/01/2014 05:22:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: FRST64.exe, version: 3.3.10.2, time stamp: 0x530d2277
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000000ca89
Faulting process id: 0x1820
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (03/01/2014 05:12:01 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (03/01/2014 05:03:00 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (03/01/2014 01:53:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (03/01/2014 01:53:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
 
System errors:
=============
Error: (03/01/2014 06:03:16 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (03/01/2014 03:00:55 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/01/2014 02:54:35 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/01/2014 02:53:23 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/01/2014 02:48:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/01/2014 02:43:15 PM) (Source: Service Control Manager) (User: )
Description: The SamsungDeviceConfiguration service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2014 02:37:12 PM) (Source: Service Control Manager) (User: )
Description: The SW Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/28/2014 09:52:51 AM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
Error: (02/26/2014 10:22:41 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (02/26/2014 10:20:50 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-01 14:53:23.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-01 14:53:22.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 6057.55 MB
Available physical RAM: 4283.45 MB
Total Pagefile: 12113.28 MB
Available Pagefile: 10268.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:272 GB) (Free:139.22 GB) NTFS
Drive d: () (Fixed) (Total:407.19 GB) (Free:407.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 590F7681)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=272 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=407 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19 GB) - (Type=27)
 
==================== End Of Log ============================
 


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 04 March 2014 - 02:15 PM

Sorry for the delay.
Something didn't work. Let's try again with a new version of FRST:


Please download this attached Attached File  fixlist.txt   1.18KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#8 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 04 March 2014 - 02:21 PM

thanks cool. 

 

afraid that did not work either:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014 02
Ran by cory at 2014-03-04 19:19:23 Run:11
Running from C:\Users\cory\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKCU - {9EEAB62A-41E8-4C63-AD32-E8339F270A6D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
CHR Extension: (BitTorrentControl_v12) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-03-01]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\cory\AppData\Local\Temp\ccex.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom14.crx [2012-09-09]
Task: {735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C16FDC98-26AA-40BC-9797-D7E131C25EF0} - System32\Tasks\4626 => Wscript.exe C:\Users\cory\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9EEAB62A-41E8-4C63-AD32-E8339F270A6D} => Key deleted successfully.
HKCR\CLSID\{9EEAB62A-41E8-4C63-AD32-E8339F270A6D} => Key not found.
C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf => Key deleted successfully.
C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf => Key deleted successfully.
"C:\Users\cory\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
"C:\Users\cory\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid => Key deleted successfully.
"C:\Program Files (x86)\fbphotozoom\fbphotozoom14.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735B4E8C-E0C6-4B91-B4D7-C9240F2F7F78} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C16FDC98-26AA-40BC-9797-D7E131C25EF0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C16FDC98-26AA-40BC-9797-D7E131C25EF0} => Key deleted successfully.
C:\Windows\System32\Tasks\4626 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4626 => Key deleted successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 05 March 2014 - 04:16 AM

Hm, let's try it differently:


Please download this attached Attached File  fixlist.txt   230bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#10 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 05 March 2014 - 04:32 AM

That time it accepted the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014 02
Ran by cory at 2014-03-05 09:30:18 Run:13
Running from C:\Users\cory\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: fsutil reparsepoint query "C:\Program Files\Microsoft Security Client"
CMD: fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client"
CMD: fsutil reparsepoint query "C:\Program Files\Microsoft Security Client"
*****************
 
 
=========  fsutil reparsepoint query "C:\Program Files\Microsoft Security Client" =========
 
Error:  The file or directory is not a reparse point.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client" =========
 
Error:  The file or directory is not a reparse point.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint query "C:\Program Files\Microsoft Security Client" =========
 
Error:  The file or directory is not a reparse point.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 05 March 2014 - 04:42 AM

Ok, then please run a FRST scan again:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#12 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 05 March 2014 - 04:48 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014 02
Ran by cory (administrator) on CORY-PC on 05-03-2014 09:46:35
Running from C:\Users\cory\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [KNOWHOW™ APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1339 2011-09-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-740809286-1293212477-2799158089-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-01]
CHR Extension: (Google Search) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-01]
CHR Extension: (Google Wallet) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-01]
 
==================== Services (Whitelisted) =================
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-02-26] (SurfRight B.V.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-30] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\cory\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 09:46 - 2014-03-05 09:46 - 00010854 _____ () C:\Users\cory\Desktop\FRST.txt
2014-03-01 21:14 - 2014-03-01 21:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 18:06 - 2014-03-01 21:16 - 00000000 ____D () C:\AdwCleaner
2014-03-01 17:59 - 2014-03-01 17:59 - 01244192 _____ () C:\Users\cory\Downloads\AdwCleaner.exe
2014-03-01 15:01 - 2014-03-01 15:02 - 00045141 _____ () C:\Users\cory\Downloads\Addition.txt
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:40 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-01 14:40 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-01 14:40 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-01 14:40 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-01 14:37 - 2014-03-01 14:58 - 00000000 ____D () C:\Qoobox
2014-03-01 14:37 - 2014-03-01 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:35 - 2014-03-01 14:36 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-02-27 17:54 - 2014-03-05 00:21 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:34 - 2014-03-04 19:19 - 02156544 _____ (Farbar) C:\Users\cory\Desktop\FRST64.exe
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 10:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 03:55 - 2014-02-26 04:23 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 00:41 - 2014-02-26 09:47 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:31 - 2014-02-26 00:32 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2014-02-11 22:52 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:48 - 2014-02-05 14:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 09:46 - 2014-03-05 09:46 - 00010854 _____ () C:\Users\cory\Desktop\FRST.txt
2014-03-05 09:46 - 2013-09-15 15:12 - 00000000 ____D () C:\FRST
2014-03-05 09:29 - 2012-01-22 16:16 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000Core.job
2014-03-05 09:18 - 2013-09-15 00:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 09:17 - 2013-02-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 09:17 - 2012-01-22 16:16 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-740809286-1293212477-2799158089-1000UA.job
2014-03-05 00:21 - 2014-02-27 17:54 - 00000000 ____D () C:\Users\cory\AppData\Local\Windows Live
2014-03-04 23:53 - 2012-07-08 21:32 - 01393136 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 23:20 - 2013-12-28 21:52 - 00274824 _____ () C:\Windows\setupact.log
2014-03-04 20:01 - 2013-09-15 00:07 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 19:19 - 2014-02-26 10:34 - 02156544 _____ (Farbar) C:\Users\cory\Desktop\FRST64.exe
2014-03-04 19:19 - 2012-11-08 02:16 - 00000000 ____D () C:\Users\cory\AppData\Local\CRE
2014-03-03 14:52 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 21:16 - 2014-03-01 18:06 - 00000000 ____D () C:\AdwCleaner
2014-03-01 21:14 - 2014-03-01 21:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 21:13 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 21:13 - 2009-07-14 04:45 - 00021200 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 21:10 - 2012-09-14 02:02 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Skype
2014-03-01 21:08 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 21:07 - 2013-12-28 21:52 - 00218012 _____ () C:\Windows\PFRO.log
2014-03-01 18:11 - 2014-01-30 11:08 - 00000000 ____D () C:\Users\cory\AppData\Local\AVG SafeGuard toolbar
2014-03-01 18:03 - 2012-01-12 04:16 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-01 17:59 - 2014-03-01 17:59 - 01244192 _____ () C:\Users\cory\Downloads\AdwCleaner.exe
2014-03-01 15:02 - 2014-03-01 15:01 - 00045141 _____ () C:\Users\cory\Downloads\Addition.txt
2014-03-01 14:59 - 2014-03-01 14:59 - 02155520 _____ (Farbar) C:\Users\cory\Downloads\FRST64 (1).exe
2014-03-01 14:58 - 2014-03-01 14:37 - 00000000 ____D () C:\Qoobox
2014-03-01 14:58 - 2009-07-14 03:20 - 00000000 ___RD () C:\Users\Default
2014-03-01 14:57 - 2014-03-01 14:57 - 00025024 _____ () C:\ComboFix.txt
2014-03-01 14:55 - 2014-03-01 14:37 - 00000000 ____D () C:\Windows\erdnt
2014-03-01 14:54 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-01 14:36 - 2014-03-01 14:35 - 05185084 ____R (Swearware) C:\Users\cory\Downloads\ComboFix.exe
2014-02-27 17:53 - 2014-02-27 17:53 - 00000000 ____D () C:\Users\cory\AppData\Local\{E94BACE0-C939-411A-928F-48AF01F7002A}
2014-02-27 16:12 - 2014-02-27 16:12 - 00688992 ____R (Swearware) C:\Users\cory\Desktop\dds.com
2014-02-26 20:59 - 2014-02-26 20:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\cory\Downloads\rkill.exe
2014-02-26 10:20 - 2014-02-26 10:20 - 00026646 _____ () C:\Users\cory\Documents\HitmanPro_20140226_1019.log
2014-02-26 10:18 - 2014-02-26 10:18 - 00019902 _____ () C:\Windows\system32\.crusader
2014-02-26 10:13 - 2014-02-26 09:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-26 09:58 - 2014-02-26 09:58 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-26 09:58 - 2014-02-26 09:58 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-26 09:57 - 2014-02-26 09:57 - 10820032 _____ (SurfRight B.V.) C:\Users\cory\Downloads\hitmanpro_x64.exe
2014-02-26 09:47 - 2014-02-26 00:41 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 05:00 - 2013-02-26 17:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 05:00 - 2013-02-26 17:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-26 05:00 - 2012-01-27 11:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 04:24 - 2014-02-26 04:24 - 00000000 ____D () C:\Windows\CheckSur
2014-02-26 04:23 - 2014-02-26 03:55 - 470051719 _____ () C:\Users\cory\Downloads\Windows6.1-KB947821-v32-x64.msu
2014-02-26 03:44 - 2012-01-05 20:42 - 00000000 ____D () C:\Windows\pss
2014-02-26 03:22 - 2012-01-03 16:06 - 00116624 _____ () C:\Users\cory\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 03:21 - 2009-07-14 04:45 - 00448760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 03:18 - 2012-10-25 13:33 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-26 02:56 - 2014-02-26 02:56 - 00000000 ____D () C:\Users\cory\Downloads\Seven
2014-02-26 02:34 - 2014-02-26 02:34 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 02:34 - 2014-02-26 02:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-26 02:33 - 2014-02-26 02:33 - 00014086 _____ () C:\Users\cory\Downloads\Seven.zip
2014-02-26 01:11 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 00:55 - 2009-07-14 02:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_247
2014-02-26 00:35 - 2014-02-26 00:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CORY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-26 00:35 - 2014-02-26 00:35 - 00000000 ____D () C:\RegBackup
2014-02-26 00:33 - 2014-02-26 00:33 - 00002159 _____ () C:\Users\cory\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-26 00:33 - 2014-02-26 00:33 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-26 00:32 - 2014-02-26 00:31 - 05192224 _____ () C:\Users\cory\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-21 04:59 - 2014-02-21 04:59 - 00001732 _____ () C:\Windows\IE10_main.log
2014-02-21 04:39 - 2012-11-08 02:15 - 00000000 ____D () C:\Users\cory\AppData\Roaming\BitTorrent
2014-02-21 04:06 - 2012-03-20 15:53 - 00763276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 04:30 - 2014-02-17 04:30 - 00000000 ____D () C:\Users\cory\Documents\Bluetooth Exchange Folder
2014-02-12 00:01 - 2013-08-19 13:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-11 23:50 - 2012-04-20 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-11 23:40 - 2012-09-15 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 22:53 - 2012-03-20 15:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\NisDrv
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\mpfilter
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Windows\system32\config\amd64
2014-02-11 22:52 - 2014-02-11 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 22:52 - 2012-03-20 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 22:48 - 2013-09-15 00:54 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-11 22:48 - 2013-09-15 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-11 22:10 - 2014-02-11 22:10 - 00353101 _____ () C:\Users\cory\Downloads\MicrosoftFixit20084.mini.diagcab
2014-02-11 22:09 - 2014-02-11 22:09 - 01059840 _____ () C:\Users\cory\Downloads\MicrosoftFixit50981.msi
2014-02-11 21:46 - 2012-01-01 17:13 - 00000000 ____D () C:\Users\cory\AppData\Roaming\Samsung
2014-02-11 20:55 - 2012-01-20 04:33 - 00000000 ____D () C:\Users\cory\AppData\Local\Adobe
2014-02-11 19:56 - 2013-09-15 00:07 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 19:56 - 2013-09-15 00:07 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iTunes
2014-02-05 14:50 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-05 14:48 - 2014-02-05 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-02-05 14:41 - 2012-01-01 18:32 - 00000000 ____D () C:\ProgramData\Apple
2014-02-04 19:09 - 2012-01-07 03:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 16:04
 
==================== End Of Log ============================


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 05 March 2014 - 04:51 AM

Finally it's done. :)
How is your computer running now? What problems or symptoms are still present?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#14 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 05 March 2014 - 11:04 AM

it found 20 potential threats. should I remove them?

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02887be7e86b264f8e2b17253b33def0
# engine=17322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-05 01:01:25
# local_time=2014-03-05 01:01:25 (+0000, GMT Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 38908021 146489535 0 0
# scanned=206994
# found=20
# cleaned=0
# scan_time=10408
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\BitTorrentControl_v12ToolbarHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\BitTorrentControl_v12ToolbarHelper1.exe.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\ldrtbBit0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\ldrtbBitT.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\tbBit0.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\tbBitT.dll.vir"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\hk64tbBit2.dll.vir"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\hktbBit2.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\ldrtbBit0.dll.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\ldrtbBit2.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\ldrtbBitT.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\tbBit0.dll.vir"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\tbBit1.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\tbBit2.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\tbBitT.dll.vir"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\cory\AppData\LocalLow\BitTorrentControl_v12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir"
sh=29657BEE0CB1FA06E64D0A1916B4C36FC451CCEE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\cory\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\48b59f0e-61cedecb"
sh=29657BEE0CB1FA06E64D0A1916B4C36FC451CCEE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\cory\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e7e65d9-36d95b73"
sh=6540A7188DDB9C14B36EBA6914817542BA8AFE52 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\cory\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome\bittorrentbar.jar"


#15 cory92

cory92
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 05 March 2014 - 11:07 AM

Also I cannot activate my anti virus, the same error has come up that I got when I try to use Microsoft security essentials. Even when I try to access it with admin the error comes up.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users