Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Tumri???


  • This topic is locked This topic is locked
6 replies to this topic

#1 beckhead

beckhead

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 18 March 2014 - 05:55 PM

Hi - my elderly mom, who is making the mistake of relying on me for IT support, clicked too many times on a suspicious email and her computer is infected.  She is now getting popups of "Tumri" pages, as well as many other unwanted popups, and her computer runs slowly.  Malwarebytes didn't find anything.  I walked her through combofix (before I saw the instructions saying I shouldn't) and it appeared to work for a while, but the problems returned.   

 

Tonight, I got her to run DDS.  Below are the 2 DDS logs from tonight and the combofix log from a couple of days ago.  I also attached the Attach.txt file from DDS.    Thank you so much for any help you can provide!

 

Ken

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2012 10:02:07 PM
System Uptime: 3/18/2014 10:54:14 AM (7 hours ago)
.
Motherboard: Acer |  | Aspire X1430
Processor: AMD E-450 APU with Radeon™ HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 441 GiB total, 389.188 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP119: 3/3/2014 1:02:27 PM - Scheduled Checkpoint
RP120: 3/5/2014 2:55:22 PM - Windows Update
RP121: 3/10/2014 12:27:38 PM - ComboFix created restore point
RP122: 3/12/2014 10:38:27 PM - Windows Update
RP123: 3/16/2014 4:24:31 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
 clear.fi 
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9) MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Belkin USB Wireless Adaptor
Bing Bar
Build-a-lot 4 - Power Source
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
clear.fi
clear.fi Client
Compatibility Pack for the 2007 Office system
Cradle of Rome 2
D3DX10
Dora's World Adventure
Download Updater (AOL LLC)
eBay Worldwide
Evernote v. 4.5.1
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
Google Chrome
Google Earth
Google Update Helper
Governor of Poker 2 Premium Edition
Hotkey Utility
Identity Card
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Internet Security
Norton Online Backup
Norton PC Checkup
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shredder
Skype™ 6.11
swMSM
Times Reader
Torchlight
Update Installer for WildTangent Games App
Viewpoint Media Player
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/16/2014 4:38:04 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/12/2014 9:29:11 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the AOL Connectivity Service service to connect.
3/12/2014 9:29:11 AM, Error: Service Control Manager [7000]  - The AOL Connectivity Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/11/2014 9:13:08 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Jean at 17:14:36 on 2014-03-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3576.2204 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\AOL\1346128221\ee\aolsoftware.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1346128221\ee\AOLSoftware.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{23629CBB-AF62-4B15-B058-FE577FAA15A8} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-11-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-11-20 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-11-20 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140317.001\IDSviA64.sys [2014-3-17 524504]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-2 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-2 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-2 62776]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-11-20 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-11-20 590936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-12 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-2 255376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-28 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2014-2-10 123384]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-11-20 275696]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe [2012-10-5 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe [2012-10-5 126392]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-12 231440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-28 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-2 533096]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-16 21:43:01 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-12 14:39:33 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 14:39:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 14:39:32 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 14:39:32 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-05 22:22:28 98816 ----a-w- C:\Windows\sed.exe
2014-03-05 22:22:28 256000 ----a-w- C:\Windows\PEV.exe
2014-03-05 22:22:28 208896 ----a-w- C:\Windows\MBR.exe
2014-03-05 20:56:33 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-04 20:55:10 -------- d-----w- C:\Users\Jean\AppData\Local\Windows Live
2014-03-04 20:54:52 -------- d-----w- C:\Users\Jean\AppData\Local\{91F07433-6289-47C9-9DA3-8B15992FF180}
2014-03-01 17:09:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-01 17:09:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-01 04:15:34 -------- d-----w- C:\Users\Jean\AppData\Roaming\Malwarebytes
2014-03-01 04:15:06 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-01 04:15:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-01 04:15:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 04:13:30 -------- d-----w- C:\Users\Jean\AppData\Local\Programs
.
==================== Find3M  ====================
.
2014-03-12 15:20:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 15:20:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 03:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 17:15:17.71 ===============
 
 
 
ComboFix 14-03-13.01 - Jean 03/16/2014  16:27:04.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3576.2215 [GMT -5:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-16 to 2014-03-16  )))))))))))))))))))))))))))))))
.
.
2014-03-16 21:37 . 2014-03-16 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-12 14:39 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 14:39 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 14:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 14:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-05 20:56 . 2014-03-05 20:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-05 20:56 . 2014-03-05 20:56 -------- d-----r- c:\program files (x86)\Skype
2014-03-04 20:55 . 2014-03-07 01:29 -------- d-----w- c:\users\Jean\AppData\Local\Windows Live
2014-03-01 17:09 . 2014-03-05 21:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-01 17:09 . 2014-03-05 22:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-01 04:15 . 2014-03-01 04:15 -------- d-----w- c:\users\Jean\AppData\Roaming\Malwarebytes
2014-03-01 04:15 . 2014-03-01 04:15 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 04:15 . 2014-03-01 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-01 04:15 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-01 04:13 . 2014-03-01 04:13 -------- d-----w- c:\users\Jean\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 15:20 . 2012-09-26 18:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 15:20 . 2011-08-03 03:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 05:38 . 2012-09-03 17:39 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-24 23:09 . 2014-02-12 17:30 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 17:30 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 05:29 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 05:29 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-19 03:09 . 2014-01-18 03:30 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"HostManager"="c:\program files (x86)\Common Files\AOL\1346128221\ee\AOLSoftware.exe" [2010-03-08 41800]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140314.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140314.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 15:20]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 19:30]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 19:30]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000Core.job
- c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 18:00]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000UA.job
- c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.6\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-16  16:42:52
ComboFix-quarantined-files.txt  2014-03-16 21:42
ComboFix2.txt  2014-03-10 17:47
ComboFix3.txt  2014-03-05 22:46
.
Pre-Run: 419,205,529,600 bytes free
Post-Run: 418,754,506,752 bytes free
.
- - End Of File - - 246A7DCDBEE74DFF30219A771D37BF4B
A36C5E4F47E84449FF07ED3517B43A31
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 22 March 2014 - 07:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 beckhead

beckhead
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 24 March 2014 - 05:24 PM

Hi nasdaq - thank you so much for your help!  Here are the logs for the tools that you said to run.

 

Ken

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Jean at 2014-03-22 15:52:18
Running from C:\Users\Jean\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
 clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
 clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{F7F1A2DA-481A-1B41-8959-4B224C6B20B6}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.3.1.129 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.6 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
03-03-2014 19:02:27 Scheduled Checkpoint
05-03-2014 20:55:22 Windows Update
10-03-2014 17:27:38 ComboFix created restore point
13-03-2014 03:38:27 Windows Update
16-03-2014 21:24:31 ComboFix created restore point
19-03-2014 02:19:29 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-03-01 12:28 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {037882D1-10C0-40E4-A1A5-3CDE01F38088} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {10E95C07-C325-470C-84AD-21F4996D52DB} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {274EFA7A-0CB9-4F06-BF12-8D74AB94E877} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {38EB2632-92F1-4362-8575-233268CA2499} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {48180AEC-7F38-4877-A185-068BCAA0D4AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30] (Google Inc.)
Task: {54CEAF8E-2921-45B1-A857-1250B72DF53F} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {7E0E9169-F596-4A23-BD3E-57C386322F26} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {8DC87195-5F73-409D-BFB3-CD42999F2B2D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B8114ED1-E460-4AF0-A9FF-E1252164CCE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30] (Google Inc.)
Task: {C392CEB4-55D8-45FE-BC57-43A85A70933F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E3715710-28C4-4376-9DE9-D7A7C569F8B5} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {EC32B888-EBD6-4EBA-ADD7-0287BC6774E2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F73EED4D-FDAD-47D6-ACB1-E9E458CE030C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000Core => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: {FA84CBAE-3E74-45E2-BDFC-19161314A18F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000UA => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000Core.job => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000UA.job => C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-10 22:58 - 2011-08-10 22:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2011-05-25 00:50 - 2011-05-25 00:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 11:55 - 2011-11-09 11:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-04-25 16:52 - 2011-04-25 16:52 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll
2011-08-10 22:57 - 2011-08-10 22:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2012-04-03 22:43 - 2011-10-12 05:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 3576.26 MB
Available physical RAM: 2300.26 MB
Total Pagefile: 7150.7 MB
Available Pagefile: 5406.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:441.25 GB) (Free:386.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
 
# AdwCleaner v3.022 - Report created 22/03/2014 at 15:13:33
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jean - JEAN-PC
# Running from : C:\Users\Jean\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AOL Toolbar
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3608 octets] - [22/03/2014 14:56:36]
AdwCleaner[S0].txt - [3494 octets] - [22/03/2014 15:13:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3554 octets] ##########
 
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C317959C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jean (administrator) on JEAN-PC on 22-03-2014 15:50:59
Running from C:\Users\Jean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1346128221\ee\aolsoftware.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1346128221\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2381910509-3284033300-3222242413-1000\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Norton Confidential) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (SiteAdvisor) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-03]
CHR Extension: (Norton Identity Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-03]
CHR Extension: (Google Wallet) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-21]
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\SymcPCCULaunchSvc.exe [123320 2012-03-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.6\ccSvcHst.exe [126392 2012-03-20] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140321.023\ENG64.SYS [126040 2014-03-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140321.023\EX64.SYS [2099288 2014-03-03] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-22 15:50 - 2014-03-22 15:51 - 00018411 _____ () C:\Users\Jean\Desktop\FRST.txt
2014-03-22 15:50 - 2014-03-22 15:50 - 02157056 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2014-03-22 15:50 - 2014-03-22 15:50 - 00000000 ____D () C:\FRST
2014-03-22 15:44 - 2014-03-22 15:44 - 00004256 _____ () C:\Users\Jean\Desktop\JRT.txt
2014-03-22 15:28 - 2014-03-22 15:28 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 15:23 - 2014-03-22 15:23 - 01037734 _____ (Thisisu) C:\Users\Jean\Desktop\JRT.exe
2014-03-22 15:17 - 2014-03-22 15:17 - 00003642 _____ () C:\Users\Jean\Desktop\AdwCleaner[S0].txt
2014-03-22 14:56 - 2014-03-22 15:14 - 00000000 ____D () C:\AdwCleaner
2014-03-22 14:52 - 2014-03-22 14:52 - 01950720 _____ () C:\Users\Jean\Desktop\AdwCleaner.exe
2014-03-21 20:10 - 2014-03-21 20:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-18 17:18 - 2014-03-18 17:18 - 00006278 _____ () C:\Users\Jean\Desktop\AttachDDS.txt
2014-03-18 17:11 - 2014-03-18 17:11 - 00688992 ____R (Swearware) C:\Users\Jean\Desktop\dds.com
2014-03-16 16:42 - 2014-03-16 16:42 - 00018942 _____ () C:\ComboFix.txt
2014-03-12 17:01 - 2014-03-12 17:01 - 02829706 _____ () C:\Users\Jean\Desktop\kite.mov
2014-03-12 09:40 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 09:40 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 09:40 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 09:40 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 09:40 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 09:40 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 09:40 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 09:40 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 09:40 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 09:40 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 09:40 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 09:40 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 09:40 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 09:40 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 09:40 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 09:40 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 09:40 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 09:40 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 09:40 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 09:40 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 09:40 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 09:40 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 09:40 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 09:40 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 09:40 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 09:40 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 09:40 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 09:40 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 09:40 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 09:40 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 09:40 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 09:40 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 09:40 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 09:40 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 09:40 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 09:40 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 09:40 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 09:40 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 09:40 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 09:40 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 09:40 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 09:40 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 09:40 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 09:40 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 09:39 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 09:39 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 09:39 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 09:39 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 17:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 17:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 17:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 17:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 17:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 17:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 17:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 17:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 16:51 - 2014-03-05 16:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-05 15:56 - 2014-03-05 15:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 15:55 - 2014-03-06 20:29 - 00000000 ____D () C:\Users\Jean\AppData\Local\Windows Live
2014-03-01 12:28 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140301-112828.backup
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 12:09 - 2014-03-05 17:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-01 12:09 - 2014-03-05 16:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-01 11:58 - 2014-03-01 11:59 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Jean\Downloads\spybot-2-2 (1).exe
2014-03-01 11:56 - 2014-03-01 11:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Jean\Downloads\spybot-2-2.exe
2014-03-01 11:37 - 2014-03-05 17:41 - 00000000 ____D () C:\Windows\ERDNT
2014-03-01 11:36 - 2014-03-16 16:42 - 00000000 ____D () C:\Qoobox
2014-02-28 23:15 - 2014-03-21 12:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 23:15 - 2014-02-28 23:15 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 23:15 - 2014-02-28 23:15 - 00000000 ____D () C:\Users\Jean\AppData\Roaming\Malwarebytes
2014-02-28 23:15 - 2014-02-28 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 23:15 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-22 15:51 - 2014-03-22 15:50 - 00018411 _____ () C:\Users\Jean\Desktop\FRST.txt
2014-03-22 15:50 - 2014-03-22 15:50 - 02157056 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2014-03-22 15:50 - 2014-03-22 15:50 - 00000000 ____D () C:\FRST
2014-03-22 15:50 - 2012-09-03 13:01 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000UA.job
2014-03-22 15:50 - 2012-09-03 13:01 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381910509-3284033300-3222242413-1000Core.job
2014-03-22 15:44 - 2014-03-22 15:44 - 00004256 _____ () C:\Users\Jean\Desktop\JRT.txt
2014-03-22 15:28 - 2014-03-22 15:28 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 15:25 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:25 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:24 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 15:23 - 2014-03-22 15:23 - 01037734 _____ (Thisisu) C:\Users\Jean\Desktop\JRT.exe
2014-03-22 15:21 - 2012-04-03 22:31 - 01146260 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 15:20 - 2012-09-26 13:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 15:18 - 2012-09-30 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 15:17 - 2014-03-22 15:17 - 00003642 _____ () C:\Users\Jean\Desktop\AdwCleaner[S0].txt
2014-03-22 15:17 - 2012-09-30 14:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 15:17 - 2012-08-27 22:06 - 00000000 ____D () C:\ProgramData\clear.fi
2014-03-22 15:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 15:17 - 2009-07-13 23:51 - 00083548 _____ () C:\Windows\setupact.log
2014-03-22 15:14 - 2014-03-22 14:56 - 00000000 ____D () C:\AdwCleaner
2014-03-22 14:52 - 2014-03-22 14:52 - 01950720 _____ () C:\Users\Jean\Desktop\AdwCleaner.exe
2014-03-21 20:10 - 2014-03-21 20:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-21 20:10 - 2012-08-27 22:34 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-21 20:10 - 2012-08-27 22:33 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-21 12:33 - 2014-02-28 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 14:56 - 2012-11-22 22:44 - 00000000 ____D () C:\Users\Jean\Desktop\FOCUS GENERAL
2014-03-19 14:41 - 2012-08-30 22:06 - 00000000 ____D () C:\Users\Jean\Desktop\JB biography in progress
2014-03-18 21:22 - 2013-08-14 22:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:20 - 2012-09-03 12:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:18 - 2014-03-18 17:18 - 00006278 _____ () C:\Users\Jean\Desktop\AttachDDS.txt
2014-03-18 17:11 - 2014-03-18 17:11 - 00688992 ____R (Swearware) C:\Users\Jean\Desktop\dds.com
2014-03-18 16:36 - 2013-01-08 14:38 - 00000000 ____D () C:\Users\Jean\Desktop\Council
2014-03-17 11:18 - 2010-11-20 22:47 - 00169988 _____ () C:\Windows\PFRO.log
2014-03-16 16:42 - 2014-03-16 16:42 - 00018942 _____ () C:\ComboFix.txt
2014-03-16 16:42 - 2014-03-01 11:36 - 00000000 ____D () C:\Qoobox
2014-03-16 16:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-16 16:22 - 2012-08-30 22:06 - 05190279 ____R (Swearware) C:\Users\Jean\Desktop\ComboFix.exe
2014-03-13 10:15 - 2009-07-13 23:45 - 00365096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:14 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 10:14 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:01 - 2014-03-12 17:01 - 02829706 _____ () C:\Users\Jean\Desktop\kite.mov
2014-03-12 10:20 - 2012-09-26 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:20 - 2012-09-26 13:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:20 - 2011-08-02 22:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 20:30 - 2013-04-21 21:18 - 00000000 ____D () C:\Users\Jean\Desktop\my party photos
2014-03-06 20:29 - 2014-03-04 15:55 - 00000000 ____D () C:\Users\Jean\AppData\Local\Windows Live
2014-03-05 17:41 - 2014-03-01 11:37 - 00000000 ____D () C:\Windows\ERDNT
2014-03-05 17:13 - 2014-03-01 12:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-05 16:51 - 2014-03-05 16:51 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-05 16:51 - 2014-03-01 12:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-05 15:56 - 2014-03-05 15:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 15:56 - 2011-08-02 22:25 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 20:44 - 2012-08-30 21:48 - 00000000 ____D () C:\Users\Jean\Documents\FOCUS
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-01 11:59 - 2014-03-01 11:58 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Jean\Downloads\spybot-2-2 (1).exe
2014-03-01 11:57 - 2014-03-01 11:56 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Jean\Downloads\spybot-2-2.exe
2014-03-01 01:05 - 2014-03-12 09:40 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-12 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-12 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-12 09:40 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-12 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 09:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-12 09:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-12 09:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-12 09:40 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-12 09:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-12 09:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-12 09:40 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-12 09:40 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-12 09:40 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-12 09:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:15 - 2014-02-28 23:15 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 23:15 - 2014-02-28 23:15 - 00000000 ____D () C:\Users\Jean\AppData\Roaming\Malwarebytes
2014-02-28 23:15 - 2014-02-28 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 23:11 - 2014-03-12 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-12 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-12 09:40 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-12 09:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-12 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-12 09:40 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-12 09:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-12 09:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-12 09:40 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-12 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-12 09:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-12 09:40 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-12 09:40 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-12 09:40 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-12 09:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-12 09:40 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 09:40 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 09:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-12 09:40 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-12 09:40 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 09:40 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 09:40 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 09:40 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 09:40 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-23 15:03 - 2012-09-03 12:43 - 00000000 ____D () C:\Users\Jean\AppData\Roaming\Skype
2014-02-23 14:52 - 2012-09-14 13:42 - 00000000 ____D () C:\Users\Jean\AppData\Local\CrashDumps
 
Some content of TEMP:
====================
C:\Users\Jean\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 11:06
 
==================== End Of Log ============================
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jean on Sat 03/22/2014 at 15:28:07.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F430F926-8B37-4969-9C27-3F6FCA6C1086}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{0EF05946-BF67-4A4C-BA4B-D408BA1BD6F8}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{24BE5E75-D3A9-48AD-B821-FBBCA22933C6}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{34A29F14-38A6-4FA2-8CD9-C08D76881157}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{38B3922E-64BF-4572-AB3B-D9A349A920A3}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{4377FECA-A876-4B08-B744-BE41B2988D56}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{4D863C6E-9C5F-46E6-8C06-EC795C3B5F70}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{50A40825-26BE-4721-9714-F9E813460B16}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{54968C34-6FCA-4988-A3AA-A93152D73803}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{54DF4150-E7BD-4590-BEFF-E4460C57070E}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{55199937-881B-47E0-A49A-FFD2DCD242E2}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{5549AC13-5F9D-4B1C-881C-DF705837A19A}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{5A43B76D-70AD-47D1-96C3-1FD05E9FDDB4}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{6ADAC7EC-59A3-40BA-B1EF-93E26A9FD16D}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{75A03805-A6F3-4ECF-B0C2-F3A2FE86B747}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{82BCEA8F-2E6C-4D35-B4A4-723811DB1D9D}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{839DBBA8-20E1-42B4-BB06-EA536BBC804C}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{91F07433-6289-47C9-9DA3-8B15992FF180}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{93823D6C-B9A4-4D44-BC30-329ED375FB7C}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{9D41A2D5-C2CA-426D-BBEA-289FFCFB7E0E}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{A62C7726-EA6E-4DEA-B7F7-303EE8B53517}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{A90B732D-8CEA-4459-BC01-B84E3AFD8BB8}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{AC0A0F51-A76C-4469-8065-2A66EB7AAE4F}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{B0A5BE4B-BAA0-42D6-9251-1C2A78A555EB}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{B5BEFAB6-5FA6-4759-B434-886AAF467830}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{BB43DA99-05DC-4035-9300-697C9F5CAD07}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{BC40B8DA-773E-4A46-B3BD-23FF6C17DA92}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{D189104B-B6CD-4352-86A7-694F35D3398F}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{D38AD5F5-4BBE-49C1-B1DF-20995E47EAD6}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{DC15C6A2-BC25-4ADE-A875-FF7E01EF6936}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{DCB41F65-9281-409B-8DE8-391C72E69232}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 15:44:22.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 beckhead

beckhead
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 24 March 2014 - 05:32 PM

nasdaq - here's the addtion.txt file that you said to attach.   thanks



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 25 March 2014 - 07:37 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jean\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Google Update) - C:\Users\Jean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

How is the computer running now?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 31 March 2014 - 07:47 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,461 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 06 April 2014 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users