Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Browsing, Windows Firewall Disabling, System Shutdown Part 2...


  • This topic is locked This topic is locked
17 replies to this topic

#1 UnhappyComputer

UnhappyComputer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 July 2014 - 06:27 PM

  I wanted to give a little update just so there is no confusion.  I chose the title so those who were helping me can spot it more easily if the same ones chooses to continue to help.  However, I no longer have the Windows Fire Wall disabling any more which is great.  However, I still have slow browsing and also black screens from time to time.  Not as bad as before, but they still show themselves.  I understand my lap top is old and it was hardly good when I first bought it five or so years ago.  But when visiting so many websites it begins to fill with junk and eventually gets very slow again.  (Best way I can describe it...) I do the whole internet options to delete my browsing history, but that does help.  Also my Avast when it is fully operational keeps telling me that-

 

"avast! Web Shield has blocked a harmful webpage or file.

Object: http://88.198.188.101/task/4001/

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe"

 

Now the object "http" it self changes constantly, but the actual infection and process is always the same and it always tells me it blocks it, but it will pop up every five seconds until I disable that function of Avast.  Even if I use Chrome which came with Avast it still does the blocking message and the websites could be anything.

 

Also this is a link to my previous thread before I was instructed to come here to post logs in case it helps to reveiw what has been going on.

 

http://www.bleepingcomputer.com/forums/t/538980/slow-browsing-windows-firewall-disabling-system-shutdown/

 

Thank you for your time and patience.

 

---------------------------------------------------------------------------------------------------------------

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Nef at 17:30:18 on 2014-07-07
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1979.823 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bleepingcomputer.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} -
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [X-IM] C:\Program Files (x86)\X-IM\xim.exe /r
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] C:\Users\Nef\AppData\Local\Akamai\netsession_win.exe
uRun: [googletalk] C:\Users\Nef\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
dRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe -update activex
StartupFolder: C:\Users\Nef\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} - hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
TCP: NameServer = 71.22.6.12
TCP: Interfaces\{15AD0DEB-C329-4609-8735-2E5F39FF4961} : DHCPNameServer = 71.22.6.12
TCP: Interfaces\{53044910-E8CB-45DB-BC2C-8E9299202E0E} : DHCPNameServer = 71.22.6.12
TCP: Interfaces\{94B65874-40F2-4AF5-B7FA-03524FC52483}\0484F6D65673646413 : DHCPNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-1 224896]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-5 69152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-1 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-1 427360]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-22 50464]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-1 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-1 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-1 50344]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-22 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-22 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-22 171928]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-9-1 107856]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-6-19 104960]
R3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-7-8 357248]
R3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-7-8 62976]
R3 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-9-1 124240]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-1-22 292864]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-9-1 120144]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-1 228408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-22 215040]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-1 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cacb9ed69ffafe;Google Update Service (gupdate1cacb9ed69ffafe);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-24 133104]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-6-19 19968]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\Windows\System32\drivers\cm_ser.sys [2010-3-2 118272]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-9-1 43032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-1 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-2-27 16392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-07-06 23:32:27 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC4E6B7F-72B5-4FA4-B9F5-D21E0E5A7860}\offreg.dll
2014-07-06 23:30:20 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC4E6B7F-72B5-4FA4-B9F5-D21E0E5A7860}\mpengine.dll
2014-07-05 19:53:28 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-04 02:36:11 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5A16ADF-C62B-44CF-BF07-F4CC6EE40B7E}\gapaengine.dll
2014-07-02 03:33:04 -------- d-----w- C:\Users\Nef\AppData\Roaming\AVAST Software
2014-07-02 03:02:03 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-07-02 03:02:02 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-02 03:02:01 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-07-02 03:01:58 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-02 03:01:57 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-02 03:01:56 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-02 03:01:55 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-02 02:58:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-02 02:37:13 -------- d-----w- C:\Program Files\AVAST Software
2014-06-30 20:51:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 20:51:43 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-30 07:49:02 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1404114571028
2014-06-30 07:49:01 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1404114571028
2014-06-30 07:44:09 -------- d-----w- C:\ProgramData\AVAST Software
2014-06-26 03:56:38 -------- d-----w- C:\AdwCleaner
2014-06-25 02:51:08 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-22 13:42:00 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-22 13:41:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 13:31:05 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-22 13:31:05 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-22 13:31:05 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-22 13:31:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 07:24:33 -------- d-----w- C:\Windows\System32\SPReview
2014-06-19 08:24:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-06-19 08:24:44 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-06-08 04:09:52 -------- d-----w- C:\e601b27f1f29ea4ba6babc07a8eee5
.
==================== Find3M  ====================
.
2014-05-07 19:41:43 522240 ----a-w- C:\Windows\System32\rpcss.dll
2014-05-07 19:41:43 509440 ----a-w- C:\Windows\System32\gwzrt.mlj
2014-05-07 19:29:13 509440 ----a-w- C:\Windows\SysWow64\rpcss.dll
2014-04-29 11:36:49 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 17:33:28.29 ===============
 

Attached Files


Edited by UnhappyComputer, 07 July 2014 - 11:30 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 08 July 2014 - 12:22 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 July 2014 - 01:54 AM

Thank you for your help in this matter.  However, when I ran the program it did not ask me to update Avast.  (Perhaps because Avast updates automatically every night?)  Here is the log that you requested.

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-09 00:57:49
-----------------------------
00:57:49.139    OS Version: Windows x64 6.1.7600
00:57:49.139    Number of processors: 1 586 0x170A
00:57:49.139    ComputerName: HI  UserName:
00:57:54.568    Initialize success
00:57:54.568    VM: initialized successfully
00:57:54.677    VM: Intel CPU virtualization not supported
00:58:00.262    AVAST engine defs: 14070701
01:01:27.430    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:01:27.430    Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11
01:01:27.524    Disk 0 MBR read successfully
01:01:27.539    Disk 0 MBR scan
01:01:27.929    Disk 0 unknown MBR code
01:01:27.945    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
01:01:27.945    Disk 0 default boot code
01:01:28.101    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       225688 MB offset 409600
01:01:28.148    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12586 MB offset 462618624
01:01:28.304    Disk 0 scanning C:\Windows\system32\drivers
01:01:40.534    Service scanning
01:02:01.922    Modules scanning
01:02:01.922    Disk 0 trace - called modules:
01:02:01.938    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:02:01.953    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800272a060]
01:02:01.953    3 CLASSPNP.SYS[fffff8800111a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800229f600]
01:02:02.780    AVAST engine scan C:\Windows
01:02:05.104    AVAST engine scan C:\Windows\system32
01:05:01.322    AVAST engine scan C:\Windows\system32\drivers
01:05:17.546    AVAST engine scan C:\Users\Nef
01:27:24.750    AVAST engine scan C:\ProgramData
01:41:15.576    Scan finished successfully
01:41:57.290    Disk 0 MBR has been saved successfully to "C:\Users\Nef\Documents\MBR.dat"
01:41:57.509    The log file has been saved successfully to "C:\Users\Nef\Documents\aswMBR.txt"

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 09 July 2014 - 03:48 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 July 2014 - 06:40 PM

I did as you suggested.  I shut down what I thought was all of my antivirus/spyware programs, however it appeared that I still had one up and it had told me mid way through so I went back and shut it down.  (Spybot Search and Destroy)  However, it also asked that I shut down my internet service which I did and waited, but nothing seemed to continue so I figured it was finnished.  I put the internet back on and was coming back here to let you know what happened, when a different screen popped up from before and began doing it's thing.  Near the end it asked me to again shut down my interent service which I did.  Then it finnished giving me a log which I am about to post.  However, when I tried to get back onto the internet I no longer had my service.  It was trying to go back through the installation of it, but I decided to just do a system restore point in case I could not get it working properly again.  Now my internet works again.  The system restore point was only from two days ago and I am not sure if anything would have been truly affected.  Unfortuneately, I assume what ever or at least most changes that were done by the scan was now reversed due to me going back two days with my system, but if I do not have the internet I would not be able to tell you of what happened.  If there is a way to make sure the scan does not mess with my internet I would be glad to try it again.

 

-----------------------------------------------------------------------------------------------------------------------------------------

 

ComboFix 14-07-08.01 - Nef 07/09/2014  17:09:40.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1979.758 [GMT -5:00]
Running from: c:\users\Nef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M14G5DPY\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tempdir
c:\windows\SysWow64\tempdir\tinypdf.chm
c:\windows\SysWow64\tempdir\tinypdf.dll
c:\windows\SysWow64\tempdir\tinypdf1.dll
c:\windows\SysWow64\tempdir\tinypdf2.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-09 to 2014-07-09  )))))))))))))))))))))))))))))))
.
.
2014-07-09 22:37 . 2014-07-09 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-09 22:37 . 2014-07-09 22:37 -------- d-----w- c:\users\Hello\AppData\Local\temp
2014-07-09 05:49 . 2014-07-09 05:49 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FB7AA0F-17E2-4981-B4D1-5E4B2E6156AB}\offreg.dll
2014-07-09 05:48 . 2014-06-05 08:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FB7AA0F-17E2-4981-B4D1-5E4B2E6156AB}\mpengine.dll
2014-07-09 02:46 . 2014-06-05 08:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-04 02:36 . 2014-06-19 08:33 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A16ADF-C62B-44CF-BF07-F4CC6EE40B7E}\gapaengine.dll
2014-07-02 03:33 . 2014-07-02 03:33 -------- d-----w- c:\users\Nef\AppData\Roaming\AVAST Software
2014-07-02 03:02 . 2014-07-02 02:59 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-07-02 03:02 . 2014-07-02 02:58 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-02 03:02 . 2014-07-02 02:58 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-02 03:01 . 2014-07-05 03:03 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-02 03:01 . 2014-07-02 02:58 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-02 03:01 . 2014-07-02 02:58 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-02 03:01 . 2014-07-02 02:58 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-02 03:01 . 2014-07-02 02:58 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-02 03:00 . 2014-07-02 02:58 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-02 02:58 . 2014-07-02 02:58 43152 ----a-w- c:\windows\avastSS.scr
2014-07-02 02:37 . 2014-07-02 02:37 -------- d-----w- c:\program files\AVAST Software
2014-06-30 20:51 . 2014-06-30 21:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-30 20:51 . 2014-06-30 20:51 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-30 07:49 . 2014-06-30 07:48 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1404114571028
2014-06-30 07:44 . 2014-07-02 02:37 -------- d-----w- c:\programdata\AVAST Software
2014-06-26 03:56 . 2014-06-28 01:40 -------- d-----w- C:\AdwCleaner
2014-06-25 02:51 . 2014-06-19 08:33 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-22 13:42 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-06-22 13:41 . 2014-06-22 13:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-06-22 13:31 . 2014-06-30 20:48 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-22 13:31 . 2014-06-27 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-22 13:31 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-22 13:31 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-21 07:24 . 2014-06-21 07:24 -------- d-----w- c:\windows\system32\SPReview
2014-06-19 08:24 . 2014-06-19 08:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-06-19 08:24 . 2014-06-19 08:25 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-08 04:05 . 2013-07-28 03:37 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-07 19:41 . 2014-05-07 19:29 522240 ----a-w- c:\windows\system32\rpcss.dll
2014-05-07 19:41 . 2014-05-07 19:29 509440 ----a-w- c:\windows\system32\gwzrt.mlj
2014-05-07 19:29 . 2014-05-07 19:29 509440 ----a-w- c:\windows\SysWow64\rpcss.dll
2014-04-29 11:36 . 2012-11-23 04:26 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-05-07 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rpcss.dll
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2014-05-07 . 73B961B38A4CDCAB38A4136427A733A7 . 522240 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"googletalk"="c:\users\Nef\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2010-09-08 54608]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-02 4086432]
.
c:\users\Nef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files (x86)\HP Button Manager\BM.exe [2011-6-19 311296]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1cacb9ed69ffafe;Google Update Service (gupdate1cacb9ed69ffafe);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys;c:\windows\SYSNATIVE\DRIVERS\cm_ser.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys;c:\aeriagames\EdenEternal\sjcs64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 01:34 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 22:10]
.
2014-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 22:10]
.
2014-07-08 c:\windows\Tasks\HPCeeScheduleForNef.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-02 02:58 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-06-25 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 71.22.6.12
DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} - hxxp://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-X-IM - c:\program files (x86)\X-IM\xim.exe
Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Nef\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-C-evo - c:\windows\system32\UniClear.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-09  17:47:49
ComboFix-quarantined-files.txt  2014-07-09 22:47
.
Pre-Run: 177,386,680,320 bytes free
Post-Run: 176,989,839,360 bytes free
.
- - End Of File - - 11BE4E2766D95614B1A747CABD46F88F
AEE357D355D7F06DFEC420A755C0B947
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 13 July 2014 - 12:21 PM

Please reboot into safe mode and try again


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 13 July 2014 - 02:51 PM

Using my operating system (Windows 7) how exactly do I get into safe mode, restarting and taping "F8"?  Also can I get online in safe mode?  I have tried to save previous programs from this site, but all I seem to do is run them, not actually save them.  I will try however.  Also do I automatically go back to normal mode once I restart the computer again, as in no longer in safe mode or do I have to do something else?  Sorry I am pretty computer illiterate.  Thank you.

 

Edit: I got the program saved to desk top, however my question of getting online in safe mode I am still wondering and would I even want to?  Is it useful for anything?


Edited by UnhappyComputer, 13 July 2014 - 02:54 PM.


#8 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 13 July 2014 - 10:49 PM

Ok I tried as you suggested and got into Safe Mode by holding down F8 on restart, however ComboFix ran, but then would tell me my Microsoft Security Essentials was on, even though it was not.  (Nor was it even on my Task Bar where my clock is.)   I finally decided to uninstall Microsoft Security Essentials completely and try again.  Then it was telling me my Avast and Spy Bot was the problem and finally got those taken down, but not uninstalled even though again they were not on my Task Bar.  Tried ComboFix again and it still did not work fully.  As it did the first time in Safe Mode the box of ComboFix pops up and it starts running it's quick checks, black screen with green lettering, but then half way I get error messages on the Backup Registry.  (The box with the two bars, I believe red at the top and blue at the bottom.)

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\BCD !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\system !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\software !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\default !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\security !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\sam !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\Users\00000001\ntuser.dat !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\Users\00000002\ntuser.dat !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\Users\00000003\ntuser.dat !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

Warning

Error saving file

C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]

 

  I am not sure if they were the exact same messages each and every time I tried this, but these were the basics.  Then I would wait after all that, but nothing would happen, as in another box showing it was scanning my files or a log file.  I have tried several times, but to no avail.  Any ideas or suggestions?  I do not remember having this much trouble when I did it normally the very first time you asked a few days ago.  Something to do with Safe Mode?


Edited by UnhappyComputer, 13 July 2014 - 10:52 PM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 14 July 2014 - 10:06 AM

Please reboot into normal mode.

We have to do something different:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 14 July 2014 - 01:21 PM

Ok I ran in normal mode as suggested.  I did not check or uncheck any boxes, only "scanned" as is.  However, in the section "One Month Created Files And Folders" anything with "//////////////////" I changed myself.  I write a lot of documents and the names of such is not important.  I recognized and verified they were created by me and I did leave the rest of the info for the files available to be viewed.

 

---------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by Nef (administrator) on HI on 14-07-2014 11:34:43
Running from C:\Users\Nef\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(ClearwireCM) C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe
(SmithMicro Inc.) C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
(SmithMicro Inc.) C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-03-05] ()
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [54608 2010-09-07] (ClearwireCM)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-01] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-07-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-21] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe [515464 2013-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-09-23] (Microsoft Corporation)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [X-IM] => C:\Program Files (x86)\X-IM\xim.exe /r
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nef\AppData\Local\Akamai\netsession_win.exe
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [googletalk] => C:\Users\Nef\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-4176540903-4000886592-2988826118-1000\...\MountPoints2: {090831ba-b643-11df-81e5-001a2008760f} - F:\WIN\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP Button Manager\BM.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Nef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll No File
BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} http://test.player.portalarium.com/installers/win32/PortalariumPlayer.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {ABB660B6-6694-407B-950A-EDBA5A159722} http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.22.6.12

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Nef\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Nef\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-01]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nef\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-30]
CHR Extension: (Google Wallet) - C:\Users\Nef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software)
S3 BFE; . [0 2014-07-14] () [File not signed]
R3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2010-09-01] (SmithMicro Inc.)
R2 clearwireDeviceDiagnosticsService; C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [398848 2010-06-17] () [File not signed]
R3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2010-09-01] (SmithMicro Inc.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [522240 2014-05-07] (Microsoft Corporation) [File not signed]
S2 gupdate1cacb9ed69ffafe; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-03-24] (Google Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [522240 2014-05-07] (Microsoft Corporation) [File not signed]
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2010-09-01] ()
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies)
R3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [357248 2010-07-08] (Beceem communications pvt ltd.)
R3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-07-08] (Beceem communications pvt ltd.)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
S3 cm_ser; C:\Windows\System32\DRIVERS\cm_ser.sys [118272 2008-05-29] (C-motech Co.,Ltd.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-05] (Lavasoft AB)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-09-01] (Smith Micro Inc.)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [49232 2010-09-01] ()
R3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2010-05-25] (Sierra Wireless Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-14 11:34 - 2014-07-14 11:35 - 00020872 _____ () C:\Users\Nef\Desktop\FRST.txt
2014-07-14 11:34 - 2014-07-14 11:34 - 00000000 ____D () C:\FRST
2014-07-14 11:33 - 2014-07-14 11:33 - 02086912 _____ (Farbar) C:\Users\Nef\Desktop\FRST64.exe
2014-07-13 23:40 - 2014-07-14 01:02 - 00000082 ____H () C:\Users\Nef\Documents\.~lock.//////////////////.odt#
2014-07-13 21:46 - 2014-07-13 21:46 - 00000000 ____D () C:\ComboFix
2014-07-13 20:22 - 2014-07-13 21:46 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-13 18:43 - 2014-07-13 18:44 - 05220073 ____R (Swearware) C:\Users\Nef\Desktop\ComboFix.exe
2014-07-13 14:52 - 2014-07-13 14:52 - 05185536 _____ (AVAST Software) C:\Users\Nef\Desktop\aswmbr.exe
2014-07-12 02:01 - 2014-07-14 01:02 - 00014896 _____ () C:\Users\Nef\Documents\/////////////////.odt
2014-07-10 02:17 - 2014-07-10 02:17 - 00022730 _____ () C:\Users\Nef\Documents\///////////////////////....odt
2014-07-10 01:08 - 2014-07-10 01:08 - 00021285 _____ () C:\Users\Nef\Documents\//////////////////////////.odt
2014-07-09 17:48 - 2014-07-09 17:48 - 00025371 _____ () C:\Users\Nef\Documents\combo fix.txt
2014-07-09 17:47 - 2014-07-09 17:47 - 00025371 _____ () C:\ComboFix.txt
2014-07-09 16:45 - 2014-07-09 17:47 - 00000000 ____D () C:\Qoobox
2014-07-09 16:43 - 2014-07-13 21:46 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 13:05 - 2014-07-09 13:29 - 00010724 _____ () C:\Users\Nef\Documents\/////////////////////////....odt
2014-07-09 01:41 - 2014-07-09 01:41 - 00002045 _____ () C:\Users\Nef\Documents\aswMBR.txt
2014-07-09 01:41 - 2014-07-09 01:41 - 00000512 _____ () C:\Users\Nef\Documents\MBR.dat
2014-07-08 01:33 - 2014-07-08 01:33 - 00012869 _____ () C:\Users\Nef\Documents\/////////////////.odt
2014-07-07 18:27 - 2014-07-07 18:27 - 00016600 _____ () C:\Users\Nef\Downloads\Attach.txt
2014-07-07 17:35 - 2014-07-07 17:35 - 00020903 _____ () C:\Users\Nef\Documents\DDS.txt
2014-07-07 17:35 - 2014-07-07 17:35 - 00016600 _____ () C:\Users\Nef\Documents\Attach.txt
2014-07-05 01:41 - 2014-07-07 17:33 - 00020903 _____ () C:\Users\Nef\Desktop\dds.txt
2014-07-05 01:41 - 2014-07-07 17:33 - 00016600 _____ () C:\Users\Nef\Desktop\attach.txt
2014-07-05 01:33 - 2014-07-05 01:33 - 00688992 ____R (Swearware) C:\Users\Nef\Downloads\dds.com
2014-07-04 22:36 - 2014-07-04 22:36 - 00015497 _____ () C:\Users\Nef\Documents\////////////////////////....odt
2014-07-04 00:31 - 2014-07-04 03:27 - 00021612 _____ () C:\Users\Nef\Documents\/////////////////////////////....odt
2014-07-01 22:33 - 2014-07-01 22:33 - 00000000 ____D () C:\Users\Nef\AppData\Roaming\AVAST Software
2014-07-01 22:13 - 2014-07-09 18:18 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-01 22:13 - 2014-07-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-01 22:03 - 2014-07-13 19:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-01 22:02 - 2014-07-01 21:59 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-01 22:02 - 2014-07-01 21:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-01 22:02 - 2014-07-01 21:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-01 22:01 - 2014-07-04 22:03 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-01 22:01 - 2014-07-01 21:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-01 22:01 - 2014-07-01 21:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-01 22:01 - 2014-07-01 21:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-01 22:01 - 2014-07-01 21:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-01 22:00 - 2014-07-01 21:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-01 21:58 - 2014-07-01 21:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-01 21:37 - 2014-07-01 21:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-01 21:28 - 2014-07-01 21:29 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-06-30 22:33 - 2014-06-30 22:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-30 22:33 - 2014-06-30 22:33 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-30 15:51 - 2014-06-30 16:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 15:51 - 2014-06-30 15:51 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 15:48 - 2014-06-30 16:54 - 00000000 ____D () C:\Users\Nef\Desktop\mbar
2014-06-30 02:54 - 2014-06-30 02:54 - 00002219 _____ () C:\Users\Nef\Desktop\Google Chrome.lnk
2014-06-30 02:49 - 2014-06-30 02:48 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404114571028
2014-06-30 02:49 - 2014-06-30 02:48 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404114571028
2014-06-30 02:44 - 2014-07-01 21:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 08:11 - 2014-06-28 08:11 - 00011217 _____ () C:\Users\Nef\Documents\///////////.odt
2014-06-28 01:50 - 2014-06-30 02:31 - 00014422 _____ () C:\Users\Nef\Documents\//////.odt
2014-06-27 02:20 - 2014-07-12 00:50 - 00012321 _____ () C:\Users\Nef\Documents\////////////////.odt
2014-06-26 22:06 - 2014-06-26 22:06 - 00015138 _____ () C:\Users\Nef\Documents\//////////.odt
2014-06-26 17:37 - 2014-06-27 00:55 - 00018459 _____ () C:\Users\Nef\Documents\ADD.odt
2014-06-26 01:09 - 2014-06-26 01:09 - 00197945 _____ () C:\Users\Nef\Documents\by it self.txt
2014-06-25 23:48 - 2014-06-25 23:48 - 00265227 _____ () C:\Users\Nef\Documents\allfour.txt
2014-06-25 23:12 - 2014-06-25 23:12 - 00009116 _____ () C:\Users\Nef\Documents\AdwCleaner[S0]after.txt
2014-06-25 23:00 - 2014-06-25 23:00 - 00009218 _____ () C:\Users\Nef\Documents\AdwCleaner[R0]before.txt
2014-06-25 22:56 - 2014-06-27 20:40 - 00000000 ____D () C:\AdwCleaner
2014-06-25 22:53 - 2014-06-25 22:53 - 00206356 _____ () C:\Users\Nef\Documents\TDSS1.txt
2014-06-25 22:42 - 2014-06-25 22:42 - 00004682 _____ () C:\Users\Nef\Documents\Rkill1.txt
2014-06-25 22:36 - 2014-06-27 20:32 - 00004564 _____ () C:\Users\Nef\Desktop\Rkill.txt
2014-06-25 22:33 - 2014-06-25 22:33 - 00046090 _____ () C:\Users\Nef\Documents\Result1.txt
2014-06-25 22:12 - 2014-06-25 22:33 - 00046090 _____ () C:\Users\Nef\Desktop\Result.txt
2014-06-25 22:09 - 2014-06-25 22:09 - 00401920 _____ (Farbar) C:\Users\Nef\Downloads\MiniToolBox.exe
2014-06-25 12:21 - 2014-06-25 12:21 - 00024320 _____ () C:\Users\Nef\Documents\Blp.odt
2014-06-23 00:17 - 2014-06-23 00:13 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-001714.backup
2014-06-23 00:13 - 2014-06-23 00:11 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-001359.backup
2014-06-22 08:42 - 2014-06-22 08:42 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-22 08:42 - 2014-06-22 08:42 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-22 08:42 - 2014-06-22 08:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-22 08:42 - 2014-06-22 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-22 08:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-22 08:41 - 2014-07-09 18:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 08:31 - 2014-06-30 15:48 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-22 08:31 - 2014-06-26 19:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-22 08:31 - 2014-06-26 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-22 08:31 - 2014-06-26 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 08:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-22 08:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 23:27 - 2014-06-21 23:27 - 00000000 ____S () C:\Windows\system32\mroyb.nox
2014-06-21 02:24 - 2014-06-21 02:24 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-18 14:50 - 2014-06-18 15:07 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Nef\Downloads\pur13.0.2.558abcdEN_5352 (2).exe
2014-06-16 19:35 - 2014-06-16 19:35 - 00315743 ____S () C:\Windows\system32\ndtkc.zxi

==================== One Month Modified Files and Folders =======

2014-07-14 11:35 - 2014-07-14 11:34 - 00020872 _____ () C:\Users\Nef\Desktop\FRST.txt
2014-07-14 11:34 - 2014-07-14 11:34 - 00000000 ____D () C:\FRST
2014-07-14 11:33 - 2014-07-14 11:33 - 02086912 _____ (Farbar) C:\Users\Nef\Desktop\FRST64.exe
2014-07-14 11:21 - 2010-01-22 23:06 - 01626775 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 10:58 - 2011-09-27 01:47 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000UA.job
2014-07-14 10:39 - 2010-03-24 17:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 01:02 - 2014-07-13 23:40 - 00000082 ____H () C:\Users\Nef\Documents\.~lock.///////////////.odt#
2014-07-14 01:02 - 2014-07-12 02:01 - 00014896 _____ () C:\Users\Nef\Documents\/////////////////////.odt
2014-07-13 23:45 - 2013-01-18 12:21 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNef
2014-07-13 23:45 - 2013-01-18 12:21 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForNef.job
2014-07-13 22:58 - 2011-09-27 01:47 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000Core.job
2014-07-13 21:56 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 21:56 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 21:49 - 2013-05-30 09:35 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-07-13 21:49 - 2010-03-24 17:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 21:49 - 2010-02-15 15:16 - 00000000 ____D () C:\Users\Nef\Tracing
2014-07-13 21:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 21:49 - 2009-07-13 23:51 - 00133799 _____ () C:\Windows\setupact.log
2014-07-13 21:46 - 2014-07-13 21:46 - 00000000 ____D () C:\ComboFix
2014-07-13 21:46 - 2014-07-13 20:22 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-13 21:46 - 2014-07-09 16:43 - 00000000 ____D () C:\Windows\erdnt
2014-07-13 21:17 - 2014-06-07 01:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-13 19:53 - 2014-07-01 22:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-13 18:44 - 2014-07-13 18:43 - 05220073 ____R (Swearware) C:\Users\Nef\Desktop\ComboFix.exe
2014-07-13 14:52 - 2014-07-13 14:52 - 05185536 _____ (AVAST Software) C:\Users\Nef\Desktop\aswmbr.exe
2014-07-12 00:50 - 2014-06-27 02:20 - 00012321 _____ () C:\Users\Nef\Documents\//////////////////////.odt
2014-07-11 15:31 - 2010-02-19 14:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-10 23:42 - 2010-02-11 08:00 - 00645718 _____ () C:\Windows\PFRO.log
2014-07-10 02:17 - 2014-07-10 02:17 - 00022730 _____ () C:\Users\Nef\Documents\//////////////////////////////....odt
2014-07-10 01:08 - 2014-07-10 01:08 - 00021285 _____ () C:\Users\Nef\Documents\//////////////////////////.odt
2014-07-09 18:18 - 2014-07-01 22:13 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-09 18:06 - 2010-02-11 02:10 - 00000000 ____D () C:\Users\Nef
2014-07-09 18:04 - 2014-06-22 08:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-09 18:04 - 2011-01-02 16:20 - 00000000 ____D () C:\Windows\SysWOW64\tempdir
2014-07-09 18:04 - 2010-11-04 10:56 - 00000000 ____D () C:\Users\Hello
2014-07-09 18:04 - 2010-06-02 14:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-09 18:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-09 18:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-09 18:03 - 2009-11-01 02:16 - 00000000 ____D () C:\ProgramData\Temp
2014-07-09 17:48 - 2014-07-09 17:48 - 00025371 _____ () C:\Users\Nef\Documents\combo fix.txt
2014-07-09 17:47 - 2014-07-09 17:47 - 00025371 _____ () C:\ComboFix.txt
2014-07-09 17:47 - 2014-07-09 16:45 - 00000000 ____D () C:\Qoobox
2014-07-09 17:47 - 2012-05-11 01:44 - 00000000 ____D () C:\Users\Text Games
2014-07-09 17:47 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-09 13:29 - 2014-07-09 13:05 - 00010724 _____ () C:\Users\Nef\Documents\////////////////////////....odt
2014-07-09 01:41 - 2014-07-09 01:41 - 00002045 _____ () C:\Users\Nef\Documents\aswMBR.txt
2014-07-09 01:41 - 2014-07-09 01:41 - 00000512 _____ () C:\Users\Nef\Documents\MBR.dat
2014-07-08 01:33 - 2014-07-08 01:33 - 00012869 _____ () C:\Users\Nef\Documents\///////////////////.odt
2014-07-07 18:27 - 2014-07-07 18:27 - 00016600 _____ () C:\Users\Nef\Downloads\Attach.txt
2014-07-07 17:35 - 2014-07-07 17:35 - 00020903 _____ () C:\Users\Nef\Documents\DDS.txt
2014-07-07 17:35 - 2014-07-07 17:35 - 00016600 _____ () C:\Users\Nef\Documents\Attach.txt
2014-07-07 17:33 - 2014-07-05 01:41 - 00020903 _____ () C:\Users\Nef\Desktop\dds.txt
2014-07-07 17:33 - 2014-07-05 01:41 - 00016600 _____ () C:\Users\Nef\Desktop\attach.txt
2014-07-05 01:33 - 2014-07-05 01:33 - 00688992 ____R (Swearware) C:\Users\Nef\Downloads\dds.com
2014-07-04 22:36 - 2014-07-04 22:36 - 00015497 _____ () C:\Users\Nef\Documents\///////////////////////....odt
2014-07-04 22:03 - 2014-07-01 22:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-04 03:27 - 2014-07-04 00:31 - 00021612 _____ () C:\Users\Nef\Documents\/////////////////////....odt
2014-07-01 22:33 - 2014-07-01 22:33 - 00000000 ____D () C:\Users\Nef\AppData\Roaming\AVAST Software
2014-07-01 22:13 - 2014-07-01 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-01 21:59 - 2014-07-01 22:02 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-01 21:58 - 2014-07-01 22:02 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-01 21:58 - 2014-07-01 22:02 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-01 21:58 - 2014-07-01 22:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-01 21:58 - 2014-07-01 22:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-01 21:58 - 2014-07-01 22:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-01 21:58 - 2014-07-01 22:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-01 21:58 - 2014-07-01 22:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-01 21:58 - 2014-07-01 21:58 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-01 21:37 - 2014-07-01 21:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-01 21:37 - 2014-06-30 02:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-01 21:29 - 2014-07-01 21:28 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-06-30 22:33 - 2014-06-30 22:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-30 22:33 - 2014-06-30 22:33 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-30 22:31 - 2009-11-01 02:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-30 22:31 - 2009-11-01 02:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-30 21:41 - 2009-11-01 03:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 16:54 - 2014-06-30 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-30 16:54 - 2014-06-30 15:48 - 00000000 ____D () C:\Users\Nef\Desktop\mbar
2014-06-30 15:51 - 2014-06-30 15:51 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 15:48 - 2014-06-22 08:31 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 15:36 - 2010-02-20 16:22 - 00000000 ____D () C:\Users\Nef\AppData\Local\CrashDumps
2014-06-30 02:54 - 2014-06-30 02:54 - 00002219 _____ () C:\Users\Nef\Desktop\Google Chrome.lnk
2014-06-30 02:53 - 2010-03-24 17:10 - 00000000 ____D () C:\Users\Nef\AppData\Local\Google
2014-06-30 02:48 - 2014-06-30 02:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1404114571028
2014-06-30 02:48 - 2014-06-30 02:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1404114571028
2014-06-30 02:31 - 2014-06-28 01:50 - 00014422 _____ () C:\Users\Nef\Documents\//////////////////.odt
2014-06-28 08:11 - 2014-06-28 08:11 - 00011217 _____ () C:\Users\Nef\Documents\/////////////////.odt
2014-06-27 20:40 - 2014-06-25 22:56 - 00000000 ____D () C:\AdwCleaner
2014-06-27 20:32 - 2014-06-25 22:36 - 00004564 _____ () C:\Users\Nef\Desktop\Rkill.txt
2014-06-27 00:55 - 2014-06-26 17:37 - 00018459 _____ () C:\Users\Nef\Documents\ADD.odt
2014-06-26 22:06 - 2014-06-26 22:06 - 00015138 _____ () C:\Users\Nef\Documents\/////////////.odt
2014-06-26 19:17 - 2014-06-22 08:31 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 19:17 - 2014-06-22 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 19:17 - 2014-06-22 08:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 01:09 - 2014-06-26 01:09 - 00197945 _____ () C:\Users\Nef\Documents\by it self.txt
2014-06-25 23:48 - 2014-06-25 23:48 - 00265227 _____ () C:\Users\Nef\Documents\allfour.txt
2014-06-25 23:12 - 2014-06-25 23:12 - 00009116 _____ () C:\Users\Nef\Documents\AdwCleaner[S0]after.txt
2014-06-25 23:00 - 2014-06-25 23:00 - 00009218 _____ () C:\Users\Nef\Documents\AdwCleaner[R0]before.txt
2014-06-25 22:53 - 2014-06-25 22:53 - 00206356 _____ () C:\Users\Nef\Documents\TDSS1.txt
2014-06-25 22:42 - 2014-06-25 22:42 - 00004682 _____ () C:\Users\Nef\Documents\Rkill1.txt
2014-06-25 22:33 - 2014-06-25 22:33 - 00046090 _____ () C:\Users\Nef\Documents\Result1.txt
2014-06-25 22:33 - 2014-06-25 22:12 - 00046090 _____ () C:\Users\Nef\Desktop\Result.txt
2014-06-25 22:09 - 2014-06-25 22:09 - 00401920 _____ (Farbar) C:\Users\Nef\Downloads\MiniToolBox.exe
2014-06-25 12:21 - 2014-06-25 12:21 - 00024320 _____ () C:\Users\Nef\Documents\Blp.odt
2014-06-24 10:52 - 2010-12-01 17:51 - 00000000 ____D () C:\Users\Nef\Documents\My Scans
2014-06-24 10:34 - 2011-07-03 20:28 - 00000000 ____D () C:\Users\Nef\Documents\WebCam Media
2014-06-24 10:10 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 00:13 - 2014-06-23 00:17 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-001714.backup
2014-06-23 00:11 - 2014-06-23 00:13 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-001359.backup
2014-06-22 08:42 - 2014-06-22 08:42 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-22 08:42 - 2014-06-22 08:42 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-22 08:42 - 2014-06-22 08:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-22 08:42 - 2014-06-22 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-21 23:27 - 2014-06-21 23:27 - 00000000 ____S () C:\Windows\system32\mroyb.nox
2014-06-21 23:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-21 02:24 - 2014-06-21 02:24 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-21 02:22 - 2009-11-01 02:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 20:33 - 2010-03-24 17:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 20:33 - 2010-03-24 17:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 15:07 - 2014-06-18 14:50 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Nef\Downloads\pur13.0.2.558abcdEN_5352 (2).exe
2014-06-16 19:35 - 2014-06-16 19:35 - 00315743 ____S () C:\Windows\system32\ndtkc.zxi

Files to move or delete:
====================
C:\Users\Nef\jagex_runescape_preferences.dat
C:\Users\Nef\jagex_runescape_preferences2.dat
C:\Users\Nef\jagex__preferences3.dat

Some content of TEMP:
====================
C:\Users\Nef\AppData\Local\Temp\Quarantine.exe
C:\Users\Nef\AppData\Local\Temp\_is6F50.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2014-05-07 14:29] - [2014-05-07 14:41] - 0522240 ____A (Microsoft Corporation) 73B961B38A4CDCAB38A4136427A733A7

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 02:02

==================== End Of Log ============================

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014
Ran by Nef at 2014-07-14 11:37:20
Running from C:\Users\Nef\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{511CFE49-F318-4659-BC3F-73E9DBC3E2A8}) (Version: 2.0.11.138 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{800B3855-2646-4707-B915-BDCC28F03D63}) (Version: 3.0.45.413 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C-evo (HKLM-x32\...\C-evo) (Version:  - )
CLEAR Connection Manager (HKLM\...\{A0F1CE9B-1908-4BDA-8298-2DAB5F2040F6}) (Version: 2.00.0079.0 - Clearwire)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3325 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivX Author 1.5 (HKLM-x32\...\{55718B4B90B54F7EADC5621C750A14E6}) (Version: 1.5.0 - DivX, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.0.450 - DivX, Inc. )
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
F4400 (x32 Version: 130.0.448.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Button Manager (HKLM-x32\...\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}) (Version: 3.5.00 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Webcam User's Guide (HKLM-x32\...\{2028646C-E143-4DB1-AE19-AA31CA90E103}) (Version:  - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version:  - )
muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
office Convert Pdf to Jpg Jpeg Tiff Free 6.4 (HKLM-x32\...\office Convert Pdf to Jpg Jpeg Tiff Free_is1) (Version:  - Officeconvert Software, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quest (HKLM-x32\...\{99843EA4-C506-40F6-87FC-FFDC588D810F}) (Version: 5.20.0000 - Axe Software)
Quest (HKLM-x32\...\{E8FD4349-AF5E-4906-90D8-75AB44140B95}) (Version: 5.10.0000 - Axe Software)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTin++ (HKLM-x32\...\{F4367109-9D3A-470C-8424-9E9B1361D8A6}) (Version: 2.00.9 - TinTin++ development team)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

04-07-2014 02:33:14 Windows Update
07-07-2014 17:39:17 Windows Backup
07-07-2014 18:51:12 Windows Backup
07-07-2014 19:04:58 Windows Backup
07-07-2014 19:11:26 Windows Backup
07-07-2014 21:53:30 Windows Backup
07-07-2014 22:03:32 Windows Backup
08-07-2014 02:27:51 Windows Update
09-07-2014 22:58:45 Restore Operation
09-07-2014 23:06:28 avast! antivirus system restore point
09-07-2014 23:26:13 Windows Update
13-07-2014 23:48:17 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-06-23 00:13 - 00450770 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {0761569C-1BFE-4BB0-99D6-95B85BD2BD28} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{90063108-7CFB-426A-BFA4-897A2AF71B4C}.exe
Task: {1A4843F8-7C2B-4DDE-90F7-2297CB7C3331} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {70225FF6-7C35-44D0-A90A-A1FF1E8835D2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-01] (AVAST Software)
Task: {7A50072B-5D43-46D9-9D8E-38DAA96C785F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24] (Google Inc.)
Task: {7E07DF81-984A-4D87-8DC5-530CFCAC2B7E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000UA => C:\Users\Nef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {850483F0-D33B-4494-8B6C-F2E8C17E1B55} - System32\Tasks\HPCeeScheduleForNef => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {908AE878-B01D-423B-A7BA-C5B33FFB4E3D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000Core => C:\Users\Nef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B215C81B-6090-49CA-B696-206F28AAF46E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B21BAFF4-8FC9-4DC5-AA50-88D9B1982440} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {CAA49C12-CCC1-4F28-986F-3401D7ACFD11} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {CF149A54-8551-41C5-9C40-E00BFDF0C672} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D2EF38C5-EFA1-4D50-A8A3-FFEDFE8D1423} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {D76BBA6E-C021-4FEC-8AD8-4B0D847B67B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DD44D7F9-F93E-4B2B-AC14-696A8B99CBC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-07-08] (Microsoft)
Task: {F0574E2B-25D0-41C6-AE67-13A08FE37220} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24] (Google Inc.)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{90063108-7CFB-426A-BFA4-897A2AF71B4C}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000Core.job => C:\Users\Nef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176540903-4000886592-2988826118-1000UA.job => C:\Users\Nef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNef.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-17 17:55 - 2010-06-17 17:55 - 00398848 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
2009-11-01 03:05 - 2009-07-06 14:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-09-01 15:00 - 2010-09-01 15:00 - 00107856 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
2014-07-01 21:57 - 2014-07-01 21:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-13 20:01 - 2014-07-13 20:01 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071301\algo.dll
2010-09-01 14:21 - 2010-09-01 14:21 - 00311296 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\libxvi010.dll
2014-06-22 08:41 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-22 08:41 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-22 08:41 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-01 21:58 - 2014-07-01 21:58 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-22 08:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-22 08:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-01-17 16:19 - 2012-03-13 23:52 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 18:45 - 2012-03-13 23:52 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2010-09-01 14:59 - 2010-09-01 14:59 - 00120144 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\Pac.dll
2010-09-01 14:59 - 2010-09-01 14:59 - 00070992 _____ () C:\Program Files (x86)\Clearwire\Connection Manager\Eap.dll
2010-04-23 12:40 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-06-04 23:52 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:27D40D6F
AlternateDataStreams: C:\ProgramData\Temp:A31FAD21
AlternateDataStreams: C:\ProgramData\Temp:C7DEC6B7

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros AR9285 802.11b/g/n WiFi Adapter
Description: Atheros AR9285 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 01:22:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/13/2014 08:54:24 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HI)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (07/13/2014 07:00:06 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/13/2014 01:18:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/12/2014 02:28:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/11/2014 02:12:41 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/10/2014 02:35:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/10/2014 01:43:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/09/2014 06:07:11 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: 0xc0000022.

Error: (07/09/2014 02:57:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (07/13/2014 09:49:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/13/2014 09:49:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%2

Error: (07/13/2014 09:49:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (07/13/2014 09:49:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error:
%%5

Error: (07/13/2014 09:49:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the BFE service which failed to start because of the following error:
%%5

Error: (07/13/2014 09:49:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BFE service failed to start due to the following error:
%%5

Error: (07/13/2014 09:47:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/13/2014 09:47:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/13/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/13/2014 09:46:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-09 17:35:44.200
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-09 17:35:43.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-06 05:44:02.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-06 05:44:02.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-06 05:44:02.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-26 06:19:38.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-26 06:19:38.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-26 06:19:38.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 05:45:29.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-25 05:45:29.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 1979.2 MB
Available physical RAM: 507.99 MB
Total Pagefile: 3958.39 MB
Available Pagefile: 1402.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.4 GB) (Free:162.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.29 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0393754D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 15 July 2014 - 06:23 AM

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 15 July 2014 - 11:16 AM

I am assuming you meant click "Search File(s)" and NOT "Search Registry".

 

 

Farbar Recovery Scan Tool (x64) Version: 14-07-2014
Ran by Nef at 2014-07-15 11:06:50
Running from C:\Users\Nef\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-08 21:42][2010-11-20 08:27] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00][2009-07-13 20:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is signed]

C:\Windows\SysWOW64\rpcss.dll
[2014-05-07 14:29][2014-05-07 14:29] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is signed]

C:\Windows\System32\rpcss.dll
[2014-05-07 14:29][2014-05-07 14:41] 0522240 ____A (Microsoft Corporation) 73B961B38A4CDCAB38A4136427A733A7

====== End Of Search ======



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 15 July 2014 - 01:02 PM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 UnhappyComputer

UnhappyComputer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 15 July 2014 - 04:07 PM

Ok, I tried it and after it was done it restarted my computer for me.  When I logged back onto my laptop a box popped up asking if I wanted to run FRST again or something to that effect.  I could not use my mouse pointer so I just hit the Enter key and it was already highlighted on "no", so nothing ran.  I tried to get back onto the internet to tell you my findings, but the same thing happened again from my post #5 from this thread.  My internet service was trying to unzip and reload itself back on.  Again for purposes to make sure I could still get back online, I did a System Restore from only two days ago and obviously I am back online again.  I do still have the logs, but also my Microsoft Security Essentials is loaded back onto my computer and FRST has been unloaded, but again I still have the log files which I am posting now.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by Nef at 2014-07-15 15:04:58 Run:1
Running from C:\Users\Nef\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
REPLACE: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
BHO-x32: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7B403403-A678-40C1-917B-354ECD92A484} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

AlternateDataStreams: C:\ProgramData\Temp:27D40D6F
AlternateDataStreams: C:\ProgramData\Temp:A31FAD21
AlternateDataStreams: C:\ProgramData\Temp:C7DEC6B7
C:\Users\Nef\jagex_runescape_preferences.dat
C:\Users\Nef\jagex_runescape_preferences2.dat
C:\Users\Nef\jagex__preferences3.dat
2014-06-16 19:35 - 2014-06-16 19:35 - 00315743 ____S () C:\Windows\system32\ndtkc.zxi
2014-06-21 23:27 - 2014-06-21 23:27 - 00000000 ____S () C:\Windows\system32\mroyb.nox
2014-06-21 23:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep

REBOOT:

*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
'HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{53707962-6F74-2D53-2644-206D7942484F}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B403403-A678-40C1-917B-354ECD92A484}' => Key deleted successfully.
'HKCR\CLSID\{7B403403-A678-40C1-917B-354ECD92A484}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7B403403-A678-40C1-917B-354ECD92A484}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7B403403-A678-40C1-917B-354ECD92A484}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B403403-A678-40C1-917B-354ECD92A484}' => Key deleted successfully.
'HKCR\CLSID\{7B403403-A678-40C1-917B-354ECD92A484}'=> Key not found.
C:\ProgramData\Temp => ":27D40D6F" ADS removed successfully.
C:\ProgramData\Temp => ":A31FAD21" ADS removed successfully.
C:\ProgramData\Temp => ":C7DEC6B7" ADS removed successfully.
C:\Users\Nef\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Nef\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Nef\jagex__preferences3.dat => Moved successfully.
Could not move "C:\Windows\system32\ndtkc.zxi" => Scheduled to move on reboot.
C:\Windows\system32\mroyb.nox => Moved successfully.
C:\Windows\system32\sysprep => Moved successfully.

 

----------------------------------------------------------------------------------------------------------------------------------

 

Also my Microsoft Security Essentials gave me a warning of-

 

"C:\Windows\System32\rpcss.dll"

 

that might require analysis and might be malicious.

 

 

Thank you.

 

Edit: And I still can not properly use Malwarebytes for the same reasons before.  I keep getting pop ups as it tries to download, the same messages from before.  (If not this thread than the original thread before this one tells all the details.)  Then when I try to use the program, it stalls and does nothing.  Not even a screen pops up.


Edited by UnhappyComputer, 15 July 2014 - 04:13 PM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 16 July 2014 - 03:32 AM

Everytime you restore your system, everything we did is reverted.

We have to fix it from the outside.

 

If you are facing any problems, don´t do anything without my instructions.

Rather, stop at this point and reply to me using your smartphone or similar.

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users