Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Freezing Browser, Redirects, Slow/


  • This topic is locked This topic is locked
37 replies to this topic

#1 stonemanjr

stonemanjr

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 17 August 2014 - 09:28 AM

We have a problem with a Win 7 OS on a  Samsung Laptop- SLow/No opening browser windows, files/folders freezing, desktop icons and menu bar disappearing then reappearing with long stalls. Have had to do several re-starts adn then it begins again. Thanks for any help that can offered!!



BC AdBot (Login to Remove)

 


m

#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:39 AM

Posted 18 August 2014 - 06:08 PM

Hello again stonemanjr, and welcome back! It's good to see you again! :)

 

You did not post any logs for analysis, is this because you are unable to on this machine?

 

==========

 

Please try to download FRST and run it on the machine with the issue using the same instructions we've previously used (if you're not sure whether it's 32 or 64-bit, download both versions of FRST and try to run both...the one that runs will be the correct one). If you are unable to do it with that machine, then download the program from another clean machine, and transfer it over via flashdrive.

 

Run FRST and post both logs (FRST.txt and Addition.txt). If for some reason it will not run in normal boot mode, then boot into safemode and run the tool that way.

 

Post whatever logs you are able to, and let me know how it goes!

 

bloopie



#3 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 August 2014 - 07:02 PM

Thank you -got it! I was going to run the DDS but figured I should wait for steps you wanted done.

Will post tonite! Thinks its 64 bit

Best regards!

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:39 AM

Posted 18 August 2014 - 08:00 PM

Okay! :thumbup2:

bloopie

EDIT: I may not get back to you until tomorrow evening! My apologies for any delays!

Edited by bloopie, 18 August 2014 - 08:15 PM.


#5 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 August 2014 - 08:15 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by man (administrator) on CORNERSTONE on 18-08-2014 21:08:24
Running from C:\Users\man\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsetime.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Duality Software) C:\Program Files (x86)\DS Clock\dsclock.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-10-19] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-08-31] (Intel® Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Run: [DS Clock] => C:\Program Files (x86)\DS Clock\DSClock.exe [583560 2011-10-10] (Duality Software)
HKU\S-1-5-21-2067896838-3830993589-4124492298-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5999B3DC3ECCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\abs@avira.com [2014-08-17]
FF Extension: Firefox 3 Aero theme for Firefox 4+ - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\ffe_ff3aeroff4@game-point.net.xpi [2011-12-21]
FF Extension: NoScript - C:\Users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-02-18]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-17] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-17] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-08-31] (Red Bend Ltd.) [File not signed]
R2 DSClockSyncTime; C:\Program Files (x86)\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-08-31] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-09-02] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 21:08 - 2014-08-18 21:09 - 00018674 _____ () C:\Users\man\Desktop\FRST.txt
2014-08-18 21:07 - 2014-08-18 21:08 - 00000000 ____D () C:\FRST
2014-08-18 21:07 - 2014-08-18 21:07 - 02101760 _____ (Farbar) C:\Users\man\Desktop\FRST64.exe
2014-08-18 11:31 - 2014-08-18 11:37 - 00034816 _____ () C:\Users\man\Desktop\Amanda_Smith_Timesheet_8_10.xls
2014-08-17 23:37 - 2014-08-17 23:37 - 01918158 _____ () C:\Users\man\Desktop\popup.bmp
2014-08-17 23:23 - 2014-08-17 23:23 - 00000000 ____D () C:\Users\man\AppData\Local\WinZip Courier
2014-08-17 23:23 - 2014-08-17 23:23 - 00000000 ____D () C:\ProgramData\WinZipEC
2014-08-17 21:34 - 2014-08-17 21:34 - 00001770 _____ () C:\Users\man\Desktop\AdwCleaner[S5].txt
2014-08-17 16:00 - 2014-08-17 16:00 - 00001176 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 15:58 - 2014-08-17 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 11:54 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-17 11:54 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-17 11:54 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-17 11:54 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-17 11:54 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-17 11:54 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-17 11:53 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-17 11:53 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-17 11:39 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-17 11:39 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-17 11:09 - 2014-08-17 11:30 - 00000000 ____D () C:\Users\man\AppData\Local\Avg2013
2014-08-17 03:22 - 2014-07-24 08:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-17 03:22 - 2014-07-24 08:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-17 03:22 - 2014-07-24 08:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-17 03:22 - 2014-07-24 08:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-17 03:22 - 2014-07-24 08:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-17 03:22 - 2014-07-24 06:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-17 03:22 - 2014-07-24 06:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-17 03:22 - 2014-07-24 06:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-17 03:22 - 2014-07-24 06:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-17 03:22 - 2014-07-24 06:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-17 03:22 - 2014-07-24 06:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-17 03:22 - 2014-07-24 05:37 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-08-17 03:22 - 2014-07-24 05:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-17 03:21 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-17 03:21 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-17 03:10 - 2014-08-17 03:10 - 00000000 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 03:07 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-17 03:07 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-17 03:07 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-17 03:07 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-17 03:07 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-17 03:07 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-17 03:07 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-17 03:02 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-17 03:02 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-17 03:02 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-17 02:55 - 2014-08-17 02:55 - 00001194 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 02:47 - 2014-08-18 19:05 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 02:46 - 2014-08-17 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 02:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-17 02:41 - 2014-08-17 21:17 - 00004592 _____ () C:\windows\PFRO.log
2014-08-17 02:08 - 2014-08-17 02:07 - 01361203 _____ () C:\Users\man\Desktop\AdwCleaner.exe
2014-08-01 16:44 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-08-01 16:44 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-08-01 16:44 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-08-01 16:44 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-08-01 16:44 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-08-01 16:44 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-08-01 16:44 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-08-01 16:44 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-08-01 16:44 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-08-01 16:44 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-08-01 16:44 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-08-01 16:44 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-08-01 16:43 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-08-01 16:43 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-08-01 16:43 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-01 16:43 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-08-01 16:43 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-08-01 16:43 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-08-01 16:43 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-08-01 16:43 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-08-01 16:41 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-08-01 16:41 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-08-01 16:41 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-08-01 16:41 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-08-01 16:41 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-08-01 16:41 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-08-01 16:41 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-08-01 16:41 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-08-01 16:41 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-08-01 16:41 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-08-01 16:41 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-08-01 16:41 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-08-01 16:41 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-08-01 16:41 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-08-01 16:41 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-08-01 16:41 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-08-01 16:41 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-08-01 16:41 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-08-01 16:41 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-08-01 16:41 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-08-01 16:40 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-08-01 16:40 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-08-01 16:40 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-08-01 16:40 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-08-01 16:40 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-08-01 16:40 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-08-01 16:40 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-08-01 16:40 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-08-01 16:40 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-08-01 16:40 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-08-01 16:40 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-08-01 16:40 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-08-01 16:40 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-08-01 16:40 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-08-01 16:40 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-08-01 16:40 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-08-01 16:40 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-08-01 16:40 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-08-01 16:40 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-08-01 16:40 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-08-01 16:40 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-08-01 16:40 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-08-01 16:40 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\windows\Temp5D95FA32-B7D4-71DE-4D82-D4C35AE2B53D-Signatures

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 21:09 - 2014-08-18 21:08 - 00018674 _____ () C:\Users\man\Desktop\FRST.txt
2014-08-18 21:08 - 2014-08-18 21:07 - 00000000 ____D () C:\FRST
2014-08-18 21:07 - 2014-08-18 21:07 - 02101760 _____ (Farbar) C:\Users\man\Desktop\FRST64.exe
2014-08-18 21:05 - 2010-12-02 21:16 - 01365376 _____ () C:\windows\WindowsUpdate.log
2014-08-18 21:01 - 2012-05-14 22:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 19:08 - 2009-07-14 00:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 19:08 - 2009-07-14 00:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 19:05 - 2014-08-17 02:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 18:59 - 2014-01-13 19:36 - 00000000 ____D () C:\ProgramData\VMware
2014-08-18 18:58 - 2011-12-16 00:46 - 00000320 _____ () C:\windows\Tasks\GlaryInitialize.job
2014-08-18 18:58 - 2011-12-12 03:40 - 00000000 ____D () C:\Users\man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-08-18 18:58 - 2010-12-02 21:18 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2014-08-18 18:57 - 2014-03-24 12:25 - 00000840 _____ () C:\windows\setupact.log
2014-08-18 18:57 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-18 15:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-08-18 11:37 - 2014-08-18 11:31 - 00034816 _____ () C:\Users\man\Desktop\Amanda_Smith_Timesheet_8_10.xls
2014-08-17 23:37 - 2014-08-17 23:37 - 01918158 _____ () C:\Users\man\Desktop\popup.bmp
2014-08-17 23:23 - 2014-08-17 23:23 - 00000000 ____D () C:\Users\man\AppData\Local\WinZip Courier
2014-08-17 23:23 - 2014-08-17 23:23 - 00000000 ____D () C:\ProgramData\WinZipEC
2014-08-17 23:10 - 2013-11-28 01:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-17 22:07 - 2011-12-15 16:36 - 00000000 ___RD () C:\Users\man\Desktop\Windows Utilities
2014-08-17 21:34 - 2014-08-17 21:34 - 00001770 _____ () C:\Users\man\Desktop\AdwCleaner[S5].txt
2014-08-17 21:17 - 2014-08-17 02:41 - 00004592 _____ () C:\windows\PFRO.log
2014-08-17 21:15 - 2014-03-04 00:05 - 00000000 ____D () C:\AdwCleaner
2014-08-17 21:13 - 2012-12-03 17:16 - 00000000 ____D () C:\Users\man\Desktop\Referral INformation
2014-08-17 16:16 - 2011-12-15 16:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-17 16:00 - 2014-08-17 16:00 - 00001176 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 16:00 - 2013-08-19 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-17 15:59 - 2013-08-19 21:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 15:59 - 2011-12-15 16:27 - 00000000 ____D () C:\ProgramData\Avira
2014-08-17 15:58 - 2014-08-17 15:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 15:44 - 2014-01-14 01:44 - 00000000 ____D () C:\Users\man\Desktop\New folder
2014-08-17 11:30 - 2014-08-17 11:09 - 00000000 ____D () C:\Users\man\AppData\Local\Avg2013
2014-08-17 11:30 - 2011-12-16 00:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 11:07 - 2013-08-16 11:22 - 00000000 ____D () C:\windows\system32\MRT
2014-08-17 03:35 - 2011-12-19 18:43 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-17 03:14 - 2012-05-07 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 03:10 - 2014-08-17 03:10 - 00000000 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 03:10 - 2013-08-15 08:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 02:55 - 2014-08-17 02:55 - 00001194 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 02:55 - 2014-03-03 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 02:55 - 2011-12-15 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-08-17 02:55 - 2011-12-15 16:44 - 00000000 ____D () C:\Program Files (x86)\Wise Registry Cleaner
2014-08-17 02:55 - 2011-12-15 16:04 - 00001206 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 02:54 - 2014-03-04 02:24 - 03538568 _____ (WiseCleaner.com ) C:\Users\man\Downloads\WRC8Setup_Beta.exe
2014-08-17 02:47 - 2011-12-15 16:49 - 00000000 ____D () C:\Users\man\AppData\Roaming\Malwarebytes
2014-08-17 02:47 - 2011-12-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-17 02:46 - 2014-08-17 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 02:46 - 2012-05-14 22:31 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-08-17 02:07 - 2014-08-17 02:08 - 01361203 _____ () C:\Users\man\Desktop\AdwCleaner.exe
2014-08-15 11:05 - 2012-10-19 19:52 - 00000000 ____D () C:\Users\man\Desktop\NOTES
2014-08-14 17:41 - 2009-08-01 22:27 - 00000000 ____D () C:\windows\Panther
2014-08-14 17:40 - 2009-07-14 00:45 - 00368720 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-14 17:39 - 2013-05-16 00:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 17:39 - 2013-05-16 00:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 17:34 - 2010-12-03 14:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-14 17:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-08-14 17:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-08-14 17:15 - 2009-07-13 22:34 - 00000499 _____ () C:\windows\win.ini
2014-08-14 16:56 - 2013-10-04 01:06 - 00002160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-14 16:56 - 2012-10-15 19:48 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-14 16:55 - 2013-10-04 01:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-14 16:55 - 2012-10-15 19:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-14 16:40 - 2013-05-16 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-01 16:09 - 2012-05-14 22:15 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-01 16:08 - 2012-05-14 22:15 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 16:08 - 2011-12-15 22:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 16:01 - 2013-10-04 01:02 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-08-01 16:00 - 2013-08-19 21:09 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-08-01 16:00 - 2013-08-19 21:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-08-01 15:40 - 2014-08-01 15:40 - 00000000 ____D () C:\windows\Temp5D95FA32-B7D4-71DE-4D82-D4C35AE2B53D-Signatures
2014-07-24 08:11 - 2014-08-17 03:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-24 08:10 - 2014-08-17 03:22 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-24 08:10 - 2014-08-17 03:22 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-24 08:09 - 2014-08-17 03:22 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-24 08:09 - 2014-08-17 03:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-24 06:52 - 2014-08-17 03:22 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-24 06:52 - 2014-08-17 03:22 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-24 06:51 - 2014-08-17 03:22 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-24 06:51 - 2014-08-17 03:22 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-24 06:33 - 2014-08-17 03:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-24 06:29 - 2014-08-17 03:22 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-24 05:37 - 2014-08-17 03:22 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-24 05:32 - 2014-08-17 03:22 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\man\AppData\Local\Temp\avgnt.exe
C:\Users\man\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 15:29

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by man at 2014-08-18 21:09:34
Running from C:\Users\man\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dangerous Waters (HKLM-x32\...\{DCFF5D9C-C618-45C9-A61E-14A6981F28C6}) (Version:  - )
DCS A-10C (HKLM\...\DCS A-10C_is1) (Version: 1.1.0.7 - )
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
DS Clock (HKLM-x32\...\DS Clock_is1) (Version: 2.6.2 - Duality Software)
EASEUS Partition Master 9.1.0 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.7.1_WHQL (HKLM\...\Elantech) (Version: 8.0.7.1 - ELAN Microelectronic Corp.)
Falcon 4.0 (HKLM-x32\...\Falcon 4.0) (Version:  - )
Falcon BMS 4.32 (HKLM-x32\...\Falcon BMS 4.32) (Version: 4.32 - Benchmark Sims)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities 2.40.0.1326 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.40.0.1326 - Glarysoft Ltd)
Gunship! (HKLM-x32\...\Gunship!) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel PROSet Wireless (Version:  - ) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}) (Version: 1.3.9.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.0 (HKLM-x32\...\{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultimediaPOP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version:  - Lars Hederer)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6176 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.18 - Samsung)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
SRS Premium Sound Control Panel (HKLM\...\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}) (Version: 1.8.8100 - SRS Labs, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.01 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.01 - WiseCleaner.com, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2067896838-3830993589-4124492298-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Restore Points  =========================

17-03-2014 02:16:46 Windows Update
17-03-2014 02:44:27 Windows Update
22-03-2014 05:20:19 Windows Update
03-04-2014 15:22:33 Windows Update
01-08-2014 19:30:36 Windows Update
14-08-2014 20:30:06 Windows Update
17-08-2014 07:02:24 Windows Update
17-08-2014 07:02:24 Installed Java 7 Update 67
17-08-2014 07:23:21 Windows Update
17-08-2014 15:52:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-03-04 00:44 - 00450712 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {029B3186-3DC7-4DA0-9B91-B7C651E0B76F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-01] (Adobe Systems Incorporated)
Task: {18ADD2F2-88B7-40C5-8CEE-17267E463D25} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-12-08] (Glarysoft Ltd)
Task: {32809FA6-8BCA-4735-B7F0-944503FCAF3C} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {42AB848E-78C7-49CF-92F6-9877611145E7} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
Task: {62A94F26-0F28-4E67-8E73-8B0353C755CF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-07-30] (SAMSUNG Electronics)
Task: {AEF23F3F-7440-44A6-AFF0-E3A7143063BD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F9273020-A9B6-4D2B-A247-2D6A7098B0E1} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe

==================== Loaded Modules (whitelisted) =============

2012-10-29 12:08 - 2012-10-02 15:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-19 00:39 - 2010-10-19 00:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-12-02 21:29 - 2009-07-07 14:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-10-19 00:39 - 2010-10-19 00:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2009-06-03 07:59 - 2009-06-03 07:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 07:59 - 2009-06-03 07:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-17 16:00 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\man\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2010-12-02 21:34 - 2010-05-07 10:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-08-17 02:55 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 07:01:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/18/2014 07:01:38 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-08-18T19:01:38.373-04:00| vthread-5| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (08/18/2014 03:46:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/18/2014 03:38:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/18/2014 03:37:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/18/2014 03:29:01 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (08/17/2014 11:08:38 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/17/2014 11:08:38 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/17/2014 11:02:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/17/2014 11:02:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (08/18/2014 08:51:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/18/2014 08:51:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CORNERSTONE    :0" could not be registered on the interface with IP address 192.168.1.43.
The computer with the IP address 192.168.1.46 did not allow the name to be claimed by
this computer.

Error: (08/18/2014 08:51:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (08/18/2014 08:50:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (08/18/2014 07:01:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/18/2014 07:01:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/18/2014 07:01:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMI Performance Adapter service terminated with the following error:
%%-2147467259

Error: (08/18/2014 06:59:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CORNERSTONE    :20" could not be registered on the interface with IP address 192.168.1.43.
The computer with the IP address 192.168.1.46 did not allow the name to be claimed by
this computer.

Error: (08/18/2014 06:59:34 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0091895D-E03F-4A9F-942B-774B46DA73BB} because another computer on the network has the same name.  The server could not start.

Error: (08/18/2014 06:58:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.


Microsoft Office Sessions:
=========================
Error: (08/18/2014 07:01:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000853F0000853F0000980B0000

Error: (08/18/2014 07:01:38 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-08-18T19:01:38.373-04:00| vthread-5| E105: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (08/18/2014 03:46:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (08/18/2014 03:38:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/18/2014 03:37:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/18/2014 03:29:01 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (08/17/2014 11:08:38 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (08/17/2014 11:08:38 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/17/2014 11:02:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (08/17/2014 11:02:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: CORNERSTONE)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2012-10-17 17:24:30.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-17 17:24:30.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-12-29 23:34:38.995
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 22:12:37.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 22:05:49.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 21:26:25.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 21:18:44.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 13:29:25.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 13:11:52.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-29 12:59:33.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 41%
Total physical RAM: 3882.09 MB
Available physical RAM: 2262.65 MB
Total Pagefile: 7762.35 MB
Available Pagefile: 5232.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HOME ) (Fixed) (Total:232 GB) (Free:151.47 GB) NTFS
Drive d: () (Fixed) (Total:346.39 GB) (Free:345.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 15EE6788)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=346.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=17.7 GB) - (Type=27)

==================== End Of Log ============================



#6 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 August 2014 - 08:38 PM

we are getting pop-ups now that include: Windows PC repair, Do you want to run a free scan, and similiar

address:   "s.rev2pub.com/player.html?rt=popunder&a=..............



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:39 AM

Posted 18 August 2014 - 10:37 PM

Hello again,
 
I've got bad news...your log is showing evidence of a file infector on board! There are very few cases that actually survive this type of infection after cleaning (we can still try to clean this infection, but I really cannot promise anything at all)!
 
Here is some information regarding this infection:
 
Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/GenericWin32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware. With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousandscannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted, and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remotecrack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable, and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan, and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Backdoors and What They Mean to You

This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.====================
 
Your quickest/easiest/safest method of ridding your system of this, is a reformat and reinstall. This is my personal suggestion to you, and especially if this machine is part of a work network!
 
==========
 
Sorry for the bringer of bad news...in any case, please let me know what you decide to do!
 
bloopie

Edited by bloopie, 30 August 2014 - 02:05 PM.


#8 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 19 August 2014 - 12:51 PM

Should we try and see if it can be isolated/removed? I assume I should not be doing any banking on this computer, etc. until we can secure? can you tell me in the log where you saw this? thanks again for your help!



#9 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 19 August 2014 - 01:11 PM

Lets give it a shot!



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:39 AM

Posted 19 August 2014 - 05:37 PM

Hello again,
 

Lets give it a shot!

Okay, let's see what happens! :)
 

I assume I should not be doing any banking on this computer, etc. until we can secure? can you tell me in the log where you saw this?

You should not be doing any banking on this machine unless it can be cleaned. I'm not sure if you understand how to read the output of the logs, but there is an entry in the log:  HKU\S-1-5-21-2067896838-3830993589-4124492298-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll (). That, plus looking at the errors on your machine point to a file infector. But we cannot really be certain of how much damage it has done to the machine. We're most definitely going to need Combofix and ESET for starters, but we'll see how it goes.

You will need to disable both of your antivirus programs for both of these scans. Please do not continue with Step 2 if you cannot complete Step 1!

Step :step1:

Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

Step :step2:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
==========

Please post both resultant logs in your next reply!

bloopie

#11 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2014 - 04:14 AM

ok I think I was able to disable the anti virus and malware parts but if you need me to run again I can try...it took 2 trys to get ComboFix to complete.

ComboFix 14-08-19.01 - man 08/20/2014   4:25.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3882.1133 [GMT -4:00]
Running from: c:\users\man\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\man\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-20 to 2014-08-20  )))))))))))))))))))))))))))))))
.
.
2014-08-20 08:38 . 2014-08-20 08:38    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-08-20 08:38 . 2014-08-20 08:38    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-20 08:38 . 2014-08-20 08:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-19 22:49 . 2014-08-19 22:49    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60993C1C-54E8-43BD-8B79-C8894B4E8659}\offreg.dll
2014-08-19 22:21 . 2014-08-19 22:18    1169712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B99ACA79-0019-49D6-8B80-486D3B9AB02C}\gapaengine.dll
2014-08-19 22:19 . 2014-08-07 08:59    11319200    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60993C1C-54E8-43BD-8B79-C8894B4E8659}\mpengine.dll
2014-08-19 01:07 . 2014-08-19 01:10    --------    d-----w-    C:\FRST
2014-08-18 23:20 . 2014-08-07 08:59    11319200    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-18 03:23 . 2014-08-18 03:23    --------    d-----w-    c:\users\man\AppData\Local\WinZip Courier
2014-08-18 03:23 . 2014-08-18 03:23    --------    d-----w-    c:\programdata\WinZipEC
2014-08-18 03:23 . 2014-08-20 05:14    --------    d-----w-    c:\users\man\AppData\Local\assembly
2014-08-17 19:58 . 2014-08-17 19:58    --------    d-----w-    c:\programdata\Package Cache
2014-08-17 15:54 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-17 15:54 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-17 15:54 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-17 15:54 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-17 15:54 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-17 15:54 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-17 15:53 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 15:53 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-17 15:39 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-17 15:39 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-17 15:09 . 2014-08-17 15:30    --------    d-----w-    c:\users\man\AppData\Local\Avg2013
2014-08-17 07:21 . 2014-07-16 03:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-17 07:21 . 2014-07-16 02:46    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-17 07:07 . 2014-06-03 10:02    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-08-17 07:07 . 2014-06-03 10:02    1941504    ----a-w-    c:\windows\system32\authui.dll
2014-08-17 07:07 . 2014-06-03 09:29    2363392    ----a-w-    c:\windows\SysWow64\msi.dll
2014-08-17 07:07 . 2014-06-03 09:29    1805824    ----a-w-    c:\windows\SysWow64\authui.dll
2014-08-17 07:07 . 2014-06-03 10:02    112064    ----a-w-    c:\windows\system32\consent.exe
2014-08-17 07:07 . 2014-06-03 10:02    504320    ----a-w-    c:\windows\system32\msihnd.dll
2014-08-17 07:07 . 2014-06-03 09:29    337408    ----a-w-    c:\windows\SysWow64\msihnd.dll
2014-08-17 07:02 . 2014-06-16 02:10    985536    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-08-17 07:02 . 2014-06-25 02:05    14175744    ----a-w-    c:\windows\system32\shell32.dll
2014-08-17 06:47 . 2014-08-20 08:17    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 06:46 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-01 20:43 . 2014-06-18 02:19    1247232    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-01 20:41 . 2014-03-04 09:20    3969984    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2014-08-01 20:40 . 2014-05-30 08:08    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-08-01 19:40 . 2014-08-01 19:40    --------    d-----w-    c:\windows\Temp5D95FA32-B7D4-71DE-4D82-D4C35AE2B53D-Signatures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 19:45 . 2010-06-24 02:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-17 07:35 . 2011-12-19 22:43    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-01 20:08 . 2012-05-15 02:15    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-01 20:08 . 2011-12-16 02:09    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-01 20:01 . 2013-10-04 05:02    42040    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-08-01 20:00 . 2013-08-20 01:09    130584    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-08-01 20:00 . 2013-08-20 01:09    117712    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"DS Clock"="c:\program files (x86)\DS Clock\DSClock.exe" [2011-10-10 583560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-17 751184]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart\0 /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 DSClockSyncTime;DS Clock Synchronization Service www.dualitysoft.com;c:\program files (x86)\DS Clock\dsetime.exe;c:\program files (x86)\DS Clock\dsetime.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 20:08]
.
2014-08-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-12-16 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-17 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-17 161304]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1931024]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-17 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\man\AppData\Roaming\Mozilla\Firefox\Profiles\czbc0kjm.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Falcon BMS 4.32 - c:\users\man\Desktop\FALCON\Falcon BMS 4.32 Setup\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2014-08-20  04:51:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-20 08:51
ComboFix2.txt  2014-08-20 05:44
ComboFix3.txt  2012-10-15 20:41
.
Pre-Run: 163,081,981,952 bytes free
Post-Run: 162,756,034,560 bytes free
.
- - End Of File - - BBDD87CC17EA9990E36369873384D5EA
 



#12 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2014 - 10:19 AM

ok ran both and the ESET for some reason did not save a report however it did find threats. Its looks like though from your instrucitons that I needed to request a report from it, so running it again now



#13 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2014 - 12:04 PM

C:\Documents and Settings\man\Desktop\CORNER STONE\Wise_Folder_Hider-75713475.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\man\Desktop\Windows Utilities\331.82-notebook-win8-win7-64bit-international-whql.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\man\Desktop\Windows Utilities\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\man\Desktop\Windows Utilities\YTDSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Documents and Settings\man\Desktop\Windows Utilities\Windows UTILTY\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Documents and Settings\man\Downloads\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\man\Downloads\ccsetup313.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\man\Downloads\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\man\Downloads\gusetup.exe    a variant of Win32/ELEX.AG potentially unwanted application
C:\Documents and Settings\man\Downloads\YouTubeDownloaderSetup35.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
 



#14 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2014 - 05:18 PM

C:\Documents and Settings\man\Desktop\CORNER STONE\Wise_Folder_Hider-75713475.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Documents and Settings\man\Desktop\Windows Utilities\331.82-notebook-win8-win7-64bit-international-whql.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\man\Desktop\Windows Utilities\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\man\Desktop\Windows Utilities\YTDSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Documents and Settings\man\Desktop\Windows Utilities\Windows UTILTY\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Documents and Settings\man\Downloads\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\man\Downloads\ccsetup313.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\man\Downloads\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\man\Downloads\gusetup.exe    a variant of Win32/ELEX.AG potentially unwanted application
C:\Documents and Settings\man\Downloads\YouTubeDownloaderSetup35.exe    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:39 AM

Posted 20 August 2014 - 05:37 PM

Hello again,

 

That's looking pretty good! You may have dodged a bullet! But it looks like you didn't have ESET "Remove found Threats"...is this correct? If so, please run it again and make sure ESET is set to remove found threats! Then post the resultant log for me.

 

==========

 

Once that's completed, please update your Malwarebytes Antimalware (aka MBAM), run a quick/hyper scan, and post the resultant log for me in your next reply(s)!

 

==========

 

Also, how is the machine doing now? Any changes?

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users