Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is f.reewarekeyboardlog.exe?


  • This topic is locked This topic is locked
10 replies to this topic

#1 iddhi

iddhi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 05 September 2014 - 08:13 PM

Hi

 

i recently installed a bunch of spyware on my win 7 system, ran malwarebytes to remove most of them but there are still remaining issues.A program named freewarekeyboardlog.exe keeps running malwarebytes did not identify it, plus it cant be stopped in the task manager. I did not find any inforation about this program in the web.

When i try to copy and paste the program name from hijack this it removes itself from memory and nothing is pasted, see the hijack this dumb below.

In order to paste the line containg the program name i had to add a dot betweenthe first letter of the program and the folder it is installed in. So this line was completley removed when i posted the hijack this log:

C:\Users\me\AppData\Local\R.epositorySchemaScreenshot\F.reewareKeyboardLog.exe

 

Any advice on what to do here?

 

 

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\me\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:11211
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe"
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DOSInteractiveUtility - Unknown owner - C:\Windows\SysWOW64\DOSInteractiveUtility\DOSInteractiveUtility.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Unicom Connection Manager\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5387 bytes
 

 



BC AdBot (Login to Remove)

 


#2 iddhi

iddhi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 05 September 2014 - 08:44 PM

Ok

 

i could remove the program RepositorySchemaScreenshot.exe from the start services by using msconfig.

 

Then i was able to delete the folder "RepositorySchemaScreenshot" in directory C:\Users\me\AppData\Local\

Before windows refused to delete the folder containing the two exe files and other crap because the software was running.

 

Anything else i could do at this point?

 

Here the latest Hijackthis dumb: (Hijaxk this indicated that the system refused write access to hosts files, so i had to start hijack it as admin)

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:39:28, on 2014/9/6
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

FIREFOX: 31.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\me\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:34178
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DOSInteractiveUtility - Unknown owner - C:\Windows\SysWOW64\DOSInteractiveUtility\DOSInteractiveUtility.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Unicom Connection Manager\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5588 bytes
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 10 September 2014 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 iddhi

iddhi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 10 September 2014 - 07:21 PM

Hello,

 

thanks for the reply.

 

Here the logs.

 

ogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : me [Admin rights]
Mode : Remove -- Date : 09/11/2014  07:56:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RepositorySchemaScreenshot.exe () -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RepositorySchemaScreenshot.exe () -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RepositorySchemaScreenshot.exe () -> DELETED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D26AFA4-A180-454E-9D1C-7C9EF42C4252} | NameServer : 5.0.0.1 8.8.8.8  -> REPLACED ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7D26AFA4-A180-454E-9D1C-7C9EF42C4252} | NameServer : 5.0.0.1 8.8.8.8  -> REPLACED ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST975042 ST9750420AS SCSI Disk Device +++++
--- User ---
[MBR] eb2832556189ee7e6dc89276f7c7708f
[BSP] 416d02abd1e3f1533cfbc682b60e074c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 115303 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 236347392 | Size: 599998 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09112014_074825.log - RKreport_SCN_09112014_074758.log - RKreport_SCN_09112014_075216.log - RKreport_DEL_09112014_075241.log
RKreport_SCN_09112014_075553.log

 

 

# AdwCleaner v3.309 - Report created 11/09/2014 at 08:02:06
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : me - ME-PC
# Running from : C:\Users\me\Downloads\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\me\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : [x64] HKLM\SOFTWARE\Upt

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\7calwx8e.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1567 octets] - [11/09/2014 07:58:59]
AdwCleaner[S0].txt - [1467 octets] - [11/09/2014 08:02:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1527 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by me (administrator) on ME-PC on 11-09-2014 08:05:51
Running from C:\Users\me\Desktop\New folder
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Unicom Connection Manager\AssistantServices.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Unicom Connection Manager\UIMain.exe
() C:\Program Files (x86)\Unicom Connection Manager\CMUpdater.exe
() C:\Windows\SysWOW64\DOSInteractiveUtility\DOSInteractiveUtility.exe
() C:\Program Files (x86)\eDealsPop\eDealsPop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-21] (Intel Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Unicom Connection Manager\UIExec.exe [142080 2013-02-01] ()
HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3573132850-2912819436-135227824-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3573132850-2912819436-135227824-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3573132850-2912819436-135227824-1000\...\MountPoints2: {e63a74f4-336d-11e4-8f6d-84a6c8135ea6} - G:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-22] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\..\Interfaces\{5565D9A1-E882-4F3D-9F9F-E15FFD79B327}: [NameServer] 221.6.4.66 58.240.57.33

FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\7calwx8e.default
FF NetworkProxy: "type", 0
FF Extension: Print pages to PDF - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\7calwx8e.default\Extensions\printPages2Pdf@reinhold.ripper [2014-09-03]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\7calwx8e.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-09-10]
FF Extension: ScrapBook - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\7calwx8e.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-09-05]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DOSInteractiveUtility; C:\Windows\SysWOW64\DOSInteractiveUtility\DOSInteractiveUtility.exe [60965 2014-09-03] () [File not signed]

R2 UI Assistant Service; C:\Program Files (x86)\Unicom Connection Manager\AssistantServices.exe [264448 2013-02-01] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-27] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-11-26] (Intel Corporation)
S3 ComputerZ_x64; \??\C:\Program Files (x86)\Ludashi\ComputerZ_x64.sys [X]
S3 HWCore; \??\C:\Program Files (x86)\DTLSoft\DriveTheLife\hwcore64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 08:05 - 2014-09-11 08:05 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-09-11 08:05 - 2014-09-11 08:05 - 00000000 ____D () C:\FRST
2014-09-11 08:04 - 2014-09-11 08:05 - 00000000 ____D () C:\Users\me\Desktop\New folder
2014-09-11 07:58 - 2014-09-11 08:02 - 00000000 ____D () C:\AdwCleaner
2014-09-11 07:44 - 2014-09-11 07:49 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-11 07:44 - 2014-09-11 07:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-11 07:35 - 2014-09-11 07:35 - 01370467 _____ () C:\Users\me\Downloads\adwcleaner_3.309.exe
2014-09-11 07:34 - 2014-09-11 07:35 - 05429848 _____ () C:\Users\me\Downloads\RogueKillerX64.exe
2014-09-11 07:19 - 2014-09-11 07:20 - 00000000 ____D () C:\Users\me\Desktop\david engine block example
2014-09-11 06:12 - 2014-09-11 06:26 - 141597625 _____ () C:\Users\me\Downloads\documents-export-2014-09-10.zip
2014-09-10 21:39 - 2014-09-10 21:39 - 00000000 ____D () C:\Users\me\AppData\Roaming\CircuitWorks
2014-09-10 21:25 - 2014-09-10 21:26 - 00000000 ____D () C:\Users\me\AppData\Local\TempSWBackupDirectory
2014-09-10 20:31 - 2014-09-10 21:19 - 00000000 ____D () C:\Users\me\AppData\Local\TempSW备份目录
2014-09-10 20:29 - 2014-09-10 20:29 - 00000000 ____D () C:\Users\me\AppData\Roaming\NVIDIA
2014-09-10 20:27 - 2014-09-10 20:28 - 00000000 ____D () C:\Temp
2014-09-10 20:03 - 2014-09-10 20:03 - 00000000 ____D () C:\Users\me\AppData\Roaming\help_images_otherUI
2014-09-10 20:03 - 2014-09-10 20:03 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\Users\me\AppData\Roaming\DassaultSystemes
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\Users\me\AppData\Local\DassaultSystemes
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-09-10 19:50 - 2014-09-10 19:50 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-09-10 19:50 - 2014-09-10 19:50 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-09-10 19:49 - 2014-09-10 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:49 - 2014-09-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Users\me\Documents\Visual Studio 2005
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Users\me\AppData\Local\Microsoft Help
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-09-10 19:48 - 2014-09-10 19:48 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-10 19:11 - 2014-09-10 19:11 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-10 19:11 - 2014-09-10 19:11 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-10 19:11 - 2014-09-10 19:11 - 00000000 ____D () C:\Users\me\AppData\Roaming\OpenOffice
2014-09-10 19:10 - 2014-09-10 19:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-10 18:58 - 2014-09-10 18:58 - 00000000 ____D () C:\Users\me\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-10 18:34 - 2014-09-10 18:55 - 140852175 _____ () C:\Users\me\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-07 06:37 - 2014-09-07 06:37 - 00000948 _____ () C:\Users\me\Desktop\Core Temp.lnk
2014-09-07 06:37 - 2014-09-07 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-09-07 06:37 - 2014-09-07 06:37 - 00000000 ____D () C:\Program Files\Core Temp
2014-09-07 06:35 - 2014-09-07 06:35 - 01285176 _____ (Alcpu ) C:\Users\me\Downloads\Core-Temp-installer.exe
2014-09-07 06:34 - 2014-09-07 06:34 - 00415016 _____ () C:\Users\me\Downloads\CoreTempGadget.zip
2014-09-07 06:33 - 2014-09-07 06:33 - 00656864 _____ () C:\Users\me\Downloads\coretempgadget-setup.exe
2014-09-06 15:08 - 2014-09-06 15:08 - 01095532 _____ (pendrivelinux.com) C:\Users\me\Downloads\Universal-USB-Installer-1.9.5.5.exe
2014-09-06 14:58 - 2014-09-06 14:58 - 01928068 _____ () C:\Users\me\Desktop\FixDotNet20140906215805090.cab
2014-09-06 14:54 - 2014-09-06 14:56 - 00879096 _____ (Microsoft Corporation) C:\Users\me\Downloads\NetFxRepairTool.exe
2014-09-06 14:35 - 2014-09-06 14:35 - 00266065 _____ () C:\Users\me\Downloads\dotnetfx_cleanup_tool.zip
2014-09-06 14:34 - 2014-09-06 14:46 - 50449456 _____ (Microsoft Corporation) C:\Users\me\Downloads\dotNetFx40_Full_x86_x64.exe
2014-09-06 14:30 - 2012-03-09 18:14 - 04096000 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\ueye_api_64.dll
2014-09-06 14:30 - 2012-03-09 18:14 - 03303936 _____ (IDS Imaging Development Systems GmbH) C:\Windows\SysWOW64\ueye_api.dll
2014-09-06 14:30 - 2012-03-09 18:14 - 03123712 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\ueye_tools_64.dll
2014-09-06 14:30 - 2012-03-09 18:14 - 02444800 _____ (IDS Imaging Development Systems GmbH) C:\Windows\SysWOW64\ueye_tools.dll
2014-09-06 14:24 - 2014-09-06 14:24 - 00889416 _____ (Microsoft Corporation) C:\Users\me\Downloads\dotNetFx40_Full_setup.exe
2014-09-06 14:18 - 2012-03-09 18:14 - 01967616 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager.exe
2014-09-06 14:18 - 2012-03-09 18:14 - 00673280 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_it.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00672768 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_de.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00671744 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_pt.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00670720 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_es.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00668672 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_hu.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00668160 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_en.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00667136 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_pl.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00666624 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_cs.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00655872 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_ko.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00653824 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_ja.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00648192 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager_zh.dll
2014-09-06 14:18 - 2012-03-09 18:14 - 00372736 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\IdsCameraManager.cpl
2014-09-06 14:16 - 2014-09-06 14:28 - 00001913 _____ () C:\Users\Public\Desktop\FlexScan3D 3 (64-bit).lnk
2014-09-06 14:16 - 2014-09-06 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlexScan3D 3
2014-09-06 14:16 - 2014-09-06 14:16 - 00000000 ____D () C:\Program Files\3D3Solutions
2014-09-06 13:12 - 2014-09-06 14:29 - 00026636 _____ () C:\Windows\DPINST.LOG
2014-09-06 08:40 - 2014-09-06 09:45 - 00005161 _____ () C:\Users\me\Downloads\hijackthis.log
2014-09-06 08:37 - 2014-09-06 08:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\me\Downloads\HijackThis(1).exe
2014-09-06 08:36 - 2014-09-06 08:36 - 00303838 _____ () C:\Users\me\Downloads\HijackThis.exe
2014-09-06 08:09 - 2014-09-06 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 08:08 - 2014-09-06 08:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 08:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 08:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-06 08:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-06 08:04 - 2014-09-06 08:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 07:37 - 2014-09-06 07:37 - 00000000 ____D () C:\Users\me\Desktop\DAVID-LASERSCANNER3
2014-09-06 07:20 - 2014-09-06 07:20 - 07034680 _____ ( ) C:\Users\me\Downloads\DAVID_Setup_3.10.4.4657.exe
2014-09-05 13:58 - 2014-09-06 14:05 - 00000000 ____D () C:\Program Files\VCG
2014-09-05 13:58 - 2014-09-05 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeshLab
2014-09-05 13:45 - 2014-09-05 13:58 - 34662926 _____ () C:\Users\me\Downloads\MeshLabDevel_v134BETA_64bit_2014_05_28.exe
2014-09-04 17:01 - 2014-09-04 17:02 - 01736640 _____ () C:\Users\me\Downloads\CDM20814_Setup.exe
2014-09-04 11:56 - 2014-09-04 11:56 - 00002132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-09-04 11:56 - 2014-09-04 11:56 - 00002120 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-09-04 11:56 - 2014-09-04 11:56 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-09-04 11:54 - 2014-09-04 11:56 - 03298800 _____ () C:\Users\me\Downloads\advisorinstaller.exe
2014-09-04 09:55 - 2014-09-04 09:55 - 00000000 ____D () C:\Users\me\AppData\Roaming\PSpad
2014-09-04 09:54 - 2014-09-04 10:02 - 00001896 _____ () C:\Users\me\Desktop\PSPad.lnk
2014-09-04 09:54 - 2014-09-04 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2014-09-04 09:54 - 2014-09-04 09:54 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-09-04 09:52 - 2014-09-04 09:52 - 04749535 _____ (Jan Fiala ) C:\Users\me\Downloads\pspad458inst_en.exe
2014-09-04 06:59 - 2014-09-04 06:59 - 01174979 _____ () C:\Windows\unins000.exe
2014-09-04 06:59 - 2014-09-04 06:59 - 00002813 _____ () C:\Windows\unins000.dat
2014-09-04 06:59 - 2014-09-04 06:59 - 00000731 _____ () C:\Users\Public\Desktop\Connect to 12VPN...lnk
2014-09-04 06:59 - 2014-09-04 06:59 - 00000000 ____D () C:\Windows\log
2014-09-04 06:59 - 2014-09-04 06:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\12VPN
2014-09-04 06:59 - 2014-09-03 20:34 - 00054127 _____ () C:\Windows\IKEv2.pbk
2014-09-04 06:59 - 2014-09-03 20:34 - 00002756 _____ () C:\Windows\userworld.v2.p12
2014-09-04 06:59 - 2014-09-03 20:34 - 00002744 _____ () C:\Windows\userusa.v2.p12
2014-09-04 06:59 - 2014-09-03 20:34 - 00001168 _____ () C:\Windows\world.pem
2014-09-04 06:59 - 2014-09-03 20:34 - 00001155 _____ () C:\Windows\usa.pem
2014-09-04 06:56 - 2014-09-04 06:56 - 00001812 _____ () C:\Users\Public\Desktop\HDClone.lnk
2014-09-04 06:56 - 2014-09-04 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDClone 4.3 Free Edition
2014-09-04 06:56 - 2014-09-04 06:56 - 00000000 ____D () C:\Program Files (x86)\HDClone 4.3 Free Edition
2014-09-03 18:30 - 2014-09-03 18:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-03 14:47 - 2014-09-03 14:47 - 00000000 ____D () C:\Users\me\AppData\Roaming\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-03 14:45 - 2014-09-03 14:46 - 01745176 _____ () C:\Users\me\Downloads\wrar511.exe
2014-09-03 14:40 - 2014-09-03 14:40 - 00000000 ____D () C:\Windows\SysWOW64\DOSInteractiveUtility
2014-09-03 14:14 - 2014-09-03 14:22 - 03422572 _____ () C:\Users\me\Downloads\pspad457inst_en.rar
2014-09-03 08:31 - 2014-09-03 08:31 - 00000000 _____ () C:\Users\me\Desktop\New Text Document.txt
2014-09-03 06:41 - 2014-09-03 06:42 - 00000000 ____D () C:\Users\me\Documents\FlexScan3D
2014-09-03 06:29 - 2014-09-03 06:29 - 00002052 _____ () C:\Users\Public\Desktop\Unicom Connection Manager.lnk
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Windows\SysWOW64\SupportMM
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unicom Connection Manager
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Program Files (x86)\Unicom Connection Manager
2014-09-03 06:29 - 2011-08-29 11:42 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-09-03 06:29 - 2011-08-29 11:42 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-09-03 06:29 - 2011-08-29 11:42 - 00123264 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-09-03 06:29 - 2011-08-29 11:42 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-09-03 05:03 - 2014-09-03 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Point Grey Research
2014-09-03 05:03 - 2014-09-03 05:03 - 00000000 ____D () C:\Program Files\Point Grey Research
2014-09-03 05:01 - 2014-09-06 14:29 - 00003266 _____ () C:\Windows\DirectX.log
2014-09-03 05:01 - 2014-09-03 05:06 - 00000000 ____D () C:\Users\me\AppData\Local\3D3_Solutions
2014-09-03 05:01 - 2012-03-09 18:14 - 01801848 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\Drivers\ueye_usb_64.sys
2014-09-03 05:01 - 2012-03-09 18:14 - 01782392 _____ (IDS Imaging Development Systems GmbH) C:\Windows\system32\Drivers\ueye_boot_64.sys
2014-09-03 05:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-09-03 05:01 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-09-03 05:01 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-09-03 05:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-09-03 05:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 08:05 - 2014-09-11 08:05 - 00000000 ____D () C:\Program Files (x86)\eDealsPop
2014-09-11 08:05 - 2014-09-11 08:05 - 00000000 ____D () C:\FRST
2014-09-11 08:05 - 2014-09-11 08:04 - 00000000 ____D () C:\Users\me\Desktop\New folder
2014-09-11 08:03 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 08:03 - 2009-07-13 21:51 - 00028275 _____ () C:\Windows\setupact.log
2014-09-11 08:02 - 2014-09-11 07:58 - 00000000 ____D () C:\AdwCleaner
2014-09-11 08:02 - 2013-08-29 04:12 - 00147522 _____ () C:\Windows\PFRO.log
2014-09-11 08:02 - 2013-08-29 02:58 - 00298235 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 07:49 - 2014-09-11 07:44 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-11 07:44 - 2014-09-11 07:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-11 07:35 - 2014-09-11 07:35 - 01370467 _____ () C:\Users\me\Downloads\adwcleaner_3.309.exe
2014-09-11 07:35 - 2014-09-11 07:34 - 05429848 _____ () C:\Users\me\Downloads\RogueKillerX64.exe
2014-09-11 07:26 - 2010-04-02 05:05 - 00382576 _____ () C:\Windows\system32\prfh0804.dat
2014-09-11 07:26 - 2010-04-02 05:05 - 00118574 _____ () C:\Windows\system32\prfc0804.dat
2014-09-11 07:26 - 2009-07-13 22:13 - 01270800 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 07:25 - 2009-07-13 21:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 07:25 - 2009-07-13 21:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 07:20 - 2014-09-11 07:19 - 00000000 ____D () C:\Users\me\Desktop\david engine block example
2014-09-11 07:20 - 2013-08-29 02:58 - 00113904 _____ () C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-11 06:26 - 2014-09-11 06:12 - 141597625 _____ () C:\Users\me\Downloads\documents-export-2014-09-10.zip
2014-09-10 21:39 - 2014-09-10 21:39 - 00000000 ____D () C:\Users\me\AppData\Roaming\CircuitWorks
2014-09-10 21:34 - 2009-07-13 21:45 - 00474056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 21:26 - 2014-09-10 21:25 - 00000000 ____D () C:\Users\me\AppData\Local\TempSWBackupDirectory
2014-09-10 21:19 - 2014-09-10 20:31 - 00000000 ____D () C:\Users\me\AppData\Local\TempSW备份目录
2014-09-10 20:29 - 2014-09-10 20:29 - 00000000 ____D () C:\Users\me\AppData\Roaming\NVIDIA
2014-09-10 20:03 - 2014-09-10 20:03 - 00000000 ____D () C:\Users\me\AppData\Roaming\help_images_otherUI
2014-09-10 20:03 - 2014-09-10 20:03 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\Users\me\AppData\Roaming\DassaultSystemes
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\Users\me\AppData\Local\DassaultSystemes
2014-09-10 20:01 - 2014-09-10 20:01 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-09-10 20:01 - 2014-09-10 19:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:51 - 2014-09-10 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-10 19:51 - 2013-08-29 03:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-10 19:50 - 2014-09-10 19:50 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-09-10 19:50 - 2014-09-10 19:50 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-09-10 19:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Users\me\Documents\Visual Studio 2005
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Users\me\AppData\Local\Microsoft Help
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2014-09-10 19:49 - 2014-09-10 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-09-10 19:48 - 2014-09-10 19:48 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-10 19:11 - 2014-09-10 19:11 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-10 19:11 - 2014-09-10 19:11 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-10 19:11 - 2014-09-10 19:11 - 00000000 ____D () C:\Users\me\AppData\Roaming\OpenOffice
2014-09-10 19:11 - 2014-09-10 19:10 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-10 18:58 - 2014-09-10 18:58 - 00000000 ____D () C:\Users\me\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-10 18:55 - 2014-09-10 18:34 - 140852175 _____ () C:\Users\me\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-07 15:37 - 2013-08-31 05:10 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-09-07 15:08 - 2009-07-14 00:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-07 06:37 - 2014-09-07 06:37 - 00000948 _____ () C:\Users\me\Desktop\Core Temp.lnk
2014-09-07 06:37 - 2014-09-07 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-09-07 06:37 - 2014-09-07 06:37 - 00000000 ____D () C:\Program Files\Core Temp
2014-09-07 06:35 - 2014-09-07 06:35 - 01285176 _____ (Alcpu ) C:\Users\me\Downloads\Core-Temp-installer.exe
2014-09-07 06:34 - 2014-09-07 06:34 - 00415016 _____ () C:\Users\me\Downloads\CoreTempGadget.zip
2014-09-07 06:33 - 2014-09-07 06:33 - 00656864 _____ () C:\Users\me\Downloads\coretempgadget-setup.exe
2014-09-07 06:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
2014-09-06 18:03 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-06 15:39 - 2013-08-29 03:10 - 01265380 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-06 15:08 - 2014-09-06 15:08 - 01095532 _____ (pendrivelinux.com) C:\Users\me\Downloads\Universal-USB-Installer-1.9.5.5.exe
2014-09-06 14:58 - 2014-09-06 14:58 - 01928068 _____ () C:\Users\me\Desktop\FixDotNet20140906215805090.cab
2014-09-06 14:56 - 2014-09-06 14:54 - 00879096 _____ (Microsoft Corporation) C:\Users\me\Downloads\NetFxRepairTool.exe
2014-09-06 14:46 - 2014-09-06 14:34 - 50449456 _____ (Microsoft Corporation) C:\Users\me\Downloads\dotNetFx40_Full_x86_x64.exe
2014-09-06 14:35 - 2014-09-06 14:35 - 00266065 _____ () C:\Users\me\Downloads\dotnetfx_cleanup_tool.zip
2014-09-06 14:29 - 2014-09-06 13:12 - 00026636 _____ () C:\Windows\DPINST.LOG
2014-09-06 14:29 - 2014-09-03 05:01 - 00003266 _____ () C:\Windows\DirectX.log
2014-09-06 14:28 - 2014-09-06 14:16 - 00001913 _____ () C:\Users\Public\Desktop\FlexScan3D 3 (64-bit).lnk
2014-09-06 14:28 - 2014-09-06 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlexScan3D 3
2014-09-06 14:24 - 2014-09-06 14:24 - 00889416 _____ (Microsoft Corporation) C:\Users\me\Downloads\dotNetFx40_Full_setup.exe
2014-09-06 14:16 - 2014-09-06 14:16 - 00000000 ____D () C:\Program Files\3D3Solutions
2014-09-06 14:05 - 2014-09-05 13:58 - 00000000 ____D () C:\Program Files\VCG
2014-09-06 13:27 - 2014-09-06 08:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 09:45 - 2014-09-06 08:40 - 00005161 _____ () C:\Users\me\Downloads\hijackthis.log
2014-09-06 08:37 - 2014-09-06 08:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\me\Downloads\HijackThis(1).exe
2014-09-06 08:37 - 2013-08-29 02:56 - 00000000 ____D () C:\Users\me\AppData\Local\VirtualStore
2014-09-06 08:36 - 2014-09-06 08:36 - 00303838 _____ () C:\Users\me\Downloads\HijackThis.exe
2014-09-06 08:08 - 2014-09-06 08:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 08:08 - 2014-09-06 08:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 08:06 - 2014-09-06 08:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 07:37 - 2014-09-06 07:37 - 00000000 ____D () C:\Users\me\Desktop\DAVID-LASERSCANNER3
2014-09-06 07:20 - 2014-09-06 07:20 - 07034680 _____ ( ) C:\Users\me\Downloads\DAVID_Setup_3.10.4.4657.exe
2014-09-05 13:58 - 2014-09-05 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeshLab
2014-09-05 13:58 - 2014-09-05 13:45 - 34662926 _____ () C:\Users\me\Downloads\MeshLabDevel_v134BETA_64bit_2014_05_28.exe
2014-09-04 17:02 - 2014-09-04 17:01 - 01736640 _____ () C:\Users\me\Downloads\CDM20814_Setup.exe
2014-09-04 11:56 - 2014-09-04 11:56 - 00002132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-09-04 11:56 - 2014-09-04 11:56 - 00002120 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-09-04 11:56 - 2014-09-04 11:56 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-09-04 11:56 - 2014-09-04 11:54 - 03298800 _____ () C:\Users\me\Downloads\advisorinstaller.exe
2014-09-04 10:02 - 2014-09-04 09:54 - 00001896 _____ () C:\Users\me\Desktop\PSPad.lnk
2014-09-04 09:55 - 2014-09-04 09:55 - 00000000 ____D () C:\Users\me\AppData\Roaming\PSpad
2014-09-04 09:54 - 2014-09-04 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2014-09-04 09:54 - 2014-09-04 09:54 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-09-04 09:52 - 2014-09-04 09:52 - 04749535 _____ (Jan Fiala ) C:\Users\me\Downloads\pspad458inst_en.exe
2014-09-04 06:59 - 2014-09-04 06:59 - 01174979 _____ () C:\Windows\unins000.exe
2014-09-04 06:59 - 2014-09-04 06:59 - 00002813 _____ () C:\Windows\unins000.dat
2014-09-04 06:59 - 2014-09-04 06:59 - 00000731 _____ () C:\Users\Public\Desktop\Connect to 12VPN...lnk
2014-09-04 06:59 - 2014-09-04 06:59 - 00000000 ____D () C:\Windows\log
2014-09-04 06:59 - 2014-09-04 06:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\12VPN
2014-09-04 06:56 - 2014-09-04 06:56 - 00001812 _____ () C:\Users\Public\Desktop\HDClone.lnk
2014-09-04 06:56 - 2014-09-04 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDClone 4.3 Free Edition
2014-09-04 06:56 - 2014-09-04 06:56 - 00000000 ____D () C:\Program Files (x86)\HDClone 4.3 Free Edition
2014-09-03 20:34 - 2014-09-04 06:59 - 00054127 _____ () C:\Windows\IKEv2.pbk
2014-09-03 20:34 - 2014-09-04 06:59 - 00002756 _____ () C:\Windows\userworld.v2.p12
2014-09-03 20:34 - 2014-09-04 06:59 - 00002744 _____ () C:\Windows\userusa.v2.p12
2014-09-03 20:34 - 2014-09-04 06:59 - 00001168 _____ () C:\Windows\world.pem
2014-09-03 20:34 - 2014-09-04 06:59 - 00001155 _____ () C:\Windows\usa.pem
2014-09-03 18:30 - 2014-09-03 18:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-03 14:47 - 2014-09-03 14:47 - 00000000 ____D () C:\Users\me\AppData\Roaming\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 14:46 - 2014-09-03 14:46 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-03 14:46 - 2014-09-03 14:45 - 01745176 _____ () C:\Users\me\Downloads\wrar511.exe
2014-09-03 14:40 - 2014-09-03 14:40 - 00000000 ____D () C:\Windows\SysWOW64\DOSInteractiveUtility
2014-09-03 14:22 - 2014-09-03 14:14 - 03422572 _____ () C:\Users\me\Downloads\pspad457inst_en.rar
2014-09-03 08:31 - 2014-09-03 08:31 - 00000000 _____ () C:\Users\me\Desktop\New Text Document.txt
2014-09-03 06:42 - 2014-09-03 06:41 - 00000000 ____D () C:\Users\me\Documents\FlexScan3D
2014-09-03 06:29 - 2014-09-03 06:29 - 00002052 _____ () C:\Users\Public\Desktop\Unicom Connection Manager.lnk
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Windows\SysWOW64\SupportMM
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unicom Connection Manager
2014-09-03 06:29 - 2014-09-03 06:29 - 00000000 ____D () C:\Program Files (x86)\Unicom Connection Manager
2014-09-03 06:29 - 2013-08-29 03:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 05:06 - 2014-09-03 05:01 - 00000000 ____D () C:\Users\me\AppData\Local\3D3_Solutions
2014-09-03 05:03 - 2014-09-03 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Point Grey Research
2014-09-03 05:03 - 2014-09-03 05:03 - 00000000 ____D () C:\Program Files\Point Grey Research

Some content of TEMP:
====================
C:\Users\me\AppData\Local\Temp\BackupSetup.exe
C:\Users\me\AppData\Local\Temp\DPInstx64.exe

 

 

 

Looking forward to your reply



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 11 September 2014 - 08:32 AM


Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
    S3 ComputerZ_x64; \??\C:\Program Files (x86)\Ludashi\ComputerZ_x64.sys [X]
    S3 HWCore; \??\C:\Program Files (x86)\DTLSoft\DriveTheLife\hwcore64.sys [X]
    () C:\Program Files (x86)\eDealsPop\eDealsPop.exe
    C:\Users\me\AppData\Local\RepositorySchemaScreenshot\FreewareKeyboardLog.exe
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 17 September 2014 - 08:19 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 23 September 2014 - 08:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 24 September 2014 - 06:27 AM

This topic has been re-opened at the request of the person who originally posted.

#9 iddhi

iddhi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 24 September 2014 - 06:43 PM

Hello Nasdaq

 

thanks for reopening the thread.

Here the results. The computer runs great Btw.

 

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by me at 2014-09-25 07:27:19 Run:1
Running from C:\Users\me\Desktop\New folder (4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
S3 ComputerZ_x64; \??\C:\Program Files (x86)\Ludashi\ComputerZ_x64.sys [X]
S3 HWCore; \??\C:\Program Files (x86)\DTLSoft\DriveTheLife\hwcore64.sys [X]
() C:\Program Files (x86)\eDealsPop\eDealsPop.exe
C:\Users\me\AppData\Local\RepositorySchemaScreenshot\FreewareKeyboardLog.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eDealsPop => Value not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
ComputerZ_x64 => Service deleted successfully.
HWCore => Service deleted successfully.
C:\Program Files (x86)\eDealsPop\eDealsPop.exe => No running process found
"C:\Users\me\AppData\Local\RepositorySchemaScreenshot\FreewareKeyboardLog.exe" => File/Directory not found.

==== End of Fixlog ====

 

 

And here security check:

 

 

Results of screen317's Security Check version 0.99.87  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox (32.0.2)
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

Thanks again for all your help



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 25 September 2014 - 09:47 AM

For your added security get the Windows 7 service pack.

Windows 7 x64 (UAC is enabled)
Out of date service pack!! <- Click the link in red in your previous post.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 01 October 2014 - 07:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users