Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/sirefef virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 jungleman12

jungleman12

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 September 2014 - 03:16 PM

I have a laptop that is infected with malware, I was able to delete most of it using adaware cleaner but when I run windows defender a pesty win32/sirefef pops up and I delete it and  it comes back.   The computer is running extremely slow to do anything and Im afraid its because of this ...



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 14 September 2014 - 05:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jungleman12

jungleman12
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 15 September 2014 - 08:54 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by HPAMD (administrator) on HPAMD-PC on 15-09-2014 21:44:52
Running from C:\Users\HPAMD\Downloads
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sonic Solutions) C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM\...\Run: [CPMonitor] => C:\Program Files\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000 2008-11-26] (ALWIL Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [limewire plus+] => "C:\Program Files\Limewire Plus+\limewire.exe" -h
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\HPAMD\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [Facebook Update] => C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-01] (Facebook Inc.)
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\Run: [GoogleChromeAutoLaunch_601D810653D690214AE5BC802C206711] => C:\Program Files\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-2323475341-97523814-861920497-1000\...\MountPoints2: {b9d4885f-bd5a-11df-b059-0016d3946b18} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30579D6F72CDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {657E195F-066D-435C-92DB-7C261E6FE832} -  No File
SearchScopes: HKCU - DefaultScope {61D350AB-A40B-47AB-B5D2-EA3B07BB3CF9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {109038CC-DC34-43FE-9D15-F03F1134BD2C} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {61D350AB-A40B-47AB-B5D2-EA3B07BB3CF9} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HPAMD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> 0C43EE1E00FC67D5E31495842AE9DCCBA2121C575E47E68B024C82EA56177551
CHR DefaultSearchURL: Default -> EBF225B558B88C8BB6AFBAC5942EE89BF5D46E8DF471781C5BA3F929C4C0C257
CHR CustomProfile: C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-11]
CHR Extension: (Google Docs) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-11]
CHR Extension: (Google Drive) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (YouTube) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-11]
CHR Extension: (Adblock Plus) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-12]
CHR Extension: (Google Search) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-11]
CHR Extension: (Google Sheets) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-11]
CHR Extension: (Hover Zoom) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-12]
CHR Extension: (Gmail) - C:\Users\HPAMD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
S2 amoagent; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 aswmon2; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2008-11-26] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [155160 2008-11-26] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040 2008-11-26] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920 2008-11-26] (ALWIL Software)
S2 backupexecrpcservice; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 CamAv; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 CiscoVpnInstallService; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 CnxTrLan; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 dac960nt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 db2das00; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 deltafw; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 epson_pm_rpcv4_01; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ET5Drv; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 F700ius; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Gernuwa; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [585728 2006-12-10] (Hewlett-Packard Co.) [File not signed]
S2 IJPLMSVC; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ino_flpy; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 IntuitUpdateService; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 iwebcal; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 mcshield; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 NEOFLTR_600_13319; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Nmea; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 NSNDIS5; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 NWUSBPort; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 osanbm; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S2 ps2; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 pxfhbus; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 SaiNtBus; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 SaiNtHid; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ScFBPNT2; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 SNP2UVC; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 StarOpen; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 statusagent4; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 symtdi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tandpl; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 TeamViewer; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tfsnopio; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tga; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tnbrlds; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tosrfhid; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tzontservice; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 USA49W; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 usrbridg; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 VCIDRV; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 vmparport; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 vpcnfltr; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 w810obex; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 winproxy; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 X10UIF; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 areschatserver; %systemroot%\system32\unlockerdriver5.dll [X]
S2 ati2mtaa; %systemroot%\system32\mksupdateint.dll [X]
S2 AtiHdmiService; %systemroot%\system32\array_utility_service4,0,1,3.dll [X]
S2 avg7rsxp; %systemroot%\system32\pcidump.dll [X]
S2 BootScreen; %systemroot%\system32\armoucfltr.dll [X]
S2 bridge; %systemroot%\system32\CnxtHdAudService.dll [X]
S2 bthidenum; %systemroot%\system32\MTsensor.dll [X]
S2 CADlink; %systemroot%\system32\rdbss.dll [X]
S2 CAMCHALA; %systemroot%\system32\sysdown.dll [X]
S2 cpqfcalm; %systemroot%\system32\vpcusb.dll [X]
S2 db2licd; %systemroot%\system32\senfilt.dll [X]
S2 epson_pm_rpcv2_02; %systemroot%\system32\logonsvcid.dll [X]
S2 fah@c:+fah+fah-service+fah502-console.exe; %systemroot%\system32\lmimaint.dll [X]
S2 fcprintservice; %systemroot%\system32\incdsrv.dll [X]
S2 FireHook; %systemroot%\system32\JL2005C.dll [X]
S2 fireport; %systemroot%\system32\dcomlaunch.dll [X]
S2 gtndis5; %systemroot%\system32\oracleorahomepagingserver.dll [X]
S2 hap17v2k; %systemroot%\system32\UWProSys.dll [X]
S2 lirsgt; %systemroot%\system32\pdlnsx25.dll [X]
S2 mi-raysat_3dsMax2008_32; %systemroot%\system32\se45bus.dll [X]
S2 MKEMUSB; %systemroot%\system32\jaguar.dll [X]
S2 mraid35x; %systemroot%\system32\SI3112.dll [X]
S2 MSFWDrv; %systemroot%\system32\DS1410D.dll [X]
S2 nlsvc; %systemroot%\system32\ptilink.dll [X]
S2 ovsecurityserver; %systemroot%\system32\iaimtv0.dll [X]
S2 pdlndint; %systemroot%\system32\SaiClass.dll [X]
S2 pdrframe; %systemroot%\system32\W8335XP.dll [X]
S2 prevxdriver; %systemroot%\system32\uphclean.dll [X]
S2 quickhealfirewall; %systemroot%\system32\s24trans.dll [X]
S2 regmanserv; %systemroot%\system32\twotrack.dll [X]
S2 rxmssync; %systemroot%\system32\GMSIPCI.dll [X]
S2 SE2Bmgmt; %systemroot%\system32\avipbb.dll [X]
S2 se44obex; %systemroot%\system32\winmtsrv.dll [X]
S2 slservice; %systemroot%\system32\xfilt.dll [X]
S2 smcirda; %systemroot%\system32\symsecureport.dll [X]
S2 StkASSrv; %systemroot%\system32\spkrmon.dll [X]
S2 trayman; %systemroot%\system32\omniserv.dll [X]
S2 uleadburninghelper; %systemroot%\system32\WaveFDE.dll [X]
S2 Wpsnuio; %systemroot%\system32\queuemgr.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2008-11-26] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [51792 2008-11-26] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23152 2008-11-26] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [111184 2008-11-26] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [50864 2008-11-26] (ALWIL Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S3 NPF; system32\drivers\npf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: Wpsnuio -> C:\Windows\system32\queuemgr.dll ==> No File.
NETSVC: slservice -> C:\Windows\system32\xfilt.dll ==> No File.
NETSVC: symtdi -> No Registry Path.
NETSVC: rxmssync -> C:\Windows\system32\GMSIPCI.dll ==> No File.
NETSVC: SE2Bmgmt -> C:\Windows\system32\avipbb.dll ==> No File.
NETSVC: winproxy -> No Registry Path.
NETSVC: statusagent4 -> No Registry Path.
NETSVC: deltafw -> No Registry Path.
NETSVC: IntuitUpdateService -> No Registry Path.
NETSVC: F700ius -> No Registry Path.
NETSVC: osanbm -> No Registry Path.
NETSVC: ino_flpy -> No Registry Path.
NETSVC: vmparport -> No Registry Path.
NETSVC: tandpl -> No Registry Path.
NETSVC: ps2 -> No Registry Path.
NETSVC: epson_pm_rpcv4_01 -> No Registry Path.
NETSVC: TeamViewer -> No Registry Path.
NETSVC: mcshield -> No Registry Path.
NETSVC: amoagent -> No Registry Path.
NETSVC: backupexecrpcservice -> No Registry Path.
NETSVC: NSNDIS5 -> No Registry Path.
NETSVC: CamAv -> No Registry Path.
NETSVC: SNP2UVC -> No Registry Path.
NETSVC: NEOFLTR_600_13319 -> No Registry Path.
NETSVC: USA49W -> No Registry Path.
NETSVC: CiscoVpnInstallService -> No Registry Path.
NETSVC: CAMCHALA -> C:\Windows\system32\sysdown.dll ==> No File.
NETSVC: fah@c:+fah+fah-service+fah502-console.exe -> C:\Windows\system32\lmimaint.dll ==> No File.
NETSVC: MKEMUSB -> C:\Windows\system32\jaguar.dll ==> No File.
NETSVC: avg7rsxp -> C:\Windows\system32\pcidump.dll ==> No File.
NETSVC: trayman -> C:\Windows\system32\omniserv.dll ==> No File.
NETSVC: lirsgt -> C:\Windows\system32\pdlnsx25.dll ==> No File.
NETSVC: hap17v2k -> C:\Windows\system32\UWProSys.dll ==> No File.
NETSVC: wampmysqld -> No Registry Path.
NETSVC: ovsecurityserver -> C:\Windows\system32\iaimtv0.dll ==> No File.
NETSVC: bthidenum -> C:\Windows\system32\MTsensor.dll ==> No File.
NETSVC: CADlink -> C:\Windows\system32\rdbss.dll ==> No File.
NETSVC: svchost -> No Registry Path.
NETSVC: prevxdriver -> C:\Windows\system32\uphclean.dll ==> No File.
NETSVC: avinitnt -> No Registry Path.
NETSVC: uleadburninghelper -> C:\Windows\system32\WaveFDE.dll ==> No File.
NETSVC: FireHook -> C:\Windows\system32\JL2005C.dll ==> No File.
NETSVC: gtndis5 -> C:\Windows\system32\oracleorahomepagingserver.dll ==> No File.
NETSVC: quickhealfirewall -> C:\Windows\system32\s24trans.dll ==> No File.
NETSVC: ADIDTSFiltService -> No Registry Path.
NETSVC: epson_pm_rpcv2_02 -> C:\Windows\system32\logonsvcid.dll ==> No File.
NETSVC: s24eventmonitor -> No Registry Path.
NETSVC: AtiHdmiService -> C:\Windows\system32\array_utility_service4,0,1,3.dll ==> No File.
NETSVC: MSFWDrv -> C:\Windows\system32\DS1410D.dll ==> No File.
NETSVC: cpqfcalm -> C:\Windows\system32\vpcusb.dll ==> No File.
NETSVC: cpqarry2 -> No Registry Path.
NETSVC: Wtcls2k -> No Registry Path.
NETSVC: fcprintservice -> C:\Windows\system32\incdsrv.dll ==> No File.
NETSVC: lkclassads -> No Registry Path.
NETSVC: BootScreen -> C:\Windows\system32\armoucfltr.dll ==> No File.
NETSVC: ati2mtaa -> C:\Windows\system32\mksupdateint.dll ==> No File.
NETSVC: mi-raysat_3dsMax2008_32 -> C:\Windows\system32\se45bus.dll ==> No File.
NETSVC: Gernuwa -> No Registry Path.
NETSVC: nlsvc -> C:\Windows\system32\ptilink.dll ==> No File.
NETSVC: areschatserver -> C:\Windows\system32\unlockerdriver5.dll ==> No File.
NETSVC: StkASSrv -> C:\Windows\system32\spkrmon.dll ==> No File.
NETSVC: mraid35x -> C:\Windows\system32\SI3112.dll ==> No File.
NETSVC: fireport -> C:\Windows\system32\dcomlaunch.dll ==> No File.
NETSVC: bridge -> C:\Windows\system32\CnxtHdAudService.dll ==> No File.
NETSVC: regmanserv -> C:\Windows\system32\twotrack.dll ==> No File.
NETSVC: se44obex -> C:\Windows\system32\winmtsrv.dll ==> No File.
NETSVC: ET5Drv -> No Registry Path.
NETSVC: VCIDRV -> No Registry Path.
NETSVC: NWUSBPort -> No Registry Path.
NETSVC: CnxTrLan -> No Registry Path.
NETSVC: tzontservice -> No Registry Path.
NETSVC: Nmea -> No Registry Path.
NETSVC: vpcnfltr -> No Registry Path.
NETSVC: usrbridg -> No Registry Path.
NETSVC: SaiNtBus -> No Registry Path.
NETSVC: tfsnopio -> No Registry Path.
NETSVC: StarOpen -> No Registry Path.
NETSVC: SaiNtHid -> No Registry Path.
NETSVC: ScFBPNT2 -> No Registry Path.
NETSVC: w810obex -> No Registry Path.
NETSVC: IJPLMSVC -> No Registry Path.
NETSVC: iwebcal -> No Registry Path.
NETSVC: dac960nt -> No Registry Path.
NETSVC: db2das00 -> No Registry Path.
NETSVC: aswmon2 -> No Registry Path.
NETSVC: pxfhbus -> No Registry Path.
NETSVC: X10UIF -> No Registry Path.
NETSVC: tosrfhid -> No Registry Path.
NETSVC: smcirda -> C:\Windows\system32\symsecureport.dll ==> No File.
NETSVC: pdrframe -> C:\Windows\system32\W8335XP.dll ==> No File.
NETSVC: Slpsvdr -> No Registry Path.
NETSVC: pdlndint -> C:\Windows\system32\SaiClass.dll ==> No File.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:44 - 2014-09-15 21:46 - 00026690 _____ () C:\Users\HPAMD\Downloads\FRST.txt
2014-09-15 21:44 - 2014-09-15 21:45 - 00000000 ____D () C:\FRST
2014-09-15 21:41 - 2014-09-15 21:42 - 01097728 _____ (Farbar) C:\Users\HPAMD\Desktop\FRST.exe
2014-09-14 01:43 - 2014-09-15 20:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 01:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-14 01:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 01:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-14 01:35 - 2014-09-14 01:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HPAMD\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 15:39 - 2014-09-13 15:40 - 01373475 _____ () C:\Users\HPAMD\Downloads\adwcleaner_3.310.exe
2014-09-12 21:11 - 2014-09-12 21:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:41 - 2014-09-12 20:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-12 20:31 - 2014-09-12 20:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 10:17 - 2014-09-04 21:42 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 10:17 - 2014-09-04 21:38 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 01:18 - 2014-09-11 01:18 - 00001604 _____ () C:\Users\HPAMD\Desktop\JRT.txt
2014-09-11 01:10 - 2014-09-11 01:10 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:57 - 2014-09-11 00:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-11 00:55 - 2014-09-11 00:55 - 01016261 _____ (Thisisu) C:\Users\HPAMD\Downloads\JRT.exe
2014-09-11 00:53 - 2014-09-11 00:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\HPAMD\Downloads\tdsskiller.exe
2014-09-11 00:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-11 00:45 - 2014-09-11 00:45 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 00:45 - 2014-09-11 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 00:15 - 2014-09-11 00:15 - 06103040 _____ () C:\Program Files\GUT2A1D.tmp
2014-09-11 00:15 - 2014-09-11 00:15 - 00000000 ____D () C:\Program Files\GUM2A0C.tmp
2014-09-10 23:53 - 2014-09-11 00:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 23:53 - 2014-09-11 00:00 - 00001984 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 23:51 - 2014-09-10 23:57 - 00001630 _____ () C:\Users\HPAMD\Desktop\Rkill.txt
2014-09-10 23:30 - 2014-09-13 15:47 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:23 - 2014-09-10 22:23 - 00142872 _____ () C:\Windows\Minidump\091014-68125-01.dmp
2014-09-10 22:01 - 2014-09-10 22:01 - 06010880 _____ () C:\Program Files\GUT98B7.tmp
2014-09-10 22:01 - 2014-09-10 22:01 - 00000000 ____D () C:\Program Files\GUM9868.tmp
2014-09-10 21:25 - 2012-06-02 18:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 21:25 - 2012-06-02 18:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 21:25 - 2012-06-02 18:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-10 21:25 - 2012-06-02 18:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 21:24 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 21:24 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-10 21:24 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 21:22 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 21:22 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:46 - 2014-09-15 21:44 - 00026690 _____ () C:\Users\HPAMD\Downloads\FRST.txt
2014-09-15 21:46 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 21:46 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 21:45 - 2014-09-15 21:44 - 00000000 ____D () C:\FRST
2014-09-15 21:42 - 2014-09-15 21:41 - 01097728 _____ (Farbar) C:\Users\HPAMD\Desktop\FRST.exe
2014-09-15 21:32 - 2010-09-10 05:05 - 01823912 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 20:54 - 2014-09-14 01:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 20:54 - 2012-04-01 18:49 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000UA.job
2014-09-15 20:54 - 2011-10-03 23:41 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 12:12 - 2011-10-03 23:41 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 12:11 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 12:10 - 2009-07-14 00:39 - 00040711 _____ () C:\Windows\setupact.log
2014-09-15 03:27 - 2012-04-01 18:48 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000Core.job
2014-09-14 14:41 - 2010-09-10 10:29 - 00010962 _____ () C:\Windows\PFRO.log
2014-09-14 02:15 - 2013-12-01 22:37 - 00000000 ____D () C:\temp
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 01:39 - 2014-09-14 01:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 01:37 - 2014-09-14 01:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HPAMD\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 15:47 - 2014-09-10 23:30 - 00000000 ____D () C:\AdwCleaner
2014-09-13 15:40 - 2014-09-13 15:39 - 01373475 _____ () C:\Users\HPAMD\Downloads\adwcleaner_3.310.exe
2014-09-13 12:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-12 22:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 21:12 - 2014-09-12 21:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 21:08 - 2011-07-19 23:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 21:03 - 2010-09-10 10:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 20:58 - 2010-09-10 10:12 - 00740374 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:41 - 2014-09-12 20:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-12 20:37 - 2014-09-12 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 20:20 - 2011-07-19 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 20:14 - 2009-07-13 22:04 - 00000478 _____ () C:\Windows\win.ini
2014-09-12 11:54 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 01:18 - 2014-09-11 01:18 - 00001604 _____ () C:\Users\HPAMD\Desktop\JRT.txt
2014-09-11 01:10 - 2014-09-11 01:10 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 00:59 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\$NtUninstallKB20956$
2014-09-11 00:59 - 2009-07-13 19:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-09-11 00:57 - 2014-09-11 00:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-11 00:55 - 2014-09-11 00:55 - 01016261 _____ (Thisisu) C:\Users\HPAMD\Downloads\JRT.exe
2014-09-11 00:53 - 2014-09-11 00:53 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\HPAMD\Downloads\tdsskiller.exe
2014-09-11 00:45 - 2014-09-11 00:45 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 00:45 - 2014-09-11 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 00:45 - 2010-11-13 10:34 - 00000000 ____D () C:\Users\HPAMD\AppData\Local\Google
2014-09-11 00:44 - 2010-11-13 10:34 - 00000000 ____D () C:\Program Files\Google
2014-09-11 00:19 - 2013-12-01 22:49 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-11 00:19 - 2013-12-01 22:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 00:15 - 2014-09-11 00:15 - 06103040 _____ () C:\Program Files\GUT2A1D.tmp
2014-09-11 00:15 - 2014-09-11 00:15 - 00000000 ____D () C:\Program Files\GUM2A0C.tmp
2014-09-11 00:13 - 2013-12-01 22:37 - 00000000 ____D () C:\Users\HPAMD\AppData\Local\Avg2014
2014-09-11 00:09 - 2013-12-01 22:49 - 00000000 ___HD () C:\$AVG
2014-09-11 00:00 - 2014-09-10 23:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-11 00:00 - 2014-09-10 23:53 - 00001984 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 23:57 - 2014-09-10 23:51 - 00001630 _____ () C:\Users\HPAMD\Desktop\Rkill.txt
2014-09-10 23:52 - 2010-09-10 23:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-10 23:52 - 2010-09-10 23:46 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-10 23:51 - 2010-09-10 23:46 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 23:49 - 2010-09-10 23:36 - 00000000 ____D () C:\Users\HPAMD\AppData\Local\Adobe
2014-09-10 23:21 - 2011-09-18 22:57 - 00000000 ____D () C:\Firefox
2014-09-10 22:23 - 2014-09-10 22:23 - 00142872 _____ () C:\Windows\Minidump\091014-68125-01.dmp
2014-09-10 22:23 - 2011-11-23 15:56 - 169786353 _____ () C:\Windows\MEMORY.DMP
2014-09-10 22:23 - 2011-11-23 15:56 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 22:01 - 2014-09-10 22:01 - 06010880 _____ () C:\Program Files\GUT98B7.tmp
2014-09-10 22:01 - 2014-09-10 22:01 - 00000000 ____D () C:\Program Files\GUM9868.tmp
2014-09-10 21:16 - 2010-09-10 02:12 - 00000000 ____D () C:\Users\HPAMD\AppData\Local\VirtualStore
2014-09-04 21:42 - 2014-09-12 10:17 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:38 - 2014-09-12 10:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-09-10 10:18 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 06:53 - 2010-09-10 10:17 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\ProgramData\5LNyrn.dat
 
 
Some content of TEMP:
====================
C:\Users\HPAMD\AppData\Local\Temp\4AC2_avg_avct_stb_all_2013_3392.exe
C:\Users\HPAMD\AppData\Local\Temp\airA439.exe
C:\Users\HPAMD\AppData\Local\Temp\airC781.exe
C:\Users\HPAMD\AppData\Local\Temp\ose00000.exe
C:\Users\HPAMD\AppData\Local\Temp\Quarantine.exe
C:\Users\HPAMD\AppData\Local\Temp\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-12 11:25
 
==================== End Of Log ============================


#4 jungleman12

jungleman12
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 15 September 2014 - 08:56 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by HPAMD at 2014-09-15 21:48:13
Running from C:\Users\HPAMD\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (HKLM\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
avast! Antivirus (HKLM\...\avast!) (Version: 4.8 - Alwil Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CinemaNow Media Manager (HKLM\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
FrostWire 5.1.5 (HKLM\...\FrostWire 5) (Version: 5.1.5.0 - FrostWire Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}) (Version: 1.0.19.76 - Google)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
iTunes (HKLM\...\{C73CA646-73B3-4AEF-A136-C37505745174}) (Version: 10.4.0.80 - Apple Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Linksys Dual-Band Wireless-N USB Network Adapter (HKLM\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (Version: 1.0.0.1 - Linksys) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetDeviceManager (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 3.5.1.6 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.1 - Roxio) Hidden
Roxio Burn (Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager (Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager CDB (Version: 1.0 - Roxio) Hidden
Roxio CinePlayer (Version: 5.3 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2010 Pro (HKLM\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator 2010 Pro (Version: 1.2.193 - Roxio) Hidden
Roxio Creator 2010 Pro (Version: 5.0.0 - Roxio) Hidden
Roxio Disaster Recovery (Version: 1.3.0 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (HKLM\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Roxio Venue (Version: 2.2.170 - Sonic Solutions) Hidden
Roxio Video Capture USB (Version: 1.22.0000 - Roxio) Hidden
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Videora iPod touch Converter 6 (HKLM\...\Videora iPod touch Converter) (Version: 6 - Red Kawa)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2323475341-97523814-861920497-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2323475341-97523814-861920497-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\HPAMD\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2323475341-97523814-861920497-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\HPAMD\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2323475341-97523814-861920497-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\HPAMD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
11-09-2014 04:05:01 Removed AVG 2014
11-09-2014 04:11:38 Removed AVG 2014
11-09-2014 04:30:27 Windows Defender Checkpoint
13-09-2014 00:02:27 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {046C7DC2-7CF5-49EE-B2B3-CB9D115382D3} - System32\Tasks\At7 => C:\Windows\system32\GtmqJI3.com <==== ATTENTION
Task: {257765FA-F7CB-4848-AFBA-D776CFFFD623} - System32\Tasks\AdobeAAMUpdater-1.0-HPAMD-PC-HPAMD => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {34936630-6E0F-4EE6-ABB2-98CCA11157E6} - System32\Tasks\Norton Security Scan for HPAMD => C:\Program Files\Norton Security Scan\Engine\3.5.1.6\Nss.exe [2011-06-28] (Symantec Corporation)
Task: {56FF46D0-E4B5-4951-A932-54AC5B220C2E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000UA => C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-01] (Facebook Inc.)
Task: {8580FC4D-F720-40BF-938B-25CF49A7E87C} - System32\Tasks\At5 => C:\Windows\system32\GtmqJI3.com <==== ATTENTION
Task: {A6FE365E-69A3-47C2-ACD5-8557E50D1BD4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000Core => C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-01] (Facebook Inc.)
Task: {C48ADF97-1C2F-424E-9193-DFF0E2B06F7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F199E782-60CC-4F8A-BB29-7DC6F99CB67B} - System32\Tasks\At9 => C:\Windows\system32\GtmqJI3.com <==== ATTENTION
Task: {F99159F1-26D4-4751-91FE-CCDF96C0E2BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-03] (Google Inc.)
Task: {FD41C4E4-D578-465B-BA30-1DD14D9A8D46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000Core.job => C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323475341-97523814-861920497-1000UA.job => C:\Users\HPAMD\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for HPAMD.job => C:\PROGRA~1\NORTON~2\Engine\351~1.6\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-21 11:50 - 2009-07-21 11:50 - 00084464 _____ () C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 00494064 _____ () C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-11 00:45 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-11 00:45 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-11 00:45 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 00:45 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 00:45 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2009-06-02 19:05 - 2009-06-02 19:05 - 00457200 _____ () C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\$NtUninstallKB20956$:SummaryInformation
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38312991.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38312991.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Coprocessor
Description: Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 7400 series
Description: Officejet 7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 09:50:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1130789
 
Error: (09/15/2014 09:50:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1130789
 
Error: (09/15/2014 09:50:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/15/2014 09:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1129666
 
Error: (09/15/2014 09:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1129666
 
Error: (09/15/2014 09:50:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/15/2014 09:50:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1128371
 
Error: (09/15/2014 09:50:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1128371
 
Error: (09/15/2014 09:50:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/15/2014 09:50:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1127217
 
 
System errors:
=============
Error: (09/15/2014 09:32:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:32:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:32:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:32:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:32:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:31:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:31:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:31:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 09:12:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/15/2014 08:55:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-14 02:00:34.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000000126AA71311A851C86 because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 02:00:34.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000000126AA71311A851C86 because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 02:00:34.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\TMP0000000126AA71311A851C86 because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ 64 X2 
Percentage of memory in use: 91%
Total physical RAM: 958.61 MB
Available physical RAM: 84.63 MB
Total Pagefile: 2295.91 MB
Available Pagefile: 371.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:68.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 81EC1CD2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 jungleman12

jungleman12
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 15 September 2014 - 10:35 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-15 21:57:29
-----------------------------
21:57:29.288    OS Version: Windows 6.1.7600 
21:57:29.289    Number of processors: 2 586 0x4802
21:57:29.298    ComputerName: HPAMD-PC  UserName: HPAMD
21:57:34.046    Initialize success
21:57:34.146    VM: initialized successfully
21:57:34.215    VM: Amd CPU virtualization not supported 
22:30:57.346    AVAST engine defs: 14091501
22:32:07.182    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
22:32:07.210    Disk 0 Vendor: FUJITSU_ 892C Size: 114473MB BusType: 3
22:32:07.692    Disk 0 MBR read successfully
22:32:07.723    Disk 0 MBR scan
22:32:12.287    Disk 0 Windows 7 default MBR code
22:32:12.348    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:32:12.535    Disk 0 Boot: NTFS     code=1
22:32:13.201    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
22:32:13.349    Disk 0 scanning sectors +234438656
22:32:13.848    Disk 0 scanning C:\Windows\system32\drivers
22:32:45.277    Service scanning
22:34:48.820    Modules scanning
22:36:27.568    Disk 0 trace - called modules:
22:36:27.891    ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 
22:36:27.930    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fdc4d0]
22:36:27.949    3 CLASSPNP.SYS[8719359e] -> nt!IofCallDriver -> [0x84fdcb50]
22:36:27.968    5 SahdIa32.sys[8712c939] -> nt!IofCallDriver -> [0x84f0e6a0]
22:36:27.987    7 ACPI.sys[86bb83b2] -> nt!IofCallDriver -> \Device\0000006f[0x84a15970]
22:36:32.369    AVAST engine scan C:\Windows
22:36:36.371    AVAST engine scan C:\Windows\system32
22:44:58.893    AVAST engine scan C:\Windows\system32\drivers
22:45:32.346    AVAST engine scan C:\Users\HPAMD
22:46:39.202    File: C:\Users\HPAMD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WQLNMY1\9D0EB5E9-CCC9-4360-B7CA-3E645650CC53[1].exe  **INFECTED** Win64:Adware-A [Adw]
23:12:41.338    File: C:\Users\HPAMD\Pictures\piss.exe  **INFECTED** Win32:FakeAlert-BLY [Trj]
23:12:42.380    AVAST engine scan C:\ProgramData
23:16:21.679    Scan finished successfully
23:22:03.951    Disk 0 MBR has been saved successfully to "C:\Users\HPAMD\Desktop\MBR.dat"
23:22:04.036    The log file has been saved successfully to "C:\Users\HPAMD\Desktop\aswMBR.txt"


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 17 September 2014 - 11:07 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 13 October 2014 - 08:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users