Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with removing virus, cannot access internet.


  • This topic is locked This topic is locked
139 replies to this topic

#1 rowlando

rowlando

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 18 September 2014 - 12:58 AM

I have attached dds file
 
my sons pc windows 7 will not acces internet other than fake webpage, I have been getting some help from mbam forum but hit a problem when we cannot run combofix, combofix says I need to be administrator which I am already.
 
cheers Rowlando

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
Run by Administrator at 13:09:33 on 2014-09-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.4094.2437 [GMT 10:00]
.
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\THEONE\AppData\Local\Akamai\netsession_win.exe
C:\Users\THEONE\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{0CFF6ACF-F772-4861-BA99-4FE13986F075} : NameServer = 176.58.107.53,54.247.108.9
TCP: Interfaces\{86E54F45-CA65-4135-A049-CC45641658D0} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{EC75E675-88F0-424C-8374-247132CED657} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-3-29 718840]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-17 56208]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2011-7-4 15872]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-3-29 121928]
R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-3-29 148696]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2014-1-9 53248]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2013-1-12 22528]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-3-27 9216]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-3-29 69368]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-3-27 27760]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-3-29 593144]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-27 77936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-19 25816]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-3-27 2165360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-24 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-24 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-10-21 36328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 IT9135BDA;IT9135 BDA Devices;C:\Windows\System32\drivers\IT9135BDA.sys [2013-5-25 164864]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-24 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S3 RTL8192cu;Belkin Wireless Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2013-5-18 1041000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-21 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-10-21 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-10-21 177640]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-4 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: iClone40.exe: Open=C:\Program Files (x86)\Reallusion\iClone 4\iClone.exe "%1"
.
=============== Created Last 30 ================
.
2014-09-18 02:10:15 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe
2014-09-18 02:10:01 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-09-15 22:31:58 -------- d-----w- C:\AdwCleaner
2014-09-15 22:08:46 -------- d-----w- C:\Windows\ERUNT
2014-09-14 23:01:13 -------- d-----w- C:\FRST
2014-09-07 00:07:00 174337 ----a-w- C:\ProgramData\1410048322.bdinstall.bin
2014-09-07 00:05:22 37823 ----a-w- C:\ProgramData\1410048321.bdinstall.bin
2014-09-06 13:18:43 -------- d-sh--w- C:\found.000
2014-08-29 09:56:04 -------- d-----w- C:\Program Files (x86)\Nexon
2014-08-28 00:18:18 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 00:18:18 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 00:18:18 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-24 09:23:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-24 09:22:08 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-24 09:22:08 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-24 09:22:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 02:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 05:06:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 05:06:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 13:09:54.63 ===============

Attached Files

  • Attached File  dds.txt   16.9KB   4 downloads

Edited by Oh My!, 22 September 2014 - 05:24 PM.
Posted DDS


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 22 September 2014 - 05:23 PM

Greetings Rowlando and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. If you are still actively receiving help in the Malwarebytes Forum you should remain there until you are done. Having 2 different Forums working on the same computer is never efficient.

If we are prepared to solely work on your computer here please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • FSS.txt
  • Result.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 23 September 2014 - 12:07 AM

Hello Oh My

 

Here are the results that you ask for including 1 zip file.

 

I will paste the other details here, thank you for your help, I am no longer getting help from the mbam forum, it has been 5 days so I think it best that I stick with one person and that be you. I appreciate you time and knowledge that you are gifting to me and my sons PC.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by THEONE (administrator) on THEONE-PC on 23-09-2014 14:34:15
Running from C:\Users\THEONE\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\THEONE\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\THEONE\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Farbar) C:\Users\THEONE\Desktop\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2013-02-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1078592 2011-09-08] (D-Link Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-18] (Samsung Electronics)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [Akamai NetSession Interface] => C:\Users\THEONE\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [Spybot-S&D Cleaning] => E:\PortableApps\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd02-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd04-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd1b-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
Startup: C:\Users\THEONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0CFF6ACF-F772-4861-BA99-4FE13986F075}: [NameServer] 176.58.107.53,54.247.108.9

FireFox:
========
FF ProfilePath: C:\Users\THEONE\AppData\Roaming\Mozilla\Firefox\Profiles\a64imy6j.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: hxxp://www.google.com.au/
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=a8dd8ec8e6ed4174b786c7637e01be90&tu=10G90007t2B0008&sku=&tstsId=&ver=&&q=
FF NetworkProxy: "type", 0
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\THEONE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-03-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-03-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-02-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-04-22]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-04-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR NewTab: Default -> "chrome-extension://kelpionihcglhjecfkpllhkjidamjcni/spent.html", "chrome-extension://idaejmfdnhppcafgpigdoopbpocbficf/spent.html"
CHR DefaultSearchKeyword: Default -> BBD416A91AC9F582371C1AD341D94072D4CDE759C0E2D0CC7F9A30A4015BD041
CHR DefaultSearchURL: Default -> 2A3B88B8F199DB5ACD5FB2BFD84FA70B09D2C83C999E2BF24F0C4797573B324C
CHR Profile: C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12]
CHR Extension: (Google Drive) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google Search) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-02-17]
CHR Extension: (Undeaddies) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelpionihcglhjecfkpllhkjidamjcni [2014-09-04]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-02-12]
CHR Extension: (Google Wallet) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Gmail) - C:\Users\THEONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarm.crx [2013-11-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-06] () [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-04-01] (Ellora Assets Corp.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-09-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2011-09-09] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2013-02-17] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-07-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-09-07] () [File not signed]
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2013-05-25] (ITE                      )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-02-01] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 14:34 - 2014-09-23 14:23 - 00401920 _____ (Farbar) C:\Users\THEONE\Desktop\MiniToolBox.exe
2014-09-23 14:32 - 2014-09-23 14:31 - 02105856 _____ (Farbar) C:\Users\THEONE\Desktop\FRST64(2).exe
2014-09-23 14:32 - 2014-09-23 14:21 - 00415232 _____ (Farbar) C:\Users\THEONE\Desktop\FSS.exe
2014-09-19 09:08 - 2014-09-23 14:34 - 00020657 _____ () C:\Users\THEONE\Desktop\FRST.txt
2014-09-19 09:07 - 2014-09-19 09:08 - 00040870 _____ () C:\Users\THEONE\Desktop\Addition.txt
2014-09-18 13:10 - 2014-09-18 13:10 - 00013050 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-09-18 13:10 - 2014-09-18 13:09 - 00017308 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-09-18 13:09 - 2014-09-18 13:01 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-09-18 12:11 - 2014-09-18 12:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-09-18 12:11 - 2014-09-15 08:44 - 05578360 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-09-18 12:10 - 2014-09-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-18 12:10 - 2014-09-18 12:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-18 12:10 - 2014-09-18 12:10 - 00002215 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-09-18 12:10 - 2014-09-18 12:10 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 12:10 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-09-18 12:10 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-18 12:09 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator
2014-09-18 12:09 - 2014-09-18 12:09 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-18 12:09 - 2012-03-01 17:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-09-18 12:09 - 2011-07-05 20:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-09-18 12:09 - 2009-07-14 14:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-18 12:09 - 2009-07-14 14:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-17 09:39 - 2014-09-17 09:12 - 05579386 ____R (Swearware) C:\Users\THEONE\Desktop\ComboFix(1).exe
2014-09-17 09:14 - 2014-09-17 09:14 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 09:14 - 2014-09-17 09:14 - 00000000 ____D () C:\Qoobox
2014-09-16 08:31 - 2014-09-16 10:18 - 00000000 ____D () C:\AdwCleaner
2014-09-16 08:08 - 2014-09-16 08:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 08:08 - 2014-09-16 08:06 - 01373475 _____ () C:\Users\THEONE\Desktop\adwcleaner_3.310.exe
2014-09-16 08:08 - 2014-09-16 08:04 - 01016261 _____ (Thisisu) C:\Users\THEONE\Desktop\JRT.exe
2014-09-15 09:01 - 2014-09-23 14:34 - 00000000 ____D () C:\FRST
2014-09-14 12:28 - 2014-09-14 12:28 - 00000000 ____D () C:\Users\THEONE\Desktop\comintrep_2103
2014-09-14 12:28 - 2014-09-14 09:30 - 01378217 _____ () C:\Users\THEONE\Desktop\comintrep_2103.zip
2014-09-07 10:07 - 2014-09-07 10:07 - 00174337 _____ () C:\ProgramData\1410048322.bdinstall.bin
2014-09-07 10:05 - 2014-09-07 10:05 - 00037823 _____ () C:\ProgramData\1410048321.bdinstall.bin
2014-09-07 10:05 - 2014-09-07 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-09-06 23:18 - 2014-09-06 23:18 - 00000000 __SHD () C:\found.000
2014-09-06 15:38 - 2009-06-11 07:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140906-153812.backup
2014-09-06 15:14 - 2014-09-06 15:15 - 00001334 _____ () C:\Windows\wininit.ini
2014-09-04 11:37 - 2014-09-06 11:13 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000
2014-09-04 11:37 - 2014-09-06 11:13 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1515753734-2087693357-796947920-1000
2014-08-29 20:52 - 2014-08-29 20:52 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (6).exe
2014-08-29 19:56 - 2014-08-29 19:56 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2014-08-29 19:56 - 2014-08-29 19:56 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-08-29 15:28 - 2014-08-29 15:28 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (5).exe
2014-08-29 15:27 - 2014-08-29 15:27 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (4).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup.exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (3).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (2).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (1).exe
2014-08-28 10:18 - 2014-08-23 12:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:18 - 2014-08-23 11:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:18 - 2014-08-23 10:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 19:23 - 2014-09-06 10:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 19:22 - 2014-09-07 09:54 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 19:22 - 2014-08-24 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 19:22 - 2014-08-24 19:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 19:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 14:34 - 2014-09-19 09:08 - 00020657 _____ () C:\Users\THEONE\Desktop\FRST.txt
2014-09-23 14:34 - 2014-09-15 09:01 - 00000000 ____D () C:\FRST
2014-09-23 14:32 - 2009-07-14 15:13 - 00006410 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 14:31 - 2014-09-23 14:32 - 02105856 _____ (Farbar) C:\Users\THEONE\Desktop\FRST64(2).exe
2014-09-23 14:31 - 2011-10-03 18:07 - 00000000 ____D () C:\Users\THEONE\AppData\Local\Adobe
2014-09-23 14:29 - 2012-03-27 23:49 - 00210357 _____ () C:\Windows\setupact.log
2014-09-23 14:29 - 2011-07-19 16:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 14:27 - 2011-07-19 16:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 14:23 - 2014-09-23 14:34 - 00401920 _____ (Farbar) C:\Users\THEONE\Desktop\MiniToolBox.exe
2014-09-23 14:21 - 2014-09-23 14:32 - 00415232 _____ (Farbar) C:\Users\THEONE\Desktop\FSS.exe
2014-09-23 14:06 - 2012-07-31 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 14:03 - 2011-06-10 01:33 - 01534379 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 09:06 - 2009-07-14 14:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 09:06 - 2009-07-14 14:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 08:58 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 09:08 - 2014-09-19 09:07 - 00040870 _____ () C:\Users\THEONE\Desktop\Addition.txt
2014-09-18 13:10 - 2014-09-18 13:10 - 00013050 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-09-18 13:09 - 2014-09-18 13:10 - 00017308 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-09-18 13:01 - 2014-09-18 13:09 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-09-18 12:20 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-18 12:20 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-18 12:11 - 2014-09-18 12:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-09-18 12:10 - 2014-09-18 12:10 - 00002215 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-09-18 12:10 - 2014-09-18 12:10 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 12:10 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-09-18 12:10 - 2014-09-18 12:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-18 12:10 - 2014-09-18 12:09 - 00000000 ____D () C:\Users\Administrator
2014-09-18 12:10 - 2014-01-09 10:45 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-18 12:09 - 2014-09-18 12:09 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-17 09:14 - 2014-09-17 09:14 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 09:14 - 2014-09-17 09:14 - 00000000 ____D () C:\Qoobox
2014-09-17 09:12 - 2014-09-17 09:39 - 05579386 ____R (Swearware) C:\Users\THEONE\Desktop\ComboFix(1).exe
2014-09-16 10:20 - 2014-03-05 10:15 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Skype
2014-09-16 10:19 - 2012-03-27 23:49 - 01084014 _____ () C:\Windows\PFRO.log
2014-09-16 10:18 - 2014-09-16 08:31 - 00000000 ____D () C:\AdwCleaner
2014-09-16 08:08 - 2014-09-16 08:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 08:06 - 2014-09-16 08:08 - 01373475 _____ () C:\Users\THEONE\Desktop\adwcleaner_3.310.exe
2014-09-16 08:04 - 2014-09-16 08:08 - 01016261 _____ (Thisisu) C:\Users\THEONE\Desktop\JRT.exe
2014-09-15 08:44 - 2014-09-18 12:11 - 05578360 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-09-14 12:28 - 2014-09-14 12:28 - 00000000 ____D () C:\Users\THEONE\Desktop\comintrep_2103
2014-09-14 09:30 - 2014-09-14 12:28 - 01378217 _____ () C:\Users\THEONE\Desktop\comintrep_2103.zip
2014-09-07 10:07 - 2014-09-07 10:07 - 00174337 _____ () C:\ProgramData\1410048322.bdinstall.bin
2014-09-07 10:05 - 2014-09-07 10:05 - 00037823 _____ () C:\ProgramData\1410048321.bdinstall.bin
2014-09-07 10:05 - 2014-09-07 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-09-07 10:05 - 2014-03-29 09:40 - 00000000 _____ () C:\Windows\system32\Drivers\avchv.sys
2014-09-07 09:54 - 2014-08-24 19:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 23:18 - 2014-09-06 23:18 - 00000000 __SHD () C:\found.000
2014-09-06 22:55 - 2009-07-14 12:34 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-09-06 15:38 - 2009-07-14 12:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140906-225557.backup
2014-09-06 15:15 - 2014-09-06 15:14 - 00001334 _____ () C:\Windows\wininit.ini
2014-09-06 12:22 - 2011-07-01 12:19 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\SystemRequirementsLab
2014-09-06 11:13 - 2014-09-04 11:37 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000
2014-09-06 11:13 - 2014-09-04 11:37 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1515753734-2087693357-796947920-1000
2014-09-06 10:47 - 2011-07-19 15:21 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Lost Marble
2014-09-06 10:41 - 2014-08-24 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 19:19 - 2014-02-15 10:52 - 00029696 ___SH () C:\Users\THEONE\Desktop\Thumbs.db
2014-09-05 18:58 - 2013-05-19 11:01 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Malwarebytes
2014-09-03 15:35 - 2011-10-04 19:04 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Apple Computer
2014-08-29 20:52 - 2014-08-29 20:52 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (6).exe
2014-08-29 19:56 - 2014-08-29 19:56 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2014-08-29 19:56 - 2014-08-29 19:56 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-08-29 15:28 - 2014-08-29 15:28 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (5).exe
2014-08-29 15:27 - 2014-08-29 15:27 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (4).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup.exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (3).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (2).exe
2014-08-29 15:18 - 2014-08-29 15:18 - 10117512 _____ () C:\Users\THEONE\Downloads\NexonLauncherSetup (1).exe
2014-08-29 08:29 - 2009-07-14 14:45 - 05037872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 10:19 - 2011-07-04 18:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-24 20:32 - 2013-03-24 21:25 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\RealNetworks
2014-08-24 20:32 - 2012-06-21 08:05 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\InstallShield Installation Information
2014-08-24 20:32 - 2011-10-22 16:01 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Samsung
2014-08-24 20:32 - 2011-07-19 16:24 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Macromedia
2014-08-24 20:25 - 2013-05-05 08:02 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Check Point Software Technologies LTD
2014-08-24 20:25 - 2013-05-02 21:54 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\FreemakeVideoDownloader
2014-08-24 20:25 - 2012-12-10 09:00 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\AVS4YOU
2014-08-24 20:25 - 2012-09-27 19:57 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\DVDVideoSoft
2014-08-24 20:25 - 2012-01-13 15:07 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Wings3D
2014-08-24 20:25 - 2011-07-23 15:53 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Unity
2014-08-24 20:25 - 2011-07-18 09:31 - 00000000 ____D () C:\Users\THEONE\AppData\Roaming\Reallusion
2014-08-24 19:22 - 2014-08-24 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 19:22 - 2014-08-24 19:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 19:22 - 2013-05-19 11:00 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 19:22 - 2013-05-19 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 19:22 - 2013-05-19 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\THEONE\AppData\Local\Temp\ANPDApi.dll
C:\Users\THEONE\AppData\Local\Temp\CubeLauncher.exe
C:\Users\THEONE\AppData\Local\Temp\DevSetup32.dll
C:\Users\THEONE\AppData\Local\Temp\DevSetup64.dll
C:\Users\THEONE\AppData\Local\Temp\DriverInstall32.exe
C:\Users\THEONE\AppData\Local\Temp\DriverInstall64.exe
C:\Users\THEONE\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\THEONE\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\KillProcess.exe
C:\Users\THEONE\AppData\Local\Temp\lowproc.exe
C:\Users\THEONE\AppData\Local\Temp\Quarantine.exe
C:\Users\THEONE\AppData\Local\Temp\SCC.dll
C:\Users\THEONE\AppData\Local\Temp\Setup.exe
C:\Users\THEONE\AppData\Local\Temp\stubhelper.dll
C:\Users\THEONE\AppData\Local\Temp\tbZone.dll
C:\Users\THEONE\AppData\Local\Temp\Uninstaller-4104.exe
C:\Users\THEONE\AppData\Local\Temp\_is36F7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 09:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by THEONE at 2014-09-23 14:35:03
Running from C:\Users\THEONE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
3D Bridge DS4 (64bit) (HKLM-x32\...\3D Bridge DS4 (64bit) 1.0.11.47) (Version: 1.0.11.47 - DAZ 3D)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 3.2.2 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 3.2.2 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anime Studio 5.6 (HKLM-x32\...\Anime Studio_is1) (Version:  - Smith Micro)
Anime Studio Pro 8.2 (HKLM-x32\...\ASP820_is1) (Version: 8.2 - Smith Micro Software, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Battlezone version 1.5.2.19 (HKLM-x32\...\{B3B61934-313A-44A2-B589-700FDAA6C758}_is1) (Version: 1.5.2.19 - www.battlezone1.com)
Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.1 - Belkin International, Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{CE9EE84E-F7A9-4256-8785-0CB35014DD33}) (Version: 0.9.26 - Kovid Goyal)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Studio 4.5 (64bit) (HKLM-x32\...\DAZ Studio 4.5 (64bit) 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
Decimator DS4 (64bit) (HKLM-x32\...\Decimator DS4 (64bit) 1.3.1.56) (Version: 1.3.1.56 - DAZ 3D)
Disney-Pixar WALL-E (HKCU\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Enemy Territory - QUAKE Wars™ Demo (HKLM-x32\...\InstallShield_{AEF04476-51FA-41F2-80F0-0AD9B026F46A}) (Version: 1.0 - Activision)
Enemy Territory - QUAKE Wars™ Demo (x32 Version: 1.0 - Activision) Hidden
Exporter DG Demo (HKLM-x32\...\{01B99B6F-826F-4274-83A3-D108E25BD7F4}) (Version: 1.2.0.0 - FaceGen)
FaceGen Modeller 3.5 Free (HKLM-x32\...\{86BDD105-114A-4B20-BF8B-E46C7159A641}) (Version: 3.5.3 - Singular Inversions Inc.)
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden
Free Video to MP3 Converter version 5.0.17.903 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.17.903 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.0 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoZ DS4 (64bit) (HKLM-x32\...\GoZ DS4 (64bit) 1.0.3.47) (Version: 1.0.3.47 - DAZ 3D)
iClone v4.31 EX (HKLM-x32\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.31.2517.1 - Reallusion Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 4.5.3 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.5.3 - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 19.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 en-GB)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mozilla Thunderbird (5.0) (HKLM-x32\...\Mozilla Thunderbird (5.0)) (Version: 5.0 (en-US) - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
P3dO Explorer (remove only) (HKLM-x32\...\P3dO Explorer) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pivot Stickfigure Animator version 2.2.6 (HKLM-x32\...\Pivot Stickfigure Animator_is1) (Version: 2.2.6 - )
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
Poser 7.0.4 Service Release (HKLM-x32\...\Poser 7_is1) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Sigil 0.7.1 (HKLM-x32\...\Sigil_is1) (Version:  - John Schember)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Star Wars Republic Commando Demo (HKLM-x32\...\{A4F9E9FE-A9C7-43FC-8AB7-06A87C3CE368}) (Version: 1.0 - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SweetIM for Messenger 3.3 (HKLM-x32\...\{1D301950-EA2F-4882-9AA0-49467756842A}) (Version: 3.3.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
The LEGO® Movie - Videogame (HKLM-x32\...\Steam App 267530) (Version:  - TT Fusion)
Total Annihilation (HKLM-x32\...\Total Annihilation) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 02:32:58 Installed Java 7 Update 67
22-08-2014 01:05:22 Scheduled Checkpoint
28-08-2014 09:32:28 Windows Update
04-09-2014 23:24:51 Scheduled Checkpoint
13-09-2014 00:52:57 Scheduled Checkpoint
22-09-2014 23:35:03 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-09-14 12:37 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0402F410-FBFF-452A-9984-61A6AA10BF1D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {049DD499-959D-45E4-965D-FCFF91A181D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {050C4DBF-0B9D-4CCD-B50D-C44B7FE09EDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-19] (Google Inc.)
Task: {0F9C533B-5816-432A-99A7-BD2E7849B0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {1DA3EF67-F1BC-4C33-B32D-59D6FC1AE480} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {2D1B1B79-E96D-4135-94FB-A8E9F1B49351} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {53B4E4C9-31F0-43F2-A7E2-FBEAFD754AB5} - System32\Tasks\AdobeAAMUpdater-1.0-THEONE-PC-THEONE => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {A79351C8-6A4E-46FF-980C-B9A4570746F5} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {AEA4DC90-E89F-4122-AE48-875ED1473040} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {BC5542CD-FF36-424E-AEDA-2218EB7C4D86} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E4531504-629D-46B3-986F-F18FDFD645DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBBF0DF0-E133-4177-8591-C4FE488A482F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F7F8D8B8-3C12-489F-99DC-43EC4F160B88} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1515753734-2087693357-796947920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-29 09:40 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-03-29 09:40 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-02-15 10:31 - 2011-03-01 08:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-01-12 20:07 - 2011-05-06 06:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2013-01-12 20:07 - 2011-05-06 06:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2013-01-12 20:07 - 2011-05-06 06:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2013-01-12 20:07 - 2011-05-06 06:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2013-01-12 20:07 - 2011-05-06 06:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2014-01-09 18:02 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
2011-09-09 17:02 - 2011-09-09 17:02 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-09-09 17:02 - 2011-09-09 17:02 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2011-06-10 01:36 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-09 18:03 - 2014-01-09 18:03 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2014-01-09 18:02 - 2010-05-13 10:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:0TjbXBgWJcnRXqNYS
AlternateDataStreams: C:\ProgramData\Microsoft:hd3X9kXmIJdTtdJ1uqmXlC9Dw
AlternateDataStreams: C:\Users\THEONE\Local Settings:2uHfhl1noXxYK7POXeSnh6GES
AlternateDataStreams: C:\Users\THEONE\Desktop\Akamai_NetSession_Installer.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\InstallPirate101 (1).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\InstallPirate101.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\kis14.0.0.4651abcdefEN_5874.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (1).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (2).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (3).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (4).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (5).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup (6).exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\NexonLauncherSetup.exe:BDU
AlternateDataStreams: C:\Users\THEONE\Downloads\SteamSetup.exe:BDU
AlternateDataStreams: C:\Users\THEONE\AppData\Local:2uHfhl1noXxYK7POXeSnh6GES
AlternateDataStreams: C:\Users\THEONE\AppData\Local\Application Data:2uHfhl1noXxYK7POXeSnh6GES

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 02:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2204716

Error: (09/23/2014 02:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2204716

Error: (09/23/2014 02:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/23/2014 02:35:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2195480

Error: (09/23/2014 02:35:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2195480

Error: (09/23/2014 02:35:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/23/2014 02:34:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2187930

Error: (09/23/2014 02:34:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2187930

Error: (09/23/2014 02:34:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/23/2014 02:34:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2178679


System errors:
=============
Error: (09/23/2014 02:34:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (09/23/2014 02:34:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (09/23/2014 02:34:43 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (09/23/2014 02:34:43 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (09/23/2014 02:34:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.

Error: (09/23/2014 02:34:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0

Error: (09/23/2014 02:34:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.

Error: (09/23/2014 02:34:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0

Error: (09/23/2014 02:34:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (09/23/2014 02:34:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-12 21:54:41.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 21:54:41.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 21:54:41.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 21:54:39.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 21:54:39.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 21:54:39.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 16:06:23.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 16:06:23.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 16:06:23.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 16:06:21.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 4094.49 MB
Available physical RAM: 2374.33 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 6241.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:209.62 GB) NTFS
Drive e: (BMW) (Removable) (Total:7.84 GB) (Free:6.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.9 GB) (Disk ID: 00283853)
Partition 1: (Active) - (Size=7.9 GB) - (Type=0B)

==================== End Of Log ============================

 

Farbar Service Scanner Version: 21-07-2014
Ran by THEONE (administrator) on 23-09-2014 at 14:48:41
Running from "C:\Users\THEONE\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by THEONE (administrator) on 23-09-2014 at 14:51:02
Running from "C:\Users\THEONE\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2) = Wireless Network Connection 2 (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : THEONE-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BigPond

Wireless LAN adapter Wireless Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 5C-D9-98-BF-ED-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2)
   Physical Address. . . . . . . . . : 5C-D9-98-BF-ED-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::40d1:a1c7:571b:bcbd%18(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.188.189(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 90-2B-34-00-FA-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  10.0.0.138

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  10.0.0.138

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...5c d9 98 bf ed ae ......Microsoft Virtual WiFi Miniport Adapter
 18...5c d9 98 bf ed af ......D-Link DWA-125 Wireless N 150 USB Adapter(rev.A2)
 16...90 2b 34 00 fa 48 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.188.189    281
  169.254.188.189  255.255.255.255         On-link   169.254.188.189    281
  169.254.255.255  255.255.255.255         On-link   169.254.188.189    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   169.254.188.189    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   169.254.188.189    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    281 fe80::/64                On-link
 18    281 fe80::40d1:a1c7:571b:bcbd/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****
 

I think thats it Rowlando

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 23 September 2014 - 01:07 PM

Greetings Rowlando. It is nice to be able to work with you.

Could you please provide the link to Malwarebytes so I can review the steps already taken?

Can you tell me if you have other computers successfully accessing the internet through the same router? Are you able to hard wire your son's computer into the router to see if you get internet access?

Please consider and do this for me. Just so you know I do not expect the following steps to solve your internet issue.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I recommend uninstalling Spybot Search & Destroy at least while we are addressing your issues. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd02-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd04-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
HKU\S-1-5-21-1515753734-2087693357-796947920-1000\...\MountPoints2: {f936cd1b-910e-11e2-ae81-902b3400fa48} - E:\AutoRun.exe
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
C:\ProgramData\hash.dat
C:\Users\THEONE\AppData\Local\Temp\ANPDApi.dll
C:\Users\THEONE\AppData\Local\Temp\CubeLauncher.exe
C:\Users\THEONE\AppData\Local\Temp\DevSetup32.dll
C:\Users\THEONE\AppData\Local\Temp\DevSetup64.dll
C:\Users\THEONE\AppData\Local\Temp\DriverInstall32.exe
C:\Users\THEONE\AppData\Local\Temp\DriverInstall64.exe
C:\Users\THEONE\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\THEONE\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\THEONE\AppData\Local\Temp\KillProcess.exe
C:\Users\THEONE\AppData\Local\Temp\lowproc.exe
C:\Users\THEONE\AppData\Local\Temp\Quarantine.exe
C:\Users\THEONE\AppData\Local\Temp\SCC.dll
C:\Users\THEONE\AppData\Local\Temp\Setup.exe
C:\Users\THEONE\AppData\Local\Temp\stubhelper.dll
C:\Users\THEONE\AppData\Local\Temp\tbZone.dll
C:\Users\THEONE\AppData\Local\Temp\Uninstaller-4104.exe
C:\Users\THEONE\AppData\Local\Temp\_is36F7.exe
AlternateDataStreams: C:\ProgramData\Microsoft:0TjbXBgWJcnRXqNYS
AlternateDataStreams: C:\ProgramData\Microsoft:hd3X9kXmIJdTtdJ1uqmXlC9Dw
AlternateDataStreams: C:\Users\THEONE\Local Settings:2uHfhl1noXxYK7POXeSnh6GES
AlternateDataStreams: C:\Users\THEONE\AppData\Local:2uHfhl1noXxYK7POXeSnh6GES
AlternateDataStreams: C:\Users\THEONE\AppData\Local\Application Data:2uHfhl1noXxYK7POXeSnh6GES
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 01:22 AM

Hello Oh My

Well we have hit a real issue now, the pc will only load to a bank blue screen, even when I hold down the f8 key it will not start, it goes through the process of starting, holds at the start up giving me the option of starting in another mode but the key board dose not respond, and then it opens widows in normal mode and stops on a blue screen.

I closed down the pc last night after sending you the information on my other pc.

The pc's have access to the modem for networking and internet, only one pc is not running the one we are asking you to help us with.

Cheers,



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 24 September 2014 - 10:26 AM

Greetings,

If you only attempted to boot once please try it again. If it won't start properly check the keyboard again and see if you can boot into Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 06:22 PM

Hi Yes I have tried rebooting 3 times and tried booting into safe mode by holding down the F8 key. It still opens to a blue screen currently.

 

cheers Rowlando



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 24 September 2014 - 06:54 PM

Are you able to select Repair Your Computer after hitting F8?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 07:33 PM

Hi Not yet, trying again now.



#10 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 07:41 PM

Hi

 

I have tried a few times now, it seems I cannot get any response to booting in any mode, unless there is a different way of using the F8 Key I am a bit at a loss as to what it can do presently. cheers Rowlando



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 24 September 2014 - 08:24 PM

Can you explain exactly what happens when you try to boot? Do you hear any beeps? What do you see when it tries to load and what does it look like when it freezes? If it is a blue screen is there any information on it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 08:40 PM

Hi Gary

 

when I reboot, what happens is the normal beep, then the screen goes through its normal startup displaying its processes on the black screen in white lettering, then it holds on the start normally screen giving options to choose safe mode etc if I could use the keyboard I could move to the option of safe mode but the keyboard dose not work  ( ITs a wireless keyboard and mouse) after it says waiting doing the count down to start in normal mode for 24 seconds. I hold down the F8 key and it eventually reboots to a blank blue screen.

 

Thats it. Rowlando



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:36 PM

Posted 24 September 2014 - 08:42 PM

Do you have another keyboard you can try?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 08:48 PM

yes will do now



#15 rowlando

rowlando
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:10:36 AM

Posted 24 September 2014 - 08:58 PM

hi Gary

 

I put a wired usb keyboard in, tryed booting a few times, got a different result each time, if I did nothing on the keyboard it went quickly through start process no option or waiting to start normally and finishes to a blank blue screen,

 

If I press F8 nothing happens just blue screen.

 

If I press the arrow key or enter key I get this message on the black screen                      Try (hd0,0): NTFS5: and a blinking curser     I tried typing something in but nothing shows up.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users