Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poweliks won't be removed with MBAM Antirootkit


  • This topic is locked This topic is locked
9 replies to this topic

#1 SenzaDubbio

SenzaDubbio

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 24 September 2014 - 04:34 PM

Hello. I'm working on a laptop that was badly infected. After running the MBAM anti-rootkit, Roguekiller, and MBAM, when I run the MBAM anti-rootkit it will always find the two same infections! What can be done? I'll upload the two scans.

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 25 September 2014 - 04:18 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 SenzaDubbio

SenzaDubbio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 25 September 2014 - 09:22 AM

Thank you for jumping on the topic so fast. :)

 

 

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 25 September 2014 - 12:44 PM

Hi,

can you please paste the contents of the logs directly into the thread and not attached them, this makes it easier for me. Thank you. :)


Step 1

Please download this attached Attached File  fixlist.txt   9.18KB   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 SenzaDubbio

SenzaDubbio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 25 September 2014 - 01:17 PM

Hello there. Sorry about not pasting the contents!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014
Ran by Fred (administrator) on PAT-PC on 25-09-2014 14:12:26
Running from C:\HCSC
Loaded Profile: Fred (Available profiles: Pat & Fred & Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\...\Run: [Google Update] => C:\Users\Fred\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-16] (Google Inc.)
HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\...\MountPoints2: {21ab59f2-440b-11e4-afa3-d067e50ace7a} - E:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2CA227822776CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll ()
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Toolbar: HKCU - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: 127.0.0.1 localhost
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Fred\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.casualgames.com/?o=shp
CHR NewTab: Default -> "chrome-extension://oocaehgghkpmfmafjenhhnkbfdjjbkic/config/skin/new-tab.html"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchProvider: Default -> McAfee
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Fred\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fred\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Fred\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (MapsGalaxy Installer Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows LiveÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Fred\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaebkcmcljfhamfhikmklmcicckdchaa [2014-02-14]
CHR Extension: (No Name) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjgnlgmfllfopbcoadckoijnjcmaedb [2014-03-18]
CHR Extension: (YouTube) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-16]
CHR Extension: (Google Search) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-16]
CHR Extension: (Cleaner Facebook) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Gmail) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-09-24] ()
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_1; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 14:05 - 2014-09-25 14:10 - 00005498 _____ () C:\Windows\PFRO.log
2014-09-25 14:05 - 2014-09-25 14:10 - 00000112 _____ () C:\Windows\setupact.log
2014-09-25 14:05 - 2014-09-25 14:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 11:22 - 2014-09-25 11:22 - 00203857 _____ () C:\Users\Fred\Desktop\JRT.txt
2014-09-25 11:19 - 2014-09-25 11:19 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:08 - 2014-09-25 14:12 - 00000000 ____D () C:\FRST
2014-09-25 10:08 - 2014-09-25 10:08 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\U3
2014-09-24 17:19 - 2014-09-24 17:21 - 00002430 _____ () C:\Users\Fred\Desktop\Rkill.txt
2014-09-24 14:55 - 2014-09-24 15:41 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-24 14:55 - 2014-09-24 14:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-24 14:45 - 2014-09-24 14:48 - 00000000 ____D () C:\AdwCleaner
2014-09-24 13:00 - 2012-12-13 18:34 - 03999032 _____ (TeamViewer GmbH) C:\ProgramData\Microsoft\Windows\Start Menu\HCSC Remote Support.exe
2014-09-24 12:59 - 2014-09-25 14:12 - 00000000 ____D () C:\HCSC
2014-09-24 12:59 - 2014-09-24 12:59 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\HD Tune Pro
2014-09-22 19:47 - 2014-09-22 19:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8FBF80A0-4184-43EE-B9C6-F151AF79B9FF}
2014-09-20 22:49 - 2014-09-20 22:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6048FA3E-32C5-43EC-AD28-81D919CA102D}
2014-09-20 05:08 - 2014-09-20 05:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{05CDC479-33AD-40FA-A373-48A5737B89D9}
2014-09-18 20:42 - 2014-09-18 20:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\{933D2A63-DFD7-4621-B744-7DC0CD9CF13B}
2014-09-18 06:09 - 2014-09-18 06:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D272F08-7F59-48F4-93C8-648A22C16AB2}
2014-09-16 16:45 - 2014-09-16 16:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8195B4CF-1D3C-45A6-B993-F27268D783F4}
2014-09-15 05:48 - 2014-09-15 05:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CC788BA3-0292-4A38-93C6-8086E90FECED}
2014-09-14 06:28 - 2014-09-14 06:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{288E0192-3F96-4DF7-9B7D-586392BBC9E3}
2014-09-13 05:57 - 2014-09-13 05:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{699217DC-EE27-441E-9A88-AD5BC9834C9F}
2014-09-12 07:41 - 2014-09-12 07:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\{58769B4F-DD04-4B7F-A42F-FCC030215AA7}
2014-09-12 03:16 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:16 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:16 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:16 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:16 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:16 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:16 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:16 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:16 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:16 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:16 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:16 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:16 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:16 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:16 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:16 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:16 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:16 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:16 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:16 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:16 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:16 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:16 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:16 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:16 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:16 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:16 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:16 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:16 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:16 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:16 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:16 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:16 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:16 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:16 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:16 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:16 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:16 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:16 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:16 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:16 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:16 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:16 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:15 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:15 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:15 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:15 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:15 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:15 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:15 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:15 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:15 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:15 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:15 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:15 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:15 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:02 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:02 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 05:22 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 05:22 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 05:22 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 05:22 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 05:22 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 05:22 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 05:22 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 05:22 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 05:22 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 05:22 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 05:22 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 19:55 - 2014-09-10 19:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8617350F-30A6-46DD-A280-AE1896D0701C}
2014-09-10 06:01 - 2014-09-10 06:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FAA9174D-3388-47FE-B0CF-758FFB80384B}
2014-09-09 14:02 - 2014-09-09 14:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{ADC80DD5-F13C-4E06-9F3E-B6DAAD05C6D8}
2014-09-08 20:31 - 2014-09-08 20:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D27E8145-FD50-4EC1-B81C-942B5FE4C4B1}
2014-09-08 09:31 - 2014-09-08 09:31 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Oracle
2014-09-08 09:30 - 2014-09-08 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-08 09:29 - 2014-09-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 22:21 - 2014-09-07 22:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{58D5964B-93C8-4D0E-96B0-254344541377}
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{72E2A68A-C779-437C-BAC1-CFFFEA00CB7B}
2014-09-06 02:03 - 2014-09-06 02:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{167E304E-04D5-491E-8EB9-004F45424A01}
2014-09-02 20:09 - 2014-09-02 20:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9644FA05-8C1F-476C-9A07-2F78EF70B444}
2014-09-02 06:17 - 2014-09-02 06:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{222B45E1-2D41-4424-9652-551807737C78}
2014-09-01 05:55 - 2014-09-01 05:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{641CB85E-10E3-45A6-9FCA-4246703010ED}
2014-08-30 22:25 - 2014-08-30 22:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0788D955-1057-45C7-9998-86FF86B365B8}
2014-08-30 05:33 - 2014-08-30 05:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CAA16718-AC7E-4559-A964-27173DAC31C9}
2014-08-30 05:31 - 2014-08-30 05:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{28532A71-0BBC-4E21-9DD6-FDCED60B0358}
2014-08-28 05:34 - 2014-08-28 05:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DF58AA9A-48F2-4F2A-9773-8A65D57EF947}
2014-08-28 05:24 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 05:24 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 05:24 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 17:27 - 2014-08-26 17:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E1B96BFA-F038-44C1-A608-D963D5652BF9}
2014-08-26 04:55 - 2014-08-26 04:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{92DED75A-CBEE-4AE6-8723-486ABECA1D6C}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 14:12 - 2014-09-25 10:08 - 00000000 ____D () C:\FRST
2014-09-25 14:12 - 2014-09-24 12:59 - 00000000 ____D () C:\HCSC
2014-09-25 14:10 - 2014-09-25 14:05 - 00005498 _____ () C:\Windows\PFRO.log
2014-09-25 14:10 - 2014-09-25 14:05 - 00000112 _____ () C:\Windows\setupact.log
2014-09-25 14:10 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 14:09 - 2012-01-22 12:35 - 01643931 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 14:09 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:09 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:05 - 2014-09-25 14:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 14:05 - 2014-02-01 15:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-25 14:00 - 2012-04-16 13:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644298235-1129131300-2892704102-1004UA.job
2014-09-25 13:58 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 13:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-25 13:44 - 2014-04-29 14:06 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 13:44 - 2014-04-29 14:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 13:43 - 2013-11-23 15:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 11:45 - 2013-12-06 15:03 - 00000000 ____D () C:\Data
2014-09-25 11:38 - 2013-04-23 19:05 - 00003088 _____ () C:\Windows\System32\Tasks\{2DF30576-D0ED-4A9B-989A-3B40B5585F9A}
2014-09-25 11:38 - 2012-03-03 21:50 - 00003490 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-25 11:36 - 2012-02-20 13:39 - 00000000 ____D () C:\Users\Fred\Tracing
2014-09-25 11:22 - 2014-09-25 11:22 - 00203857 _____ () C:\Users\Fred\Desktop\JRT.txt
2014-09-25 11:19 - 2014-09-25 11:19 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:08 - 2014-09-25 10:08 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\U3
2014-09-24 22:49 - 2012-04-16 13:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644298235-1129131300-2892704102-1004Core.job
2014-09-24 17:21 - 2014-09-24 17:19 - 00002430 _____ () C:\Users\Fred\Desktop\Rkill.txt
2014-09-24 15:41 - 2014-09-24 14:55 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-24 14:55 - 2014-09-24 14:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-24 14:48 - 2014-09-24 14:45 - 00000000 ____D () C:\AdwCleaner
2014-09-24 14:43 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\addins
2014-09-24 12:59 - 2014-09-24 12:59 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\HD Tune Pro
2014-09-23 02:00 - 2012-08-14 19:06 - 00000412 _____ () C:\Windows\Tasks\vtscheduletask.job
2014-09-22 19:47 - 2014-09-22 19:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8FBF80A0-4184-43EE-B9C6-F151AF79B9FF}
2014-09-22 16:15 - 2014-03-05 22:52 - 00014075 _____ () C:\Users\Fred\Documents\Books Read 2014.xlsx
2014-09-20 22:49 - 2014-09-20 22:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6048FA3E-32C5-43EC-AD28-81D919CA102D}
2014-09-20 05:08 - 2014-09-20 05:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{05CDC479-33AD-40FA-A373-48A5737B89D9}
2014-09-18 20:42 - 2014-09-18 20:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\{933D2A63-DFD7-4621-B744-7DC0CD9CF13B}
2014-09-18 06:09 - 2014-09-18 06:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9D272F08-7F59-48F4-93C8-648A22C16AB2}
2014-09-17 14:25 - 2013-12-06 16:09 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\VIPRE
2014-09-16 16:46 - 2014-09-16 16:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8195B4CF-1D3C-45A6-B993-F27268D783F4}
2014-09-15 09:58 - 2011-12-11 17:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Nero
2014-09-15 05:48 - 2014-09-15 05:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CC788BA3-0292-4A38-93C6-8086E90FECED}
2014-09-14 06:28 - 2014-09-14 06:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{288E0192-3F96-4DF7-9B7D-586392BBC9E3}
2014-09-13 15:49 - 2014-03-18 20:34 - 00000000 ____D () C:\ProgramData\LuckySHHoppperr
2014-09-13 15:47 - 2011-12-17 20:12 - 00000000 ____D () C:\Program Files (x86)\iWin.com
2014-09-13 15:43 - 2011-11-28 18:56 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-13 15:43 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-13 15:40 - 2012-10-24 22:28 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\WildTangent
2014-09-13 15:40 - 2012-04-16 12:50 - 00000000 ____D () C:\Users\Fred\AppData\Local\Deployment
2014-09-13 15:40 - 2011-11-28 18:56 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-09-13 15:39 - 2012-04-22 11:16 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR
2014-09-13 15:39 - 2012-01-08 23:56 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casual Games
2014-09-13 15:38 - 2012-01-31 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2014-09-13 15:38 - 2012-01-31 22:39 - 00000000 ____D () C:\Program Files (x86)\eGames
2014-09-13 15:37 - 2013-12-03 21:57 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-13 15:37 - 2013-12-03 21:56 - 00002244 _____ () C:\ProgramData\hpzinstall.log
2014-09-13 15:37 - 2011-12-30 21:02 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-13 15:36 - 2013-12-03 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-13 15:36 - 2012-02-12 16:23 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\funkitron
2014-09-13 15:34 - 2011-12-17 17:29 - 00000000 ____D () C:\ProgramData\PogoDGC
2014-09-13 15:34 - 2011-12-10 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2014-09-13 15:33 - 2011-11-28 19:30 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-09-13 15:31 - 2011-12-10 20:18 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Pogo Games
2014-09-13 15:25 - 2011-11-28 19:02 - 00000000 ____D () C:\ProgramData\Cozi
2014-09-13 15:24 - 2013-12-24 23:35 - 00000000 ____D () C:\Program Files (x86)\casualgames_en
2014-09-13 05:57 - 2014-09-13 05:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{699217DC-EE27-441E-9A88-AD5BC9834C9F}
2014-09-12 07:41 - 2014-09-12 07:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\{58769B4F-DD04-4B7F-A42F-FCC030215AA7}
2014-09-12 07:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 03:15 - 2011-12-07 16:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 03:14 - 2011-02-10 12:10 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:13 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:02 - 2011-12-11 12:08 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:55 - 2014-09-10 19:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8617350F-30A6-46DD-A280-AE1896D0701C}
2014-09-10 06:02 - 2014-09-10 06:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FAA9174D-3388-47FE-B0CF-758FFB80384B}
2014-09-09 15:05 - 2011-11-28 19:04 - 00000000 ____D () C:\ProgramData\Temp
2014-09-09 14:02 - 2014-09-09 14:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\{ADC80DD5-F13C-4E06-9F3E-B6DAAD05C6D8}
2014-09-08 20:31 - 2014-09-08 20:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D27E8145-FD50-4EC1-B81C-942B5FE4C4B1}
2014-09-08 09:31 - 2014-09-08 09:31 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\Oracle
2014-09-08 09:30 - 2014-09-08 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-08 09:30 - 2014-09-08 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-08 09:30 - 2014-07-19 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-08 09:29 - 2014-09-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 22:22 - 2014-09-07 22:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{58D5964B-93C8-4D0E-96B0-254344541377}
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{72E2A68A-C779-437C-BAC1-CFFFEA00CB7B}
2014-09-06 10:16 - 2011-12-10 19:46 - 00000000 ____D () C:\Users\Fred\AppData\Local\Nero
2014-09-06 02:04 - 2014-09-06 02:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\{167E304E-04D5-491E-8EB9-004F45424A01}
2014-09-04 22:10 - 2014-09-11 05:22 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-11 05:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 20:09 - 2014-09-02 20:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9644FA05-8C1F-476C-9A07-2F78EF70B444}
2014-09-02 06:17 - 2014-09-02 06:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{222B45E1-2D41-4424-9652-551807737C78}
2014-09-01 05:55 - 2014-09-01 05:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{641CB85E-10E3-45A6-9FCA-4246703010ED}
2014-08-30 22:25 - 2014-08-30 22:25 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0788D955-1057-45C7-9998-86FF86B365B8}
2014-08-30 05:33 - 2014-08-30 05:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CAA16718-AC7E-4559-A964-27173DAC31C9}
2014-08-30 05:32 - 2014-08-30 05:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{28532A71-0BBC-4E21-9DD6-FDCED60B0358}
2014-08-29 03:17 - 2009-07-14 00:45 - 00396592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 05:34 - 2014-08-28 05:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DF58AA9A-48F2-4F2A-9773-8A65D57EF947}
2014-08-26 17:27 - 2014-08-26 17:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E1B96BFA-F038-44C1-A608-D963D5652BF9}
2014-08-26 04:55 - 2014-08-26 04:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\{92DED75A-CBEE-4AE6-8723-486ABECA1D6C}
 
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Fred\jagex_cl_runescape_LIVE.dat
C:\Users\Fred\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 02:24
 
==================== End Of Log ============================


#6 SenzaDubbio

SenzaDubbio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 25 September 2014 - 01:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014
Ran by Fred at 2014-09-25 14:09:11 Run:2
Running from C:\HCSC
Loaded Profile: Fred (Available profiles: Pat & Fred & Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\...\Run: [.tluafed** <*>] => C:\Users\Fred\Application Data\{000061A2-4753-186E-8440-89E615E4D2A8}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Psddruununer -> {38850730-D191-E0F3-8CC0-FA408E6EB0B6} -> C:\ProgramData\Psddruununer\Z5GuIH.x64.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\Psddruununer
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll No File
CHR Plugin: (MapsGalaxy Installer Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
CHR Extension: (Psddruununer) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgemmaecmhlallnjknacheacgfefddnl [2014-02-08]
CHR Extension: (leSs2pay) - C:\ProgramData\aelonkbgbjpnpkloagpmmjlponjpidfk\ [2014-05-21]
CHR Extension: (unicoupons) - C:\ProgramData\jblojeknpbobbpengcafkfomeeojchci\ [2014-05-21]
CHR Extension: (No Name) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocnpehkegbpccacccjaglmkjhdamekp [2014-01-29]
CHR Extension: (No Name) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkioalnloagbmkfgfbnifanpcknhipkc [2014-05-21]
S4 TotalRecipeSearch_14Service; C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe [X]
2014-09-13 17:26 - 2014-09-13 17:26 - 00007168 __RSH () C:\Users\Fred\AppData\Roaming\{000061A2-4753-186E-8440-89E615E4D2A8}.exe
2014-09-13 15:34 - 2014-09-13 15:34 - 00003350 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-09-13 15:31 - 2014-09-13 15:31 - 00000000 ____D () C:\Program Files (x86)\LuckySHHoppperr
2014-09-13 15:39 - 2014-01-29 09:35 - 00000000 ____D () C:\ProgramData\c5301b032554bc85
CustomCLSID: HKU\S-1-5-21-3644298235-1129131300-2892704102-1004_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-3644298235-1129131300-2892704102-1004_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
AlternateDataStreams: C:\ProgramData\Temp:0210221A
AlternateDataStreams: C:\ProgramData\Temp:0534C904
AlternateDataStreams: C:\ProgramData\Temp:05EAD381
AlternateDataStreams: C:\ProgramData\Temp:09843647
AlternateDataStreams: C:\ProgramData\Temp:0B44CA7A
AlternateDataStreams: C:\ProgramData\Temp:0CB91C31
AlternateDataStreams: C:\ProgramData\Temp:18491B67
AlternateDataStreams: C:\ProgramData\Temp:19DDD7FE
AlternateDataStreams: C:\ProgramData\Temp:1A5818E1
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA
AlternateDataStreams: C:\ProgramData\Temp:1EB80F40
AlternateDataStreams: C:\ProgramData\Temp:214562D2
AlternateDataStreams: C:\ProgramData\Temp:245D8023
AlternateDataStreams: C:\ProgramData\Temp:24BA7822
AlternateDataStreams: C:\ProgramData\Temp:25806534
AlternateDataStreams: C:\ProgramData\Temp:25FF8A61
AlternateDataStreams: C:\ProgramData\Temp:26233902
AlternateDataStreams: C:\ProgramData\Temp:2702660E
AlternateDataStreams: C:\ProgramData\Temp:2BEB74DB
AlternateDataStreams: C:\ProgramData\Temp:2E81DAB7
AlternateDataStreams: C:\ProgramData\Temp:30C74695
AlternateDataStreams: C:\ProgramData\Temp:318F58ED
AlternateDataStreams: C:\ProgramData\Temp:344AB8D4
AlternateDataStreams: C:\ProgramData\Temp:35DC822B
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:398D7697
AlternateDataStreams: C:\ProgramData\Temp:3D4041D5
AlternateDataStreams: C:\ProgramData\Temp:3F03D90F
AlternateDataStreams: C:\ProgramData\Temp:45A15C24
AlternateDataStreams: C:\ProgramData\Temp:4819880A
AlternateDataStreams: C:\ProgramData\Temp:4D7938F6
AlternateDataStreams: C:\ProgramData\Temp:4FCF116E
AlternateDataStreams: C:\ProgramData\Temp:55662D3E
AlternateDataStreams: C:\ProgramData\Temp:5E3B8D6E
AlternateDataStreams: C:\ProgramData\Temp:5E8CBF59
AlternateDataStreams: C:\ProgramData\Temp:647CCBD7
AlternateDataStreams: C:\ProgramData\Temp:6996F997
AlternateDataStreams: C:\ProgramData\Temp:69A6B28F
AlternateDataStreams: C:\ProgramData\Temp:6B79EC50
AlternateDataStreams: C:\ProgramData\Temp:6DF08885
AlternateDataStreams: C:\ProgramData\Temp:716BF8D6
AlternateDataStreams: C:\ProgramData\Temp:721C42E8
AlternateDataStreams: C:\ProgramData\Temp:72795520
AlternateDataStreams: C:\ProgramData\Temp:743FBFC6
AlternateDataStreams: C:\ProgramData\Temp:756A3FF0
AlternateDataStreams: C:\ProgramData\Temp:80197AB9
AlternateDataStreams: C:\ProgramData\Temp:8497EEBD
AlternateDataStreams: C:\ProgramData\Temp:8599F087
AlternateDataStreams: C:\ProgramData\Temp:891DBAFE
AlternateDataStreams: C:\ProgramData\Temp:8B22BB85
AlternateDataStreams: C:\ProgramData\Temp:957AADD7
AlternateDataStreams: C:\ProgramData\Temp:9703270C
AlternateDataStreams: C:\ProgramData\Temp:975C222A
AlternateDataStreams: C:\ProgramData\Temp:985A63CF
AlternateDataStreams: C:\ProgramData\Temp:9C697B60
AlternateDataStreams: C:\ProgramData\Temp:9F9D57FD
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9
AlternateDataStreams: C:\ProgramData\Temp:A0339DEA
AlternateDataStreams: C:\ProgramData\Temp:A1FB91CC
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB
AlternateDataStreams: C:\ProgramData\Temp:ACFD5043
AlternateDataStreams: C:\ProgramData\Temp:AF3CBD51
AlternateDataStreams: C:\ProgramData\Temp:B392E17F
AlternateDataStreams: C:\ProgramData\Temp:B79388B4
AlternateDataStreams: C:\ProgramData\Temp:B881EAB4
AlternateDataStreams: C:\ProgramData\Temp:B94EA84E
AlternateDataStreams: C:\ProgramData\Temp:B9A60C8F
AlternateDataStreams: C:\ProgramData\Temp:BADF2274
AlternateDataStreams: C:\ProgramData\Temp:BE6183AC
AlternateDataStreams: C:\ProgramData\Temp:C78BCC3F
AlternateDataStreams: C:\ProgramData\Temp:C78DECFC
AlternateDataStreams: C:\ProgramData\Temp:CD6978FC
AlternateDataStreams: C:\ProgramData\Temp:D0ED9DB7
AlternateDataStreams: C:\ProgramData\Temp:D2260E41
AlternateDataStreams: C:\ProgramData\Temp:DA6D0195
AlternateDataStreams: C:\ProgramData\Temp:DB39F2A2
AlternateDataStreams: C:\ProgramData\Temp:DE5D1324
AlternateDataStreams: C:\ProgramData\Temp:E0648389
AlternateDataStreams: C:\ProgramData\Temp:E0A2CC4D
AlternateDataStreams: C:\ProgramData\Temp:E1A6780D
AlternateDataStreams: C:\ProgramData\Temp:E2B0AAB4
AlternateDataStreams: C:\ProgramData\Temp:E2D111A5
AlternateDataStreams: C:\ProgramData\Temp:E380FC9B
AlternateDataStreams: C:\ProgramData\Temp:E44ACF96
AlternateDataStreams: C:\ProgramData\Temp:E4FB4BB0
AlternateDataStreams: C:\ProgramData\Temp:E6A94369
AlternateDataStreams: C:\ProgramData\Temp:E8CEBA15
AlternateDataStreams: C:\ProgramData\Temp:EA2D188A
AlternateDataStreams: C:\ProgramData\Temp:EB79FDF8
AlternateDataStreams: C:\ProgramData\Temp:F114CDB5
AlternateDataStreams: C:\ProgramData\Temp:F7EF495C
AlternateDataStreams: C:\ProgramData\Temp:FB967D49
AlternateDataStreams: C:\ProgramData\Temp:FD20BDA6
AlternateDataStreams: C:\ProgramData\Temp:FE144218
File: C:\Windows\System32\THUMBCACHE.DLL
File: C:\Windows\SysWOW64\THUMBCACHE.DLL
EmptyTemp:
 
*****************
 
Processes closed successfully.
HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value not found.
"HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-3644298235-1129131300-2892704102-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
earchScopes: HKLM - {2e51ec4e-2fa9-40fa-9007-2411de34e7ca} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YWxdm001YYus&ptb=888F8FE0-BC37-40BE-A729-E097F88E7483&ind=2011092911&ptnrS=YWxdm001YYus&si=maps4pc&n=77ded7af&psa=&st=sb&searchfor={searchTerms} => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key not found.
"HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}" => Key not found.
"HKCR\Wow6432Node\CLSID\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE1D1DCE-38B6-4192-82C5-A733348034AC}" => Key not found.
"HKCR\CLSID\{BE1D1DCE-38B6-4192-82C5-A733348034AC}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38850730-D191-E0F3-8CC0-FA408E6EB0B6}" => Key not found.
"HKCR\CLSID\{38850730-D191-E0F3-8CC0-FA408E6EB0B6}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
"C:\ProgramData\Psddruununer" => File/Directory not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin" => Key not found.
C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\NP29Stub.dll not found.
C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll not found.
C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgemmaecmhlallnjknacheacgfefddnl directory not found.
C:\ProgramData\aelonkbgbjpnpkloagpmmjlponjpidfk\ directory not found.
C:\ProgramData\jblojeknpbobbpengcafkfomeeojchci\ directory not found.
C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\hocnpehkegbpccacccjaglmkjhdamekp directory not found.
C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkioalnloagbmkfgfbnifanpcknhipkc directory not found.
TotalRecipeSearch_14Service => Service not found.
"C:\Users\Fred\AppData\Roaming\{000061A2-4753-186E-8440-89E615E4D2A8}.exe" => File/Directory not found.
"C:\Windows\System32\Tasks\RunAsStdUser Task" => File/Directory not found.
"C:\Program Files (x86)\LuckySHHoppperr" => File/Directory not found.
"C:\ProgramData\c5301b032554bc85" => File/Directory not found.
"HKU\S-1-5-21-3644298235-1129131300-2892704102-1004_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}" => Key not found.
"HKU\S-1-5-21-3644298235-1129131300-2892704102-1004_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}" => Key not found.
"C:\ProgramData\Temp" => ":0210221A" ADS not found.
"C:\ProgramData\Temp" => ":0534C904" ADS not found.
"C:\ProgramData\Temp" => ":05EAD381" ADS not found.
"C:\ProgramData\Temp" => ":09843647" ADS not found.
"C:\ProgramData\Temp" => ":0B44CA7A" ADS not found.
"C:\ProgramData\Temp" => ":0CB91C31" ADS not found.
"C:\ProgramData\Temp" => ":18491B67" ADS not found.
"C:\ProgramData\Temp" => ":19DDD7FE" ADS not found.
"C:\ProgramData\Temp" => ":1A5818E1" ADS not found.
"C:\ProgramData\Temp" => ":1E6EDDAA" ADS not found.
"C:\ProgramData\Temp" => ":1EB80F40" ADS not found.
"C:\ProgramData\Temp" => ":214562D2" ADS not found.
"C:\ProgramData\Temp" => ":245D8023" ADS not found.
"C:\ProgramData\Temp" => ":24BA7822" ADS not found.
"C:\ProgramData\Temp" => ":25806534" ADS not found.
"C:\ProgramData\Temp" => ":25FF8A61" ADS not found.
"C:\ProgramData\Temp" => ":26233902" ADS not found.
"C:\ProgramData\Temp" => ":2702660E" ADS not found.
"C:\ProgramData\Temp" => ":2BEB74DB" ADS not found.
"C:\ProgramData\Temp" => ":2E81DAB7" ADS not found.
"C:\ProgramData\Temp" => ":30C74695" ADS not found.
"C:\ProgramData\Temp" => ":318F58ED" ADS not found.
"C:\ProgramData\Temp" => ":344AB8D4" ADS not found.
"C:\ProgramData\Temp" => ":35DC822B" ADS not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.
"C:\ProgramData\Temp" => ":398D7697" ADS not found.
"C:\ProgramData\Temp" => ":3D4041D5" ADS not found.
"C:\ProgramData\Temp" => ":3F03D90F" ADS not found.
"C:\ProgramData\Temp" => ":45A15C24" ADS not found.
"C:\ProgramData\Temp" => ":4819880A" ADS not found.
"C:\ProgramData\Temp" => ":4D7938F6" ADS not found.
"C:\ProgramData\Temp" => ":4FCF116E" ADS not found.
"C:\ProgramData\Temp" => ":55662D3E" ADS not found.
"C:\ProgramData\Temp" => ":5E3B8D6E" ADS not found.
"C:\ProgramData\Temp" => ":5E8CBF59" ADS not found.
"C:\ProgramData\Temp" => ":647CCBD7" ADS not found.
"C:\ProgramData\Temp" => ":6996F997" ADS not found.
"C:\ProgramData\Temp" => ":69A6B28F" ADS not found.
"C:\ProgramData\Temp" => ":6B79EC50" ADS not found.
"C:\ProgramData\Temp" => ":6DF08885" ADS not found.
"C:\ProgramData\Temp" => ":716BF8D6" ADS not found.
"C:\ProgramData\Temp" => ":721C42E8" ADS not found.
"C:\ProgramData\Temp" => ":72795520" ADS not found.
"C:\ProgramData\Temp" => ":743FBFC6" ADS not found.
"C:\ProgramData\Temp" => ":756A3FF0" ADS not found.
"C:\ProgramData\Temp" => ":80197AB9" ADS not found.
"C:\ProgramData\Temp" => ":8497EEBD" ADS not found.
"C:\ProgramData\Temp" => ":8599F087" ADS not found.
"C:\ProgramData\Temp" => ":891DBAFE" ADS not found.
"C:\ProgramData\Temp" => ":8B22BB85" ADS not found.
"C:\ProgramData\Temp" => ":957AADD7" ADS not found.
"C:\ProgramData\Temp" => ":9703270C" ADS not found.
"C:\ProgramData\Temp" => ":975C222A" ADS not found.
"C:\ProgramData\Temp" => ":985A63CF" ADS not found.
"C:\ProgramData\Temp" => ":9C697B60" ADS not found.
"C:\ProgramData\Temp" => ":9F9D57FD" ADS not found.
"C:\ProgramData\Temp" => ":9FB9D3B9" ADS not found.
"C:\ProgramData\Temp" => ":A0339DEA" ADS not found.
"C:\ProgramData\Temp" => ":A1FB91CC" ADS not found.
"C:\ProgramData\Temp" => ":ACE7A9BB" ADS not found.
"C:\ProgramData\Temp" => ":ACFD5043" ADS not found.
"C:\ProgramData\Temp" => ":AF3CBD51" ADS not found.
"C:\ProgramData\Temp" => ":B392E17F" ADS not found.
"C:\ProgramData\Temp" => ":B79388B4" ADS not found.
"C:\ProgramData\Temp" => ":B881EAB4" ADS not found.
"C:\ProgramData\Temp" => ":B94EA84E" ADS not found.
"C:\ProgramData\Temp" => ":B9A60C8F" ADS not found.
"C:\ProgramData\Temp" => ":BADF2274" ADS not found.
"C:\ProgramData\Temp" => ":BE6183AC" ADS not found.
"C:\ProgramData\Temp" => ":C78BCC3F" ADS not found.
"C:\ProgramData\Temp" => ":C78DECFC" ADS not found.
"C:\ProgramData\Temp" => ":CD6978FC" ADS not found.
"C:\ProgramData\Temp" => ":D0ED9DB7" ADS not found.
"C:\ProgramData\Temp" => ":D2260E41" ADS not found.
"C:\ProgramData\Temp" => ":DA6D0195" ADS not found.
"C:\ProgramData\Temp" => ":DB39F2A2" ADS not found.
"C:\ProgramData\Temp" => ":DE5D1324" ADS not found.
"C:\ProgramData\Temp" => ":E0648389" ADS not found.
"C:\ProgramData\Temp" => ":E0A2CC4D" ADS not found.
"C:\ProgramData\Temp" => ":E1A6780D" ADS not found.
"C:\ProgramData\Temp" => ":E2B0AAB4" ADS not found.
"C:\ProgramData\Temp" => ":E2D111A5" ADS not found.
"C:\ProgramData\Temp" => ":E380FC9B" ADS not found.
"C:\ProgramData\Temp" => ":E44ACF96" ADS not found.
"C:\ProgramData\Temp" => ":E4FB4BB0" ADS not found.
"C:\ProgramData\Temp" => ":E6A94369" ADS not found.
"C:\ProgramData\Temp" => ":E8CEBA15" ADS not found.
"C:\ProgramData\Temp" => ":EA2D188A" ADS not found.
"C:\ProgramData\Temp" => ":EB79FDF8" ADS not found.
"C:\ProgramData\Temp" => ":F114CDB5" ADS not found.
"C:\ProgramData\Temp" => ":F7EF495C" ADS not found.
"C:\ProgramData\Temp" => ":FB967D49" ADS not found.
"C:\ProgramData\Temp" => ":FD20BDA6" ADS not found.
"C:\ProgramData\Temp" => ":FE144218" ADS not found.
 
========================= File: C:\Windows\System32\THUMBCACHE.DLL ========================
 
"C:\Windows\System32\THUMBCACHE.DLL" not found.
====== End Of File: ======
 
 
========================= File: C:\Windows\SysWOW64\THUMBCACHE.DLL ========================
 
"C:\Windows\SysWOW64\THUMBCACHE.DLL" not found.
====== End Of File: ======
 
EmptyTemp: => Removed 20 KB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 26 September 2014 - 05:02 AM

Ok, it's looking better already.
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    thumbcache.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#8 SenzaDubbio

SenzaDubbio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 26 September 2014 - 12:04 PM

Thank you for all your help. I was able to run the MBAM anti-rootkit without any trace of the Poweliks. :) I'm content.



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 26 September 2014 - 03:25 PM

Malwarebytes has deleted too much. If you want me to repair it then please do the above step to start with.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 29 September 2014 - 09:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users