Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Traffagon virus(?)


  • This topic is locked This topic is locked
70 replies to this topic

#1 Robdam

Robdam

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 26 September 2014 - 03:19 AM

Every few minutes I get a pop-up from my Eset Nod32 antivirus stating: "Address has been blocked. URL address: http://traffagon.in/index.php

 

At times, I also get a Malewarebytes pop up with the following message: "Malicious Website Blocked" sometimes inbound, sometimes outbound.

 

So far I've ran scans with Eset NOD32, Spybot, AdwCleaner, Combofix, HitmanPro, TDSSkiller, Malewarebytes and have not found anything helpful.

 

Here's the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 1.6.0_37
Run by admin at 15:35:49 on 2014-09-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2000.705 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\admin\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Aimersoft Video Converter Ultimate 6.1.0: {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - c:\programdata\aimersoft\video converter ultimate\WSBrowserAppMgr.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AllGamesHome Toolbar: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\users\admin\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 121.1.3.82 121.1.3.20 121.1.3.250
TCP: Interfaces\{43AF8CF3-8F03-4C52-8B38-F7369C3C640D} : DHCPNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
TCP: Interfaces\{FB40511B-E279-4DBF-9FBA-0FA5776520F4} : DHCPNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4780tjln.default-1409054229779\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bdisk;Comodo Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2014-7-24 78816]
R0 CBUFS;CBUFS;c:\windows\system32\drivers\CBUFS.sys [2014-7-24 277472]
R0 cbvd;Comodo Backup Virtual Disk;c:\windows\system32\drivers\cbvd.sys [2014-7-24 571144]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 Reparse;Reparse;c:\windows\system32\drivers\CBreparse.sys [2014-7-24 573344]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-19 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-19 860472]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95920]
R2 WiseFS;WiseFS;c:\program files\wise\wise folder hider\WiseFs32.sys [2014-9-1 9256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-19 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-19 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-19 51928]
R3 Neo_rob;VPN Client Device Driver - rob;c:\windows\system32\drivers\Neo_0003.sys [2014-7-27 26208]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\drivers\vdbus.sys [2014-5-1 710328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-10-7 1108480]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-10-25 480128]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2011-10-25 1472768]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe  [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-11 108032]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2014-5-26 24880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-28 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-9-20 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-26 1343400]
S4 COSService.exe;COMODO Online Storage Service;c:\program files\comodo\common\COSService.exe [2014-7-24 3083968]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2014-6-24 481304]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-23 1153368]
S4 SEVPNCLIENT;SoftEther VPN Client;c:\program files\softether vpn client\vpnclient.exe [2014-7-27 3544632]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S4 SOHDms;Sony Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2014-1-16 495248]
S4 SOHDs;Sony Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2013-12-3 79000]
S4 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2011-12-1 230560]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
S4 SynchronizationService.exe;COMODO BackUp Service;c:\program files\comodo\common\SynchronizationService.exe [2014-7-24 2793664]
.
=============== Created Last 30 ================
.
2014-09-26 05:57:54    908840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{c85be039-6b51-4b8e-b336-29d1ff7a5382}\gapaengine.dll
2014-09-26 05:57:14    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{0a247b2d-c147-46cd-b361-529050a1fe5a}\mpengine.dll
2014-09-24 23:02:59    4550304    ----a-w-    c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2014-09-24 23:02:59    3231696    ----a-w-    c:\program files\mozilla firefox\d3dcompiler_46.dll
2014-09-24 23:02:59    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-09-24 23:02:58    114288    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-09-24 23:02:57    74864    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-09-24 23:02:57    47216    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-09-24 23:02:56    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-09-24 09:47:55    908840    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-09-24 09:47:54    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{9fe0abd1-dbe3-47d9-9a6d-4638060f12cb}\gapaengine.dll
2014-09-24 09:47:31    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-23 22:02:45    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-20 07:47:44    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-09-20 07:30:09    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-09-20 07:30:05    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-20 07:30:03    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-09-20 07:30:02    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-20 07:30:01    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-09-20 07:30:01    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-09-20 07:30:01    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-09-20 07:30:01    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-09-20 07:30:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-09-20 07:30:00    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-09-20 07:30:00    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-09-20 07:25:22    514560    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 15:44:07    --------    d-----w-    C:\FRST
2014-09-19 14:57:39    --------    d-----w-    c:\programdata\HitmanPro
2014-09-19 13:01:00    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-19 13:00:10    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-19 13:00:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-19 13:00:10    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-19 13:00:10    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-19 11:35:39    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-19 09:15:56    --------    d-----w-    c:\program files\Microsoft Security Client
2014-09-19 09:14:29    8806800    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{0fdeab5e-9f5a-447b-9aba-4de46da7c341}\mpengine.dll
2014-09-19 07:50:40    --------    d-----w-    c:\programdata\Trymedia
2014-09-19 07:32:10    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-19 06:54:07    98816    ----a-w-    c:\windows\sed.exe
2014-09-19 06:54:07    256000    ----a-w-    c:\windows\PEV.exe
2014-09-19 06:54:07    208896    ----a-w-    c:\windows\MBR.exe
2014-09-19 06:32:51    --------    d-----w-    C:\AdwCleaner
2014-09-19 06:31:11    --------    d-----w-    c:\program files\Mozilla Firefox.bak
2014-09-18 23:26:35    1819648    ----a-w-    c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-09-18 13:52:21    28672    ----a-w-    c:\windows\system32\AVEQT.dll
2014-09-18 13:52:21    129024    ----a-w-    c:\windows\system32\AVERM.dll
2014-09-16 11:04:09    --------    d-----w-    c:\program files\AVCutty 3
2014-09-14 05:23:41    --------    d-----w-    c:\program files\LAV Filters
2014-09-14 05:23:36    --------    d-----w-    c:\program files\Haali
2014-09-14 05:23:33    --------    d-----w-    c:\program files\AviSynth 2.5
2014-09-14 05:23:18    1283584    ----a-w-    c:\windows\system32\VSFilter.dll
2014-09-14 05:23:17    --------    d-----w-    c:\program files\Sothink Video Converter
2014-09-14 05:23:17    --------    d-----w-    c:\program files\common files\SourceTec
2014-09-14 05:17:10    --------    d-----w-    c:\users\admin\appdata\roaming\Digiarty
2014-09-10 19:23:42    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 12:06:09    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 12:06:08    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 11:52:33    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 11:52:29    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 11:52:01    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-10 11:52:00    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-09 15:27:34    --------    d-----w-    c:\users\admin\appdata\roaming\AVCutty
2014-09-01 03:12:58    --------    d-----w-    c:\users\admin\appdata\local\Adobe
2014-09-01 02:53:08    --------    d-----w-    c:\program files\Wise
2014-08-27 22:28:11    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-08-27 22:28:10    305152    ----a-w-    c:\windows\system32\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-30 02:55:47    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-30 02:55:46    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-18 22:08:55    4232704    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-18 21:57:44    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-08-18 21:44:44    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54    2014208    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    c:\windows\system32\wininet.dll
2014-07-27 05:17:20    26208    ----a-w-    c:\windows\system32\drivers\Neo_0003.sys
2014-07-27 05:15:15    133688    ----a-w-    c:\windows\system32\vpncmd.exe
2014-07-24 18:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 08:09:12    78816    ----a-w-    c:\windows\system32\drivers\bdisk.sys
2014-07-24 08:09:12    573344    ----a-w-    c:\windows\system32\drivers\CBreparse.sys
2014-07-24 08:09:12    571144    ----a-w-    c:\windows\system32\drivers\cbvd.sys
2014-07-24 08:09:12    277472    ----a-w-    c:\windows\system32\drivers\CBUFS.sys
2014-07-17 10:05:08    95920    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 10:05:08    231800    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-07-14 01:42:02    654336    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32    6144    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31    6144    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-06-30 22:14:53    8856    ----a-w-    c:\windows\system32\icardres.dll
2012-08-25 22:48:05    22657136    ----a-w-    c:\program files\vlc-2.0.2-win32.exe
.
============= FINISH: 15:37:39.82 ===============
 

Thanks a lot for your help.

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 01 October 2014 - 03:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/549777 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 October 2014 - 09:02 AM

No changes since my original post, find the new log below. I do not have my original Windows DVD available.

 

Thanks for your help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 1.6.0_37
Run by admin at 21:56:36 on 2014-10-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2000.926 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SoftEther VPN Client\vpnclient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SoftEther VPN Client\vpnclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SoftEther VPN Client\vpncmgr.exe
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Aimersoft Video Converter Ultimate 6.1.0: {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - c:\programdata\aimersoft\video converter ultimate\WSBrowserAppMgr.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AllGamesHome Toolbar: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\users\admin\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SoftEther VPN Client UI Helper] "c:\program files\softether vpn client\vpnclient.exe" /uihelp
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\softet~1.lnk - c:\program files\softether vpn client\vpncmgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 121.1.3.82 121.1.3.20 121.1.3.250
TCP: Interfaces\{43AF8CF3-8F03-4C52-8B38-F7369C3C640D} : DHCPNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
TCP: Interfaces\{FB40511B-E279-4DBF-9FBA-0FA5776520F4} : DHCPNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4780tjln.default-1409054229779\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bdisk;Comodo Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2014-7-24 78816]
R0 CBUFS;CBUFS;c:\windows\system32\drivers\CBUFS.sys [2014-7-24 277472]
R0 cbvd;Comodo Backup Virtual Disk;c:\windows\system32\drivers\cbvd.sys [2014-7-24 571144]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 Reparse;Reparse;c:\windows\system32\drivers\CBreparse.sys [2014-7-24 573344]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R1 MpKsl41ddecfa;MpKsl41ddecfa;c:\programdata\microsoft\microsoft antimalware\definition updates\{05107e16-43c5-4a0a-aeae-73a9dde13590}\MpKsl41ddecfa.sys [2014-10-1 39464]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95920]
R2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\softether vpn client\vpnclient.exe [2014-9-28 3544632]
R2 WiseFS;WiseFS;c:\program files\wise\wise folder hider\WiseFs32.sys [2014-9-1 9256]
R3 Neo_rob;VPN Client Device Driver - rob;c:\windows\system32\drivers\Neo_0003.sys [2014-7-27 26208]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\drivers\vdbus.sys [2014-5-1 710328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-10-7 1108480]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-10-25 480128]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2011-10-25 1472768]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe  [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-11 108032]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2014-5-26 24880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-28 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-9-20 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-26 1343400]
S4 COSService.exe;COMODO Online Storage Service;c:\program files\comodo\common\COSService.exe [2014-7-24 3083968]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2014-6-24 481304]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-23 1153368]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S4 SOHDms;Sony Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2014-1-16 495248]
S4 SOHDs;Sony Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2013-12-3 79000]
S4 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2011-12-1 230560]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
S4 SynchronizationService.exe;COMODO BackUp Service;c:\program files\comodo\common\SynchronizationService.exe [2014-7-24 2793664]
.
=============== Created Last 30 ================
.
2014-10-01 06:20:39    39464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{05107e16-43c5-4a0a-aeae-73a9dde13590}\MpKsl41ddecfa.sys
2014-09-30 21:33:24    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{05107e16-43c5-4a0a-aeae-73a9dde13590}\mpengine.dll
2014-09-29 10:22:27    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-28 16:43:10    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-28 16:42:48    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-28 16:42:48    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-28 16:42:48    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-28 16:42:48    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-26 05:57:54    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{c85be039-6b51-4b8e-b336-29d1ff7a5382}\gapaengine.dll
2014-09-24 23:02:59    4550304    ----a-w-    c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2014-09-24 23:02:59    3231696    ----a-w-    c:\program files\mozilla firefox\d3dcompiler_46.dll
2014-09-24 23:02:59    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-09-24 23:02:58    114288    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-09-24 23:02:57    74864    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-09-24 23:02:57    47216    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-09-24 23:02:56    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-09-24 09:47:55    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-09-23 22:02:45    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-20 07:47:44    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-09-20 07:30:09    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-09-20 07:30:05    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-20 07:30:03    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-09-20 07:30:02    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-20 07:30:01    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-09-20 07:30:01    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-09-20 07:30:01    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-09-20 07:30:01    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-09-20 07:30:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-09-20 07:30:00    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-09-20 07:30:00    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-09-20 07:25:22    514560    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 15:44:07    --------    d-----w-    C:\FRST
2014-09-19 14:57:39    --------    d-----w-    c:\programdata\HitmanPro
2014-09-19 13:00:10    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-19 09:15:56    --------    d-----w-    c:\program files\Microsoft Security Client
2014-09-19 09:14:29    8806800    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{0fdeab5e-9f5a-447b-9aba-4de46da7c341}\mpengine.dll
2014-09-19 07:50:40    --------    d-----w-    c:\programdata\Trymedia
2014-09-19 07:32:10    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-19 06:54:07    98816    ----a-w-    c:\windows\sed.exe
2014-09-19 06:54:07    256000    ----a-w-    c:\windows\PEV.exe
2014-09-19 06:54:07    208896    ----a-w-    c:\windows\MBR.exe
2014-09-19 06:32:51    --------    d-----w-    C:\AdwCleaner
2014-09-19 06:31:11    --------    d-----w-    c:\program files\Mozilla Firefox.bak
2014-09-18 23:26:35    1819648    ----a-w-    c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-09-18 13:52:21    28672    ----a-w-    c:\windows\system32\AVEQT.dll
2014-09-18 13:52:21    129024    ----a-w-    c:\windows\system32\AVERM.dll
2014-09-16 11:04:09    --------    d-----w-    c:\program files\AVCutty 3
2014-09-14 05:23:41    --------    d-----w-    c:\program files\LAV Filters
2014-09-14 05:23:36    --------    d-----w-    c:\program files\Haali
2014-09-14 05:23:33    --------    d-----w-    c:\program files\AviSynth 2.5
2014-09-14 05:23:18    1283584    ----a-w-    c:\windows\system32\VSFilter.dll
2014-09-14 05:23:17    --------    d-----w-    c:\program files\Sothink Video Converter
2014-09-14 05:23:17    --------    d-----w-    c:\program files\common files\SourceTec
2014-09-14 05:17:10    --------    d-----w-    c:\users\admin\appdata\roaming\Digiarty
2014-09-10 19:23:42    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 12:06:09    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 12:06:08    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 11:52:33    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 11:52:29    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 11:52:01    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-10 11:52:00    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-09 15:27:34    --------    d-----w-    c:\users\admin\appdata\roaming\AVCutty
.
==================== Find3M  ====================
.
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-30 02:55:47    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-30 02:55:46    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 00:42:53    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-08-18 22:08:55    4232704    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-18 21:57:44    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-08-18 21:44:44    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54    2014208    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    c:\windows\system32\wininet.dll
2014-07-27 05:17:20    26208    ----a-w-    c:\windows\system32\drivers\Neo_0003.sys
2014-07-27 05:15:15    133688    ----a-w-    c:\windows\system32\vpncmd.exe
2014-07-24 18:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 08:09:12    78816    ----a-w-    c:\windows\system32\drivers\bdisk.sys
2014-07-24 08:09:12    573344    ----a-w-    c:\windows\system32\drivers\CBreparse.sys
2014-07-24 08:09:12    571144    ----a-w-    c:\windows\system32\drivers\cbvd.sys
2014-07-24 08:09:12    277472    ----a-w-    c:\windows\system32\drivers\CBUFS.sys
2014-07-17 10:05:08    95920    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 10:05:08    231800    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-07-14 01:42:02    654336    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32    6144    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31    6144    ----a-w-    c:\windows\system32\KBDBASH.DLL
2012-08-25 22:48:05    22657136    ----a-w-    c:\program files\vlc-2.0.2-win32.exe
.
============= FINISH: 21:58:00.41 ===============
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 03 October 2014 - 08:38 AM

Greetings Robdam and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 October 2014 - 10:19 AM

Hi Gary,

 

At this point,I have not been getting the Eset pop-up warning of Traffagon for several hours and the computer seems to behave normally. However, as I have not made any changes, I have to assume that the virus(?) is still there.

 

Here we go:

 

1) FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by admin (administrator) on ADMIN-PC on 03-10-2014 22:49:27
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(WiseCleaner.com) C:\Program Files\Wise\Wise Folder Hider\WiseFolderHider.exe
(Farbar) C:\Users\admin\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-09-28] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-30] (BitTorrent Inc.)
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe [851632 2014-08-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2800754329-4022657711-1508411351-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
URLSearchHook: HKLM - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} -  No File
SearchScopes: HKCU - {1FE8104F-7902-46A4-96F0-F85256E2D3CC} URL = https://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {CFBBF4FA-E86E-4AFF-9B6E-2C03AC2D005D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
SearchScopes: HKCU - {E04DD2DB-E704-4724-BE97-1412CB9DAA17} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=1c4e8b3b000000000000bc5ff4d21ce7&toi=16040&r=46
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files\AllGamesHome Toolbar\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 121.1.3.82 121.1.3.20 121.1.3.250

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4780tjln.default-1409054229779
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4780tjln.default-1409054229779\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-25]
FF HKLM\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: No Name - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-08-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-28]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR CustomProfile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2012-06-12]
CHR Extension: (Skype Click to Call) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-31]
CHR Extension: (Poppit) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-06-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3083968 2014-07-24] (COMODO Security Solutions)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3544632 2014-09-28] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S4 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2793664 2014-07-24] (COMODO Security Solutions)
S2 .EsetTrialReset; C:\Windows\reset.exe /s [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14464 2009-07-14] (Microsoft Corporation)
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [78816 2014-07-24] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [277472 2014-07-24] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [571144 2014-07-24] (COMODO Security Solutions Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl5a135b39; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96203DF1-AF17-457D-963C-8FC944B0EB4C}\MpKsl5a135b39.sys [39464 2014-10-03] (Microsoft Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2009-07-14] (Microsoft Corporation)
R3 Neo_rob; C:\Windows\System32\DRIVERS\Neo_0003.sys [26208 2014-07-27] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X32.sys [24880 2010-05-25] ()
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [573344 2014-07-24] (COMODO Security Solutions Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-06-26] () [File not signed]
R3 vdbus; C:\Windows\System32\DRIVERS\vdbus.sys [710328 2014-05-01] (COMODO Security Solutions Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
R2 WiseFS; C:\Program Files\Wise\Wise Folder Hider\WiseFs32.sys [9256 2014-03-14] ()
R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation)
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:49 - 2014-10-03 22:50 - 00016882 _____ () C:\Users\admin\Desktop\FRST.txt
2014-10-03 22:45 - 2014-10-03 22:46 - 01100800 _____ (Farbar) C:\Users\admin\Desktop\FRST(1).exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00019880 _____ () C:\Users\admin\Desktop\dds.txt
2014-10-01 21:58 - 2014-10-01 21:58 - 00013313 _____ () C:\Users\admin\Desktop\attach.txt
2014-10-01 21:55 - 2014-10-01 21:56 - 00688992 ____R (Swearware) C:\Users\admin\Downloads\dds(1).com
2014-10-01 13:01 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 00:43 - 2014-09-29 00:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 00:43 - 2014-09-29 00:43 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-29 00:43 - 2014-09-29 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-29 00:42 - 2014-09-29 00:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-29 00:42 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 00:42 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 00:42 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 00:32 - 2014-09-29 00:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-09-28 23:34 - 2014-09-28 23:34 - 00002066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2014-09-28 23:34 - 2014-09-28 23:34 - 00002060 _____ () C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2014-09-28 23:34 - 2014-09-28 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2014-09-28 23:16 - 2014-09-28 23:32 - 30843960 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\admin\Downloads\softether-vpnclient-v4.10-9473-beta-2014.07.12-windows-x86_x64-intel.exe
2014-09-27 19:30 - 2014-09-27 19:31 - 00389424 _____ () C:\Windows\Minidump\092714-19234-01.dmp
2014-09-27 19:30 - 2014-09-27 19:30 - 186883217 _____ () C:\Windows\MEMORY.DMP
2014-09-26 15:31 - 2014-09-26 15:34 - 00688992 ____R (Swearware) C:\Users\admin\Downloads\dds.com
2014-09-26 14:46 - 2014-09-26 14:46 - 00005899 _____ () C:\Users\admin\Downloads\hijackthis.log
2014-09-26 14:43 - 2014-09-26 14:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\admin\Downloads\HijackThis.exe
2014-09-25 17:17 - 2014-09-25 17:17 - 00000320 _____ () C:\Windows\PFRO.log
2014-09-25 07:02 - 2014-09-25 07:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 21:41 - 2014-10-03 22:40 - 00047768 _____ () C:\Windows\setupact.log
2014-09-24 21:41 - 2014-09-24 21:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 06:02 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 13:17 - 2014-09-21 13:17 - 00347816 _____ (Microsoft Corporation) C:\Users\admin\Downloads\MicrosoftFixit.Devices.LB.23733470743512180.1.1.Run.exe
2014-09-20 15:47 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-20 15:30 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-20 15:30 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-20 15:30 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-20 15:30 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-20 15:30 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-20 15:30 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-20 15:30 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-20 15:30 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-20 15:30 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-20 15:30 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-20 15:30 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-19 23:55 - 2014-09-19 23:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.com
2014-09-19 23:45 - 2014-09-19 23:46 - 00046878 _____ () C:\Users\admin\Downloads\Addition.txt
2014-09-19 23:44 - 2014-10-03 22:49 - 00000000 ____D () C:\FRST
2014-09-19 23:44 - 2014-09-19 23:46 - 00044801 _____ () C:\Users\admin\Downloads\FRST.txt
2014-09-19 23:43 - 2014-09-19 23:43 - 01097728 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-09-19 23:05 - 2014-09-19 23:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2014-09-19 22:57 - 2014-09-19 23:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-19 22:50 - 2014-09-19 22:56 - 10280824 _____ (SurfRight B.V.) C:\Users\admin\Downloads\hitmanpro.exe
2014-09-19 21:00 - 2014-09-19 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 20:30 - 2014-09-19 20:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-19 19:57 - 2014-09-19 20:25 - 13837892 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-19 17:16 - 2014-09-19 17:16 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-19 17:16 - 2014-09-19 17:16 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-19 17:15 - 2014-09-19 17:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-19 16:47 - 2014-09-19 17:14 - 11447608 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe
2014-09-19 15:50 - 2014-09-19 15:50 - 00000000 ____D () C:\ProgramData\Trymedia
2014-09-19 15:32 - 2014-09-19 15:32 - 00022490 _____ () C:\ComboFix.txt
2014-09-19 14:54 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-19 14:54 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-19 14:54 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-19 14:54 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-19 14:54 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-19 14:54 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-19 14:54 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-19 14:54 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-19 14:52 - 2014-09-19 15:32 - 00000000 ____D () C:\Qoobox
2014-09-19 14:50 - 2014-09-19 16:39 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 14:33 - 2014-09-19 14:50 - 05578824 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-09-19 14:32 - 2014-09-19 15:09 - 00000000 ____D () C:\AdwCleaner
2014-09-19 14:31 - 2014-09-25 09:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-09-19 14:27 - 2014-09-19 14:32 - 01373475 _____ () C:\Users\admin\Downloads\AdwCleaner.exe
2014-09-19 13:09 - 2014-09-19 13:36 - 09317168 _____ (ESET, spol. s r.o.) C:\Users\admin\Downloads\eset_sysrescue_live_creator_enu.exe
2014-09-18 21:52 - 2007-04-12 14:19 - 00129024 _____ () C:\Windows\system32\AVERM.dll
2014-09-18 21:52 - 2006-09-26 13:57 - 00028672 _____ () C:\Windows\system32\AVEQT.dll
2014-09-18 21:51 - 2014-09-18 21:51 - 10268359 _____ (Aone Software ) C:\Users\admin\Downloads\uvsplitter.exe
2014-09-16 19:04 - 2014-09-16 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVCutty 3
2014-09-16 19:04 - 2014-09-16 19:04 - 00000000 ____D () C:\Program Files\AVCutty 3
2014-09-16 19:01 - 2014-09-16 19:03 - 01007154 _____ () C:\Users\admin\Downloads\avcutty3_setup.exe
2014-09-16 18:17 - 2014-09-16 18:17 - 00009728 _____ () C:\My3DGraph.grf
2014-09-15 19:19 - 2014-09-16 18:11 - 00000000 ____D () C:\Users\admin\Downloads\The Leftovers S01E10 HDTV x264-KILLERS[ettv]
2014-09-14 13:23 - 2014-09-14 13:23 - 00001043 _____ () C:\Users\Public\Desktop\Sothink Video Converter.lnk
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sothink Video Converter
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\Program Files\Sothink Video Converter
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\Program Files\LAV Filters
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\Program Files\Haali
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\Program Files\Common Files\SourceTec
2014-09-14 13:23 - 2014-09-14 13:23 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-09-14 13:23 - 2012-07-26 13:47 - 01283584 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll
2014-09-14 13:23 - 2009-08-17 09:54 - 00278528 _____ (Real Networks, Inc) C:\Windows\system32\pncrt.dll
2014-09-14 13:21 - 2014-09-14 13:21 - 00000000 ____D () C:\Users\admin\Downloads\videoconverter
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Digiarty
2014-09-14 11:00 - 2014-09-14 11:45 - 43780304 _____ (Digiarty Software, Inc. ) C:\Users\admin\Downloads\winx-hd-converter-deluxe.exe
2014-09-11 17:12 - 2014-09-11 17:13 - 00501248 _____ (Facebook Inc.) C:\Users\admin\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-09-11 03:24 - 2014-08-20 01:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:24 - 2014-08-19 06:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:24 - 2014-08-19 06:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:24 - 2014-08-19 05:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:24 - 2014-08-19 05:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:24 - 2014-08-19 05:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:24 - 2014-08-19 05:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:24 - 2014-08-19 05:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:24 - 2014-08-19 05:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:24 - 2014-08-19 05:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:24 - 2014-08-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:24 - 2014-08-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:24 - 2014-08-19 05:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:24 - 2014-08-19 05:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:24 - 2014-08-19 05:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:24 - 2014-08-19 05:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:24 - 2014-08-19 05:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:24 - 2014-08-19 05:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:24 - 2014-08-19 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:24 - 2014-08-19 05:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:24 - 2014-08-19 05:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:24 - 2014-08-19 05:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:24 - 2014-08-19 05:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:24 - 2014-08-19 05:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:24 - 2014-08-19 05:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:24 - 2014-08-19 05:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:24 - 2014-08-19 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:24 - 2014-08-19 04:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:24 - 2014-08-19 04:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:24 - 2014-08-19 04:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:23 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 20:06 - 2014-07-07 09:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:06 - 2014-07-07 09:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:52 - 2014-09-05 09:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:52 - 2014-09-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:52 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:52 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 23:27 - 2014-09-26 20:24 - 00000000 ____D () C:\Users\admin\AppData\Roaming\AVCutty
2014-09-09 23:10 - 2014-09-09 23:10 - 00000738 _____ () C:\Users\admin\Documents\PlayList.txt
2014-09-08 22:31 - 2014-09-08 22:31 - 00000000 ___HD () C:\Users\admin\Documents\.picasaoriginals
2014-09-04 15:27 - 2014-09-04 15:27 - 00002688 _____ () C:\Users\admin\Documents\My Movie.wlmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:49 - 2011-10-23 21:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2014-10-03 22:48 - 2011-10-23 21:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-03 22:46 - 2012-02-01 20:39 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 21:54 - 2012-04-02 16:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 19:17 - 2011-10-27 21:04 - 00000000 ____D () C:\Users\admin\Documents\account files
2014-10-03 19:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 11:19 - 2013-04-02 17:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-03 09:27 - 2014-08-25 16:35 - 00000224 _____ () C:\Users\admin\BullseyeCoverageError.txt
2014-10-03 08:51 - 2013-04-28 20:01 - 01654913 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 08:44 - 2009-07-14 12:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 08:44 - 2009-07-14 12:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 08:39 - 2014-07-27 13:15 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-10-03 08:39 - 2013-11-27 23:34 - 00000000 ___RD () C:\Users\admin\Dropbox
2014-10-03 08:39 - 2013-11-27 23:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Dropbox
2014-10-03 08:38 - 2012-02-01 20:39 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 08:38 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 16:30 - 2011-10-23 16:16 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 14:23 - 2011-10-23 22:49 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-09-27 19:30 - 2013-01-21 18:07 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 20:23 - 2011-10-24 14:53 - 00014848 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-25 17:17 - 2012-04-26 06:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 21:33 - 2011-10-23 23:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-24 15:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2014-09-23 17:21 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI
2014-09-22 14:41 - 2011-10-23 22:47 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 09:46 - 2014-03-29 08:30 - 00000000 ____D () C:\Users\admin\Desktop\damiens private
2014-09-20 16:02 - 2011-10-23 16:12 - 00000000 ____D () C:\Users\admin
2014-09-20 16:01 - 2014-08-30 14:48 - 00000175 _____ () C:\Users\admin\Note for Best Viewing.txt
2014-09-20 15:50 - 2012-04-21 21:24 - 00000000 ____D () C:\Users\admin\AppData\Roaming\dvdcss
2014-09-20 15:33 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-20 06:17 - 2009-07-14 15:49 - 00000000 ____D () C:\Windows\RemotePackages
2014-09-19 16:39 - 2013-11-27 23:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 16:39 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-09-19 16:19 - 2013-10-13 01:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2014-09-19 15:32 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-09-19 15:29 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-19 15:09 - 2012-03-25 18:46 - 00000000 ____D () C:\Users\admin\AppData\Local\CRE
2014-09-19 12:35 - 2014-07-06 00:09 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-19 07:50 - 2013-11-27 23:34 - 00001017 _____ () C:\Users\admin\Desktop\Dropbox.lnk
2014-09-19 07:39 - 2011-11-10 22:27 - 00000000 ____D () C:\Users\admin\AppData\Local\MediaMonkey
2014-09-16 18:59 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-16 18:19 - 2014-08-05 23:24 - 00000000 ____D () C:\Users\Public\CineForm
2014-09-11 03:51 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:41 - 2014-05-06 16:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:25 - 2011-10-23 22:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:23 - 2013-10-07 18:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:07 - 2011-10-28 15:54 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 22:31 - 2011-11-26 10:21 - 00000308 ____H () C:\Users\admin\Documents\.picasa.ini
2014-09-04 00:50 - 2012-09-23 17:16 - 00000000 ____D () C:\Users\admin\AppData\Local\Windows Live

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhnmye.dll
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:27

==================== End Of Log ============================

 

 

2) Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by admin at 2014-10-03 22:51:56
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: ESET NOD32 Antivirus 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: ESET NOD32 Antivirus 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version:  - )
A4 TECH PC Camera H (HKLM\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aimersoft Video Converter Ultimate(Build 6.3.0.0) (HKLM\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.3.0.0 - Aimersoft Software)
Air Force Missions (HKLM\...\Air Force Missions_is1) (Version: 1.0 - MyPlayCity, Inc.)
AllGamesHome Toolbar (HKLM\...\AllGamesHome Toolbar) (Version: 1.0.26 - MyPlayCity, Inc.)
Angry Birds (HKLM\...\{73AD5A08-FCFE-44EA-9436-3F7BEAF60049}) (Version: 2.0.0 - Rovio)
Angry Birds Seasons (HKLM\...\{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}) (Version: 2.0.0 - Rovio)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arizona Rose and the Pirates' Riddles (HKLM\...\BFG-Arizona Rose and the Pirates' Riddles) (Version:  - )
AVCutty 3.5 (HKLM\...\AVCutty) (Version: 3.5 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Between the Worlds III: The Heart of the World (HKLM\...\BFG-Between the Worlds III - The Heart of the World) (Version:  - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Boilsoft Video Splitter 5.21 (HKLM\...\Boilsoft Video Splitter_is1) (Version:  - Boilsoft, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Columbus: Ghost of the Mystery Stone (HKLM\...\BFG-Columbus - Ghost of the Mystery Stone) (Version:  - )
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.3.9.27 - COMODO)
Cool VOB To WMV Converter 1.0 (HKLM\...\Cool VOB To WMV Converter_is1) (Version:  - A Software Plus)
CorelDRAW Graphics Suite X3 (HKLM\...\{63218538-4A69-497F-8455-904261B0E9E4}) (Version: 13.0 - Corel Corporation)
Counter-Strike 1.6 (HKLM\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
Crime Solitaire (HKLM\...\BFG-Crime Solitaire) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
EN (Version: 13.0 - Corel Corporation) Hidden
ESET NOD32 Antivirus (HKLM\...\{083ABCCD-D0A1-4068-A2B1-A4D06E0B9951}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FairStars CD Ripper 1.60 (HKLM\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FastStone Photo Resizer 3.1 (HKLM\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
FontNav (Version: 5.0 - Corel Corporation) Hidden
Freemake Audio Converter version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Garden Defence (HKLM\...\Garden Defence_is1) (Version: 1.0 - Media Contact LLC)
Google Chrome (HKCU\...\Google Chrome) (Version: 9.0.597.84 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hidden Wonders of the Depths (HKLM\...\BFG-Hidden Wonders of the Depths) (Version:  - )
Hoyle Miami Solitaire (HKLM\...\BFG-Hoyle Miami Solitaire) (Version:  - )
Hydrogen 0.9.6 preview release for windows (HKLM\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version:  - hydrogen-music.org)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}) (Version: 10.5.2.11 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
K-Lite Codec Pack 10.6.0 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
LAV Filters 0.51.3 (HKLM\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Medieval Defenders (HKLM\...\Medieval Defenders_is1) (Version: 1.0 - Media Contact LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modiac MP4 to DVD Converter (HKLM\...\Modiac MP4 to DVD Converter) (Version: 1.0.0.4255 - Modiac Inc.)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (32-bit) (HKLM\...\{59A385E2-3454-4CDF-B3E6-C9CF9D099F1B}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM\...\BFG-Mysteryville 2) (Version:  - )
Nero 7 Essentials (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NewBlue 3D Explosions for Windows (HKLM\...\NewBlue 3D Explosions for Windows) (Version:  - )
NewBlue 3D Transformations for Windows (HKLM\...\NewBlue 3D Transformations for Windows) (Version:  - )
NewBlue Art Blends for Windows (HKLM\...\NewBlue Art Blends for Windows) (Version:  - )
NewBlue Art Effects for Windows (HKLM\...\NewBlue Art Effects for Windows) (Version:  - )
NewBlue Film Effects for Windows (HKLM\...\NewBlue Film Effects for Windows) (Version:  - )
NewBlue Motion Blends for Windows (HKLM\...\NewBlue Motion Blends for Windows) (Version:  - )
NewBlue Motion Effects for Windows (HKLM\...\NewBlue Motion Effects for Windows) (Version:  - )
NewBlue Video Essentials for Windows (HKLM\...\NewBlue Video Essentials for Windows) (Version:  - )
Next DVD Ripper 3.61 (HKLM\...\{8D793292-FC22-43BA-8D85-7FDC25D963C9}_is1) (Version:  - NextVideoSoft, Inc.)
PandoraRecovery (Remove Only) (HKLM\...\PandoraRecovery) (Version:  - )
Phenomenon: Meteorite (HKLM\...\BFG-Phenomenon - Meteorite) (Version:  - )
Phenomenon: Outcome (HKLM\...\BFG-Phenomenon - Outcome) (Version:  - )
Photo Gadget (HKLM\...\Photo Gadget_is1) (Version:  - XemiComputers)
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate Bay (HKLM\...\Pirate Bay_is1) (Version:  - My Real Games Ltd)
Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM\...\{6F26A633-ACC2-4850-82C5-60A06D606175}) (Version: 3.1.20.06241 - Sony Corporation)
Quick Screen Capture 3.0 (HKLM\...\Quick Screen Capture 3.0_is1) (Version: 3.0 - Etru Software Development)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
RemoteComms External Disk Access (HKLM\...\{04FCD5DE-1662-4F99-BDA9-C57212113EF2}) (Version: 1.25.0003 - PLX Technology)
Royal Defence (HKLM\...\Royal Defence_is1) (Version: 1.0 - Media Contact LLC)
Seven Seas Solitaire (HKLM\...\BFG-Seven Seas Solitaire) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sothink Video Converter (HKLM\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steve the Sheriff 2: The Case of the Missing Thing ™ (HKLM\...\BFG-Steve the Sheriff - The Case of the Missing Thing) (Version:  - )
The Chronicles of Emerland Solitaire (HKLM\...\BFG-The Chronicles of Emerland Solitaire) (Version:  - )
The Juicer (HKLM\...\The Juicer_is1) (Version: 1.0 - MyPlayCity, Inc.)
The Ultimate Christmas Puzzler (HKLM\...\BFG-The Ultimate Christmas Puzzler) (Version:  - )
Trio The Great Settlement (HKLM\...\Trio The Great Settlement_is1) (Version:  - My Real Games Ltd)
Unfinished Tales: Illicit Love (HKLM\...\BFG-Unfinished Tales - Illicit Love) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VBA (Version: 6.2 - Corel Corporation) Hidden
Vegas Pro 9.0 (HKLM\...\{56415658-366E-4E28-A6BD-68EC63E560E0}) (Version: 9.0.896 - Sony)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wise Folder Hider 2.02 (HKLM\...\Wise Folder Hider_is1) (Version: 2.02 - WiseCleaner.com, Inc.)
Wizard Land (HKLM\...\BFG-Wizard Land) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2800754329-4022657711-1508411351-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

20-09-2014 19:01:03 Windows Update
21-09-2014 11:00:12 Windows Backup
23-09-2014 22:39:09 Windows Update
27-09-2014 07:36:54 Windows Update
28-09-2014 11:00:22 Windows Backup
30-09-2014 21:31:59 Windows Update
01-10-2014 16:09:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2014-09-19 15:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3C9BC673-BA33-4CB9-8308-0FC236639563} - System32\Tasks\{5F5C30BD-99CF-467C-812E-7FB0F446EF3A} => Firefox.exe
Task: {48DE834C-1A12-48C2-B82C-06CCEBE683A9} - System32\Tasks\{B1D315AE-5124-4A5D-83F3-DAE3D0C4A199} => C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe [2005-12-07] (Corel Corporation)
Task: {4AFF11AE-4B11-4271-A191-FA325997EB25} - System32\Tasks\{C687C55D-65AE-4FAA-9724-6C1EBA04F339} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {58C604CB-3225-4D75-906A-DED7581FDC56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {61182A69-84D6-4D52-963E-080EDB40CC83} - System32\Tasks\{D4E0DD28-1B1B-4859-9998-151F439B677A} => Firefox.exe
Task: {6A914423-3FF7-46F7-955D-56BF5FE85180} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {6C31D6DB-CB27-4D44-8832-5F30261A34AA} - System32\Tasks\{AAF51D1F-F77D-48A9-9EAA-F61A82E0E480} => C:\Users\admin\Downloads\DaVinci_Resolve_Lite_11.0b1_Windows\DaVinci_Resolve_Lite_11.0b1_Windows.exe [2014-06-24] (Blackmagic Design)
Task: {780A7CEF-86F8-4D07-9E17-2F64E7692AF8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E517892-0B1D-42BC-89D1-8F9CA8D0E578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)
Task: {96EC41A5-E644-49F7-866B-9E08C80C5B5A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9B8712E0-6C1C-4B90-8A6F-429A35D98A55} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {D55FD7B7-A1C2-4860-9D02-1B67E0CADCB8} - System32\Tasks\{8342865A-20DC-4632-8E10-1A618981F50D} => C:\Users\admin\AppData\Local\Temp\Rar.597\Patch\AxLaUn.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-19 07:26 - 2014-09-19 07:26 - 02405376 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-09-19 07:26 - 2014-09-19 07:26 - 01819648 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-03 08:39 - 2014-10-03 08:39 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhnmye.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 07:03 - 2014-09-25 07:03 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-01 10:53 - 2014-02-27 14:34 - 00140936 _____ () C:\Program Files\Wise\Wise Folder Hider\FsInstaller.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:04D30F4C
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:20EB6823
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:54F257C0
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:74B9EA7F
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B0729CDB
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:F1174C93
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: COSService.exe => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SEVPNCLIENT => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SOHDms => 2
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: SynchronizationService.exe => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe

========================= Accounts: ==========================

admin (S-1-5-21-2800754329-4022657711-1508411351-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2800754329-4022657711-1508411351-500 - Administrator - Disabled)
Guest (S-1-5-21-2800754329-4022657711-1508411351-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2800754329-4022657711-1508411351-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VIA 1394 OHCI Compliant Host Controller
Description: VIA 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: VIA
Service: 1394ohci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 03:03:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 03:03:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 03:03:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 03:02:55 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/03/2014 03:01:26 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (10/03/2014 01:14:37 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (10/03/2014 00:10:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 00:10:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 00:10:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 00:08:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (10/03/2014 08:38:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (10/02/2014 04:34:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (10/02/2014 05:24:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (10/01/2014 00:52:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (09/30/2014 04:51:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (09/30/2014 04:51:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:50:09 PM on ‎9/‎30/‎2014 was unexpected.

Error: (09/30/2014 04:46:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/30/2014 02:35:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2

Error: (09/30/2014 05:45:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B366DEBE-645B-43A5-B865-DDD82C345492}

Error: (09/30/2014 05:42:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Eset Trial Reset service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 61%
Total physical RAM: 1999.59 MB
Available physical RAM: 771.52 MB
Total Pagefile: 3999.17 MB
Available Pagefile: 2146.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:204.98 GB) (Free:35.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BAck_up_Here) (Fixed) (Total:260.68 GB) (Free:116.77 GB) NTFS
Drive e: (DVDVOLUME) (CDROM) (Total:0.49 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:1.88 GB) (Free:1.31 GB) FAT
Drive g: (MSI HDD) (Fixed) (Total:465.65 GB) (Free:178.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B18FB18F)
Partition 1: (Not Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=205 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=260.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: F7BBEAA9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

3) System Summary Information in attachment.

 

Attached File  Summary.zip   270.23KB   1 downloads

 

 

Thanks a lot for your help.

 

Rob



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 03 October 2014 - 12:15 PM

Greetings Rob.

Thank you for all the information. A few things to make note of then we are going to do a bit of work in this first post.

Can you tell me if it sounds reasonable that your Internet provider is located in the Phillipines?

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I recommend uninstalling Spybot Search & Destroy at least while we are addressing your issues. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove ESET via Add/Remove Programs, or Programs and Features in the Control Panel or disable Micorsoft Security Essentials.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
S2 .EsetTrialReset; C:\Windows\reset.exe /s [X]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhnmye.dll
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
Task: {D55FD7B7-A1C2-4860-9D02-1B67E0CADCB8} - System32\Tasks\{8342865A-20DC-4632-8E10-1A618981F50D} => C:\Users\admin\AppData\Local\Temp\Rar.597\Patch\AxLaUn.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:04D30F4C
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:20EB6823
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:54F257C0
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:74B9EA7F
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B0729CDB
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:F1174C93
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 October 2014 - 01:16 PM

Hi Gary,

 

Thank you very much for your help and advices.

 

My internet provider is indeed located in the Philippines.

 

I have removed Spybot and disabled Microsoft Security Essentials.

 

Here are the logs you requested.

 

 

AdwCleaner log

 

I actually have 2 AdwCleaner logs - one for "scan" and one for "clean". I'll post both below:

 

log 1

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 01:41:13
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\Trymedia

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4780tjln.default-1409054229779\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2776682
Found [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=452&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [20871 octets] - [19/09/2014 15:06:40]
AdwCleaner[R1].txt - [1143 octets] - [04/10/2014 01:41:13]
AdwCleaner[S0].txt - [21086 octets] - [19/09/2014 15:08:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1264 octets] ##########
 

log 2

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 01:42:52
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4780tjln.default-1409054229779\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2776682
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=452&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [20871 octets] - [19/09/2014 15:06:40]
AdwCleaner[R1].txt - [1344 octets] - [04/10/2014 01:41:13]
AdwCleaner[S0].txt - [21086 octets] - [19/09/2014 15:08:35]
AdwCleaner[S1].txt - [1271 octets] - [04/10/2014 01:42:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1331 octets] ##########

 

 

Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Ultimate x86
Ran by admin on Sat 10/04/2014 at  1:48:30.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFBBF4FA-E86E-4AFF-9B6E-2C03AC2D005D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E04DD2DB-E704-4724-BE97-1412CB9DAA17}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\admin\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\4780tjln.default-1409054229779\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/04/2014 at  1:50:39.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by admin at 2014-10-04 01:54:07 Run:1
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
S2 .EsetTrialReset; C:\Windows\reset.exe /s [X]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhnmye.dll
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
Task: {D55FD7B7-A1C2-4860-9D02-1B67E0CADCB8} - System32\Tasks\{8342865A-20DC-4632-8E10-1A618981F50D} => C:\Users\admin\AppData\Local\Temp\Rar.597\Patch\AxLaUn.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:04D30F4C
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:20EB6823
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:54F257C0
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:74B9EA7F
AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B0729CDB
AlternateDataStreams: C:\ProgramData\TEMP:B61767F5
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:F1174C93
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0
EmptyTemp:
*****************

"HKCR\PROTOCOLS\Handler\WSAMVCUchrome" => Key deleted successfully.
.EsetTrialReset => Service deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => Moved successfully.
"C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhnmye.dll" => File/Directory not found.
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D55FD7B7-A1C2-4860-9D02-1B67E0CADCB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D55FD7B7-A1C2-4860-9D02-1B67E0CADCB8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8342865A-20DC-4632-8E10-1A618981F50D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8342865A-20DC-4632-8E10-1A618981F50D}" => Key deleted successfully.
C:\ProgramData\TEMP => ":04D30F4C" ADS removed successfully.
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\ProgramData\TEMP => ":0ADCCF52" ADS removed successfully.
C:\ProgramData\TEMP => ":20EB6823" ADS removed successfully.
C:\ProgramData\TEMP => ":25249477" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":3B812EE0" ADS removed successfully.
C:\ProgramData\TEMP => ":3DB6F365" ADS removed successfully.
C:\ProgramData\TEMP => ":54F257C0" ADS removed successfully.
C:\ProgramData\TEMP => ":639F0420" ADS removed successfully.
C:\ProgramData\TEMP => ":74B9EA7F" ADS removed successfully.
C:\ProgramData\TEMP => ":A42FABF7" ADS removed successfully.
C:\ProgramData\TEMP => ":AA93EFD3" ADS removed successfully.
C:\ProgramData\TEMP => ":AE75CCC8" ADS removed successfully.
C:\ProgramData\TEMP => ":B0729CDB" ADS removed successfully.
C:\ProgramData\TEMP => ":B61767F5" ADS removed successfully.
C:\ProgramData\TEMP => ":B65E763D" ADS removed successfully.
C:\ProgramData\TEMP => ":EC752217" ADS removed successfully.
C:\ProgramData\TEMP => ":F1174C93" ADS removed successfully.
C:\ProgramData\TEMP => ":F9EDCFB0" ADS removed successfully.
EmptyTemp: => Removed 401.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

My computer appears to work normally at this point.

 

Again,thank you very much,

Rob


Edited by Robdam, 03 October 2014 - 01:16 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 03 October 2014 - 01:19 PM

Hi Rob,

Very good. Let's run another program please.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 October 2014 - 01:24 PM

Hi Gary,

 

I will run the above tomorrow and post the log - it's 2.30am here and I'm getting up to work in 4 hours, gotta crash.

 

Thanks a lot,

Rob



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 03 October 2014 - 01:25 PM

No problem. G'nite....
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 October 2014 - 10:03 AM

Hi Gary,

 

Here's the Combofix log:

 

 

ComboFix 14-10-04.01 - admin 10/04/2014  22:39:46.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2000.1087 [GMT 8:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Temp\VPN_6DAE\9218E5A4.dll
c:\users\admin\AppData\Local\Temp\VPN_77F1\9218E5A4.dll
c:\windows\TEMP\VPN_552C\9218E5A4.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-04 to 2014-10-04  )))))))))))))))))))))))))))))))
.
.
2014-10-04 14:49 . 2014-10-04 14:49    --------    d-----w-    c:\users\wangjihua\AppData\Local\temp
2014-10-04 14:49 . 2014-10-04 14:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-04 10:31 . 2014-09-08 10:24    8806800    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8439E2F7-50C7-475D-AB73-7F52365CF8A7}\mpengine.dll
2014-10-03 17:48 . 2014-10-03 17:48    --------    d-----w-    c:\windows\ERUNT
2014-10-03 17:42 . 2010-08-30 00:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-10-03 00:51 . 2014-09-08 10:24    8806800    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-01 21:42 . 2014-09-19 09:53    908840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C0BFDD-CE26-4938-A2E4-8A77B3349575}\gapaengine.dll
2014-10-01 05:01 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-28 16:43 . 2014-09-28 16:46    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-28 16:42 . 2014-09-28 16:42    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-28 16:42 . 2014-05-11 23:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-28 16:42 . 2014-05-11 23:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-28 16:42 . 2014-05-11 23:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-24 09:47 . 2014-09-19 09:53    908840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-23 22:02 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-20 07:47 . 2014-01-09 02:22    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-09-20 07:30 . 2013-10-01 23:45    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-09-20 07:30 . 2013-10-02 00:32    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-20 07:30 . 2013-10-02 00:42    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-09-20 07:30 . 2013-10-02 00:30    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-20 07:30 . 2013-10-02 00:14    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-09-20 07:30 . 2013-10-02 00:14    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-09-20 07:30 . 2013-10-01 23:58    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-09-20 07:30 . 2013-10-01 23:08    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-09-20 07:30 . 2013-10-01 23:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-09-20 07:30 . 2013-10-01 22:53    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-09-20 07:30 . 2013-10-01 22:34    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-09-19 15:44 . 2014-10-03 17:55    --------    d-----w-    C:\FRST
2014-09-19 14:57 . 2014-09-19 15:05    --------    d-----w-    c:\programdata\HitmanPro
2014-09-19 13:00 . 2014-09-19 13:00    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-19 09:15 . 2014-09-19 09:16    --------    d-----w-    c:\program files\Microsoft Security Client
2014-09-19 09:14 . 2014-09-09 01:24    8806800    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FDEAB5E-9F5A-447B-9ABA-4DE46DA7C341}\mpengine.dll
2014-09-19 06:32 . 2014-10-03 17:42    --------    d-----w-    C:\AdwCleaner
2014-09-18 23:26 . 2014-09-18 23:26    1819648    ----a-w-    c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-18 13:52 . 2007-04-12 06:19    129024    ----a-w-    c:\windows\system32\AVERM.dll
2014-09-18 13:52 . 2006-09-26 05:57    28672    ----a-w-    c:\windows\system32\AVEQT.dll
2014-09-16 11:04 . 2014-09-16 11:04    --------    d-----w-    c:\program files\AVCutty 3
2014-09-14 05:23 . 2014-09-14 05:23    --------    d-----w-    c:\program files\LAV Filters
2014-09-14 05:23 . 2014-09-14 05:23    --------    d-----w-    c:\program files\Haali
2014-09-14 05:23 . 2014-09-14 05:23    --------    d-----w-    c:\program files\AviSynth 2.5
2014-09-14 05:23 . 2012-07-26 05:47    1283584    ----a-w-    c:\windows\system32\VSFilter.dll
2014-09-14 05:23 . 2014-09-14 05:23    --------    d-----w-    c:\program files\Sothink Video Converter
2014-09-14 05:23 . 2014-09-14 05:23    --------    d-----w-    c:\program files\Common Files\SourceTec
2014-09-14 05:17 . 2014-09-14 05:17    --------    d-----w-    c:\users\admin\AppData\Roaming\Digiarty
2014-09-10 19:23 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 12:06 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 12:06 . 2014-07-07 01:40    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 11:52 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 11:52 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 11:52 . 2014-09-05 01:52    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-10 11:52 . 2014-09-05 01:47    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-09 15:27 . 2014-09-26 12:24    --------    d-----w-    c:\users\admin\AppData\Roaming\AVCutty
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2011-10-23 14:47    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-30 02:55 . 2012-04-02 08:26    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-30 02:55 . 2011-10-23 14:50    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 21:50 . 2012-07-17 06:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-27 22:28    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-27 22:28    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-07-27 05:17 . 2014-07-27 05:17    26208    ----a-w-    c:\windows\system32\drivers\Neo_0003.sys
2014-07-27 05:15 . 2014-07-27 05:15    133688    ----a-w-    c:\windows\system32\vpncmd.exe
2014-07-24 18:35 . 2014-07-24 18:35    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 08:09 . 2014-07-24 08:09    78816    ----a-w-    c:\windows\system32\drivers\bdisk.sys
2014-07-24 08:09 . 2014-07-24 08:09    573344    ----a-w-    c:\windows\system32\drivers\CBreparse.sys
2014-07-24 08:09 . 2014-07-24 08:09    571144    ----a-w-    c:\windows\system32\drivers\cbvd.sys
2014-07-24 08:09 . 2014-07-24 08:09    277472    ----a-w-    c:\windows\system32\drivers\CBUFS.sys
2014-07-20 09:10 . 2014-07-20 09:10    0    ---ha-w-    c:\users\admin\AppData\Local\BITE251.tmp
2014-07-17 10:05 . 2014-07-17 10:05    95920    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 10:05 . 2014-07-17 10:05    231800    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-07-14 01:42 . 2014-08-13 21:46    654336    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-09 01:29 . 2014-08-13 21:43    6144    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29 . 2014-08-13 21:43    6144    ----a-w-    c:\windows\system32\KBDBASH.DLL
2012-08-25 22:48 . 2012-08-25 22:42    22657136    ----a-w-    c:\program files\vlc-2.0.2-win32.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-09-18 23:26    2405376    ----a-w-    c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveIconOverlay]
@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"
[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]
2014-07-24 08:09    6150336    ----a-w-    c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemInSyncIconOverlay]
@="{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}"
[HKEY_CLASSES_ROOT\CLSID\{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}]
2014-07-24 08:09    6150336    ----a-w-    c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemModifiedIconOverlay]
@="{AE67D273-7253-4236-B55E-D40055B305D6}"
[HKEY_CLASSES_ROOT\CLSID\{AE67D273-7253-4236-B55E-D40055B305D6}]
2014-07-24 08:09    6150336    ----a-w-    c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemNewIconOverlay]
@="{022F23E9-DA0F-4A86-A728-CAF6150C0B63}"
[HKEY_CLASSES_ROOT\CLSID\{022F23E9-DA0F-4A86-A728-CAF6150C0B63}]
2014-07-24 08:09    6150336    ----a-w-    c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemUnsynchronizedIconOverlay]
@="{4D7EE7CF-E7A1-45FE-8F80-3A37574918D7}"
[HKEY_CLASSES_ROOT\CLSID\{4D7EE7CF-E7A1-45FE-8F80-3A37574918D7}]
2014-07-24 08:09    6150336    ----a-w-    c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\admin\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-30 1270352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient.exe" [2014-09-28 3544632]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr.exe /startup [2014-9-28 3735608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
backup=c:\windows\pss\CineForm Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
backup=c:\windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe]
2013-05-29 07:50    1734144    ----a-w-    c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42    33120    ----a-w-    c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 11:51    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelaypluginInstall]
2014-05-16 08:00    1953792    ----a-w-    c:\programdata\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-07-04 06:16    49152    ----a-w-    c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-12-04 07:48    1728512    ----a-r-    c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 06:26    171032    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 06:26    137752    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 03:30    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 03:30    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 17:36    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 02:57    153136    ----a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 06:26    172568    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2014-06-24 06:30    2557976    ----a-w-    c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 08:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper]
2014-09-28 15:34    3544632    ----a-w-    c:\program files\SoftEther VPN Client\vpnclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 04:41    254896    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 08:15    49152    ----a-w-    c:\windows\vmsnap3.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1343400]
R4 COSService.exe;COMODO Online Storage Service;c:\program files\COMODO\COMMON\COSService.exe [2014-07-24 3083968]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2014-06-24 481304]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R4 SOHDms;Sony Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16 495248]
R4 SOHDs;Sony Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-12-03 79000]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2011-12-01 230560]
R4 SynchronizationService.exe;COMODO BackUp Service;c:\program files\COMODO\COMMON\SynchronizationService.exe [2014-07-24 2793664]
S0 bdisk;Comodo Disk Raw Access Filter;c:\windows\system32\DRIVERS\bdisk.sys [2014-07-24 78816]
S0 CBUFS;CBUFS;c:\windows\system32\DRIVERS\CBUFS.sys [2014-07-24 277472]
S0 cbvd;Comodo Backup Virtual Disk;c:\windows\system32\DRIVERS\cbvd.sys [2014-07-24 571144]
S0 Reparse;Reparse;c:\windows\system32\DRIVERS\CBReparse.sys [2014-07-24 573344]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-06-26 691696]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 103112]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient.exe [2014-09-28 3544632]
S2 WiseFS;WiseFS;c:\program files\Wise\Wise Folder Hider\WiseFs32.sys [2014-03-14 9256]
S3 Neo_rob;VPN Client Device Driver - rob;c:\windows\system32\DRIVERS\Neo_0003.sys [2014-07-27 26208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\DRIVERS\vdbus.sys [2014-05-01 710328]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-06-23 480128]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys [2007-05-15 1472768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:55]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 12:39]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 12:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4780tjln.default-1409054229779\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2176)
c:\program files\COMODO\COMMON\ShellExtension.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\SoftEther VPN Client\vpncmgr.exe
c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2014-10-04  22:56:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-04 14:56
.
Pre-Run: 39,178,825,728 bytes free
Post-Run: 38,617,739,264 bytes free
.
- - End Of File - - A3213D884AF2087222916820069F94C8
A36C5E4F47E84449FF07ED3517B43A31

 

 

Note:

 

I don'tknow how relevant it is but, for your information, when Combofix started it also started SoftEther VPN Client which is installed on my computer.

 

 

Rob
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 04 October 2014 - 01:24 PM

Greetings Rob,

Thanks for the information. Please do these things.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 October 2014 - 10:32 PM

Hi Gary,
 
Eset Online Scanner didn't find any malware so no log.
 
Here's the log from Screen317's Security Check:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
ESET NOD32 Antivirus 5.2        
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java™ 6 Update 37  
 Java version out of Date!
  Adobe Flash Player     14.0.0.179 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
 Google Chrome 9.0.597.84  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 04 October 2014 - 10:36 PM

Excellent,

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Update Adobe Flash Player

--------------------

Please update your Adobe Flash Player to the latest version
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were the updates successful?
  • Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Robdam

Robdam
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 05 October 2014 - 02:13 AM

Hi Gary,

 

The updates were successful, everything seems to be working fine.

 

Thank you very much for your help.

 

Rob






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users