Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe com surrogate attacking my machine


  • This topic is locked This topic is locked
29 replies to this topic

#1 skythemonkey666

skythemonkey666

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 20 October 2014 - 04:18 AM

I havent started any actions towards cleaning my machine as it started tonight. help please.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 20 October 2014 - 11:38 AM





Hello skythemonkey666

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 21 October 2014 - 12:15 AM

here are the files you requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by JBrown (administrator) on JBROWN-PC on 20-10-2014 22:11:18
Running from C:\Users\JBrown\Desktop
Loaded Profile: JBrown (Available profiles: JBrown)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe
() C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Akamai Technologies, Inc.) C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kensington Technology Group) C:\Windows\SysWOW64\kmw_run.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [BestSpywareScanner.exe] => C:\Program Files (x86)\Best Spyware Scanner\BestSpywareScanner.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [kmw_run.exe] => kmw_run.exe
HKLM-x32\...\Run: [MSWheel] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [Akamai NetSession Interface] => C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-17] (Google Inc.)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [MPOptimizer] => "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [Amazon Music] => C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [DriverMax_RESTART] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8780152 2014-09-30] (Innovative Solutions)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87612AFABF6DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearch.net/search?q={searchTerms}&utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearch.net/search?q={searchTerms}&utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {40E04A17-E0EB-46f8-8D61-EF7B4E68E9C7} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {40E04A17-E0EB-46f8-8D61-EF7B4E68E9C7} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: IEHlprObjClass -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.safesearch.net/?utm_medium=ch&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988"
CHR Profile: C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [265728 2010-09-06] (AVEO Corp)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 KMW_KBD; C:\Windows\SysWOW64\DRIVERS\KMW_KBD.sys [5760 2005-09-01] (Kensington Technology Group) [File not signed]
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [22856 2013-03-21] (Christian Gulden)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-08-30] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 22:11 - 2014-10-20 22:11 - 00016258 _____ () C:\Users\JBrown\Desktop\FRST.txt
2014-10-20 22:11 - 2014-10-20 22:11 - 00000000 ____D () C:\FRST
2014-10-20 14:40 - 2014-10-20 14:40 - 02110976 _____ (Farbar) C:\Users\JBrown\Desktop\FRST64.exe
2014-10-20 14:21 - 2014-10-20 14:22 - 00006066 _____ () C:\Users\JBrown\Desktop\surrogate.txt
2014-10-20 04:52 - 2014-10-20 04:52 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-19 22:39 - 2014-10-19 22:39 - 00003204 _____ () C:\Windows\System32\Tasks\{8D9B67AE-4349-4DF8-B91A-D872CC6E8ED4}
2014-10-18 19:21 - 2014-10-18 19:21 - 00049152 _____ () C:\Users\JBrown\AppData\Roaming\zuxths.dll
2014-10-18 19:21 - 2014-10-18 19:21 - 00039424 _____ () C:\Users\JBrown\AppData\Roaming\cfyfk.dll
2014-10-18 19:21 - 2014-10-18 19:21 - 00004048 _____ () C:\Windows\System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F}
2014-10-18 19:21 - 2014-10-18 19:21 - 00000000 _____ () C:\Users\JBrown\AppData\Roaming\oymoo.dll
2014-10-15 12:30 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:30 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:30 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:30 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-05 22:05 - 2012-09-23 05:17 - 00021160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys
2014-10-03 22:26 - 2014-05-28 23:28 - 00688648 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2014-10-03 22:26 - 2014-05-28 23:28 - 00030728 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2014-10-03 22:26 - 2014-05-08 21:02 - 03300528 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2014-10-03 22:26 - 2014-04-28 21:52 - 01999640 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2014-10-03 22:26 - 2014-04-28 21:52 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2014-10-03 22:26 - 2014-02-26 20:54 - 01986048 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2014-10-03 22:26 - 2014-02-26 17:54 - 00876544 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-10-03 22:26 - 2013-07-22 20:41 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2014-10-03 22:26 - 2012-12-12 00:01 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2014-10-03 22:20 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-10-03 22:20 - 2014-09-16 00:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-10-03 22:20 - 2014-09-16 00:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-10-03 22:20 - 2014-09-16 00:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-10-03 22:20 - 2014-09-16 00:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-10-03 22:20 - 2014-09-16 00:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-03 22:20 - 2014-09-16 00:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-03 22:20 - 2014-09-16 00:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-10-03 22:20 - 2014-09-16 00:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-10-03 22:20 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-10-03 22:20 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-10-03 22:20 - 2014-09-16 00:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-10-03 22:20 - 2014-09-16 00:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-10-03 22:20 - 2014-09-16 00:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-10-03 22:20 - 2014-09-16 00:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-10-03 22:20 - 2014-09-16 00:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-10-03 22:20 - 2014-09-15 23:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-10-03 22:20 - 2014-09-15 23:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-10-03 22:20 - 2014-09-02 08:26 - 00759301 _____ () C:\Windows\system32\amdicdxx.dat
2014-10-03 22:20 - 2014-08-31 16:58 - 00322868 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-10-03 22:20 - 2014-08-31 16:56 - 00321200 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-10-03 22:20 - 2014-08-28 23:52 - 00157224 _____ () C:\Windows\system32\amde31a.dat
2014-10-03 22:20 - 2014-08-28 18:58 - 00158928 _____ () C:\Windows\system32\ativce03.dat
2014-10-03 22:20 - 2014-08-14 22:19 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-10-03 22:20 - 2014-07-15 17:54 - 00290080 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2014-10-03 22:20 - 2014-07-02 20:40 - 00234164 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-10-03 22:20 - 2014-07-02 20:38 - 00232752 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-10-01 21:55 - 2014-10-01 21:55 - 00000000 ____D () C:\Users\JBrown\AppData\Roaming\RHEng
2014-09-25 15:25 - 2014-09-25 15:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-25 15:24 - 2014-09-25 15:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-25 15:24 - 2014-09-25 15:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-25 15:24 - 2014-09-25 15:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-25 15:24 - 2014-09-25 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 21:57 - 2010-10-17 02:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 21:17 - 2012-08-16 03:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 21:16 - 2013-11-03 20:16 - 00000294 _____ () C:\Windows\Tasks\Dealply.job
2014-10-20 20:45 - 2010-10-18 22:19 - 00000000 ____D () C:\Users\JBrown\Downloads\Erins stuff
2014-10-20 18:57 - 2010-10-17 02:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 18:26 - 2010-10-16 23:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 16:36 - 2010-10-17 10:07 - 01807174 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 14:43 - 2012-03-12 21:18 - 00000000 ____D () C:\Users\JBrown\AppData\Roaming\Hoyle Puzzle and Board Games
2014-10-20 14:16 - 2009-07-13 21:45 - 00020320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 14:16 - 2009-07-13 21:45 - 00020320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:56 - 2013-03-09 19:07 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EBE9A6B-3764-41CF-B9E5-595633510131}
2014-10-20 13:53 - 2014-08-17 10:22 - 00002582 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2014-10-20 13:53 - 2014-08-17 10:22 - 00000306 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2014-10-20 13:53 - 2013-06-07 23:52 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-10-20 13:53 - 2013-06-02 18:23 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-10-20 13:52 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 13:52 - 2009-07-13 21:51 - 00068932 _____ () C:\Windows\setupact.log
2014-10-20 01:29 - 2011-06-15 17:29 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 00:31 - 2014-04-20 17:32 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Battle.net
2014-10-20 00:16 - 2014-07-20 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 00:08 - 2010-10-16 22:02 - 00094760 _____ () C:\Windows\PFRO.log
2014-10-20 00:08 - 2009-07-13 21:45 - 00409160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 23:23 - 2010-10-17 03:03 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Windows Live
2014-10-19 23:22 - 2010-10-16 19:19 - 00109952 _____ () C:\Users\JBrown\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 22:42 - 2010-10-16 19:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-19 22:37 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-19 22:36 - 2010-10-17 02:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-19 22:35 - 2012-12-28 06:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 22:33 - 2009-07-14 00:45 - 00000000 ____D () C:\Windows\ShellNew
2014-10-19 22:33 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-10-19 22:31 - 2009-07-13 19:34 - 00000427 _____ () C:\Windows\win.ini
2014-10-19 22:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-19 22:04 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\Setup
2014-10-19 18:52 - 2010-10-17 02:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 18:52 - 2010-10-17 02:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 10:32 - 2010-10-16 19:07 - 00000000 ____D () C:\Users\JBrown
2014-10-19 10:24 - 2009-07-13 22:08 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 19:21 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-17 00:11 - 2014-04-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-15 19:12 - 2014-07-30 05:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 19:11 - 2013-08-04 17:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 19:06 - 2010-10-16 21:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 19:05 - 2010-10-17 03:32 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-10-13 07:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-05 22:05 - 2012-03-09 17:12 - 00377652 _____ () C:\Windows\DPINST.LOG
2014-10-01 21:55 - 2012-03-09 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2014-09-25 15:26 - 2013-10-20 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 15:24 - 2013-06-30 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-24 20:37 - 2014-04-20 17:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-24 20:36 - 2012-05-15 01:39 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-24 00:17 - 2012-08-16 03:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 00:17 - 2012-04-04 18:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 00:17 - 2011-06-15 03:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 23:11 - 2014-07-18 21:20 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Adobe
2014-09-22 21:07 - 2011-06-19 08:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Some content of TEMP:
====================
C:\Users\JBrown\AppData\Local\Temp\BRSVC_1102973_hlp.exe
C:\Users\JBrown\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JBrown\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\JBrown\AppData\Local\Temp\ose00000.exe
C:\Users\JBrown\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:49

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01
Ran by JBrown at 2014-10-20 22:11:59
Running from C:\Users\JBrown\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ATI AVIVO64 Codecs (Version: 10.10.0.40918 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Browser Configuration Utility (HKLM-x32\...\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}) (Version: 1.0.10.0 - DeviceVM Inc.) <==== ATTENTION
CardGames2011 (HKLM-x32\...\{7CBB1E21-8B17-4A7B-9598-F73F38DB2A2D}) (Version: 1.00.0000 - Phantom EFX)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
CCS64 V3.8 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
Character and Starship Creator (HKLM-x32\...\InstallShield_{17FF7B21-A872-429C-9331-5883ACD12EE8}) (Version: 1.04.0000 - Westwood Studios)
Character and Starship Creator (x32 Version: 1.04.0000 - Westwood Studios) Hidden
Classic Menu for Office 2007 v6.05 (HKLM-x32\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: 6.05 - Addintools)
Colossus (HKCU\...\Colossus) (Version:  - Colossus dev team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.42.0.665 - Innovative Solutions)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.4.15.WIN.FullTilt.COM - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\{B14C3F95-9427-423C-A124-46301242DD58}) (Version: 1.00.0000 - Encore)
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington MouseWorks (HKLM-x32\...\{4C78937F-0C8E-11D9-A3EB-0001025FA304}) (Version: 6.11.4.1 - Kensington Technology Group)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
Patch (HKLM-x32\...\{1F67E172-A1B5-4157-AA22-77118066A90A}) (Version: 1.00.0000 - Phantom EFX)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3650681831-2466265877-3819662716-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

19-10-2014 17:01:31 Windows 7 Service Pack 1
20-10-2014 05:39:17 Configured Earth & Beyond
20-10-2014 11:51:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04129B63-E99F-4B08-AEFA-899793E4C359} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{F8E807FD-4469-4B7E-81E5-C162719B8524}.exe
Task: {081980A4-A4A3-4B17-B7F0-4757C14DB8AF} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {3182F43D-EA36-4695-B4BC-FDC045060A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {32CE6BE8-FD3F-41F2-8B42-08CCD69F67BD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2010-08-30] ()
Task: {401D4F6A-44C7-4192-B2B0-A29E26CAEBD6} - \Dealply No Task File <==== ATTENTION
Task: {44714B0D-8BBC-4FAB-B96B-CD624BD41985} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {48678591-1A53-4552-B105-5651A7C00CF6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {4F641808-5BF3-4D3A-B485-D3830140897B} - System32\Tasks\{7B3270EF-D88F-44DB-A221-26B42F38F90B} => C:\Program Files (x86)\EA GAMES\Earth &amp; Beyond\e&amp;b.exe
Task: {4F94E6EC-FDF3-4447-9D21-34D6F0652887} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-09-30] (Innovative Solutions)
Task: {697450CD-9F8B-4A41-935F-E782179FBCDB} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{227456DD-C2F1-499C-AF0C-9E70C8622921}.exe
Task: {6ADDF472-0D40-4C54-9313-FB09FCF71AA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {79E84041-52E2-433F-AEE2-E51BA8C80543} - System32\Tasks\4775 => Wscript.exe C:\Users\JBrown\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {7B0ABE25-99C1-4182-8584-06874595B32C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {80C58C76-A420-4D0B-AE04-1D7460A3D526} - System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F} => C:\Users\JBrown\AppData\Roaming\zuxths.dll [2014-10-18] () <==== ATTENTION
Task: {996EDA0B-8A11-46E2-B40B-1B8FAE85AEDE} - System32\Tasks\{B4556A3F-40AB-4379-A085-34B6865A9A2E} => Iexplore.exe http://ui.skype.com/ui/0/6.1.73.129.457/en/abandoninstall?page=tsWLM
Task: {D327BD77-F824-4A0D-ABF3-EE3BF6B4238F} - System32\Tasks\{0E1EF687-B81B-45BD-BC94-3A57AB460DF6} => C:\Program Files (x86)\EA GAMES\Earth &amp; Beyond\e&amp;b.exe
Task: {F97AA05F-DEFA-4EB9-8134-BD830C9EAD78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{F8E807FD-4469-4B7E-81E5-C162719B8524}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{227456DD-C2F1-499C-AF0C-9E70C8622921}.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\JBrown\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-30 20:04 - 2010-08-30 20:04 - 00355640 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-06-23 20:35 - 2014-07-01 11:58 - 03162944 _____ () C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-16 19:11 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2010-10-16 19:11 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2010-10-16 19:11 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-10-16 19:11 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2010-08-30 03:13 - 2010-08-30 03:13 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00139264 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2010-08-30 00:25 - 2010-08-30 00:25 - 00262144 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-26 22:37 - 2010-07-26 22:37 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2009-06-27 10:11 - 2009-06-27 10:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2012-09-03 20:05 - 2012-09-03 20:05 - 00112318 ____N () C:\Users\JBrown\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
2011-02-16 13:38 - 2011-02-16 13:38 - 00015872 _____ () C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3650681831-2466265877-3819662716-500 - Administrator - Disabled)
Guest (S-1-5-21-3650681831-2466265877-3819662716-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3650681831-2466265877-3819662716-1009 - Limited - Enabled)
JBrown (S-1-5-21-3650681831-2466265877-3819662716-1000 - Administrator - Enabled) => C:\Users\JBrown

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 05:49:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/19/2014 10:28:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL; Description = Removed Microsoft Office Professional Plus 2010; Error = 0x800706be).

Error: (10/18/2014 07:04:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/18/2014 02:24:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14d0

Start Time: 01cfeaa27baa11f7

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 9b091a3a-56a8-11e4-b2f3-20cf30b483d2

Error: (10/17/2014 05:13:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2014 00:43:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/15/2014 06:45:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 478c

Start Time: 01cfe877ae8982d3

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 68b4fd44-5471-11e4-a3ab-20cf30b483d2

Error: (10/14/2014 05:08:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10ea8

Start Time: 01cfe7a5dbfa2bec

Termination Time: 265

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (10/14/2014 04:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x83ffffcc
Faulting process id: 0xf850
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/13/2014 04:43:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (10/20/2014 09:46:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:11:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:10:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:09:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:06:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:05:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 08:04:05 PM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (10/20/2014 02:04:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/20/2014 01:58:18 PM) (Source: DCOM) (EventID: 10016) (User: JBrown-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}JBrown-PCJBrownS-1-5-21-3650681831-2466265877-3819662716-1000LocalHost (Using LRPC)

Error: (10/20/2014 01:56:40 PM) (Source: DCOM) (EventID: 10016) (User: JBrown-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}JBrown-PCJBrownS-1-5-21-3650681831-2466265877-3819662716-1000LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (10/20/2014 05:49:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/19/2014 10:28:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLLRemoved Microsoft Office Professional Plus 20100x800706be

Error: (10/18/2014 07:04:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/18/2014 02:24:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1647614d001cfeaa27baa11f70C:\Program Files (x86)\Internet Explorer\iexplore.exe9b091a3a-56a8-11e4-b2f3-20cf30b483d2

Error: (10/17/2014 05:13:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/16/2014 00:43:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/15/2014 06:45:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16476478c01cfe877ae8982d30C:\Program Files (x86)\Internet Explorer\iexplore.exe68b4fd44-5471-11e4-a3ab-20cf30b483d2

Error: (10/14/2014 05:08:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1647610ea801cfe7a5dbfa2bec265C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (10/14/2014 04:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164765126e7acunknown0.0.0.000000000c000000583ffffccf85001cfe79fbf65a153C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown4a9c9cd2-5393-11e4-a3ab-20cf30b483d2

Error: (10/13/2014 04:43:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 8183.05 MB
Available physical RAM: 4568.18 MB
Total Pagefile: 16364.25 MB
Available Pagefile: 12666.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:496.49 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:153.29 GB) (Free:25.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 955B9DF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: E61546E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 21 October 2014 - 01:03 PM



Hello skythemonkey666

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 21 October 2014 - 05:04 PM

i tried to download the junkware removel tool but i couldnt find the security setting that would allow me to DL it ... i turned off avg like you asked but it wouldnt dl it ... any suggestions as to what else needs to be adjusted?

 

 

# AdwCleaner v4.001 - Report created 21/10/2014 at 14:50:50
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : JBrown - JBROWN-PC
# Running from : C:\Users\JBrown\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Users\JBrown\AppData\Roaming\RHEng
File Deleted : C:\Users\JBrown\AppData\Local\Temp\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Dealply

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooSetup-Silent-15F8_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooSetup-Silent-15F8_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_directx[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5788 octets] - [21/10/2014 14:47:36]
AdwCleaner[S0].txt - [5625 octets] - [21/10/2014 14:50:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5685 octets] ##########


Edited by skythemonkey666, 21 October 2014 - 05:05 PM.


#6 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 21 October 2014 - 07:22 PM

I figured out what was wrong with the downloading ... i kept disabling downloads everytime i opened a new window ... heres jrts text

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by JBrown on Tue 10/21/2014 at 17:15:35.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\drivermax_7_21_cnet_dealply_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\drivermax_7_21_cnet_dealply_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\drivermax_7_24_cnet_dealply_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\drivermax_7_24_cnet_dealply_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\drivermax_7_21_cnet_dealply_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\drivermax_7_21_cnet_dealply_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\drivermax_7_24_cnet_dealply_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\drivermax_7_24_cnet_dealply_RASMANCS

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERMAX.EXE-0EEB5770.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{009FD5BE-31CA-44C2-AEF4-AAD4E4AD89DE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{01054683-0568-4C06-AF9D-A692AF1E96A9}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0197C3A8-716F-4BF1-A47A-7CD5AFFDB14A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{01BA56D3-3171-4DAC-8F74-A398D74188CF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{032DCFD6-3CFF-411F-83D5-AA934AD1017D}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0407C014-9DC2-48AE-AE2D-7BCD2D08F63C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{04F91156-CCC3-489A-B506-3F21A6874304}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{056B90D2-79AC-4F07-99CD-CB8504C71F89}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{08B6FABB-6CC4-4EEA-BC96-B01295D7AB98}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{093FF01F-655F-4765-968E-DF15E14FF058}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0A9098A2-3637-4204-99B8-0D9559EB7CDB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0B0F2967-4B73-428D-AF64-F5B73C04575F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0B1EC34D-BC08-4191-B629-4FC8632FBC33}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0B499CDE-87FE-424E-8FE7-A31EB70DD0F8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0BD51C67-7B91-4B99-85A3-B0C47067FCEB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0C39497B-4502-4270-980D-6943E93D6356}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0C79E708-8E5D-4110-9CF0-8718F1F1BB5C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0DDF6325-9282-4CC7-909E-2376F1919A00}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{0E7A3C30-60C0-47A1-82EC-AA376DCF1FCF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{10E1C3CB-3123-452C-88B6-2B334477E624}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{122022C2-7ADA-4AE2-B2F4-4E88FC3ACE3A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{12D4E3C6-BCA9-4910-8EC7-245953C47A19}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{163BBFBE-AE0F-4EC8-83F4-33F66C61FDB6}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{18A7C8D4-7D6A-4255-9059-1740E8868A41}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{19723810-687D-4E4C-AB71-326045B32E57}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{19D1F5E6-03A2-4215-8DE1-8F5017B903F0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1A797E7F-253D-46BE-B287-96C6EA65C609}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1BAD42CB-3B1A-4D19-94AD-826D750090C3}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1BD9D16A-0AD9-4F52-9B26-7E292089E402}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1D3C2AAB-C4D0-4CD9-BB9F-D0530B7790F7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1D441183-FC23-4213-84C2-51C5296574B8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{1D6D2A20-8CC1-43DA-BF6E-4FEB537FDCD7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{204F0FA4-3CD3-4417-9377-B455F3F8E818}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2169D242-807C-4D6F-A0B7-7B8CC6151E0B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{216D7BD2-ABE9-410D-8B34-152F88639343}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{21794636-411B-48BB-AFCA-FABD53F8AB58}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{21BE5FCA-A291-4A46-B906-D8C90D4A616B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{22C2015D-8224-4055-8471-BAD47C96C615}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{26CB39ED-58DC-4575-8538-EA7FDE8043B5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{298B846D-179A-499E-A757-DF8E8A23ECD1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2A8A64DC-F2E9-4EA7-9448-A7A5BE62EFE3}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2CC67772-3B7F-482E-8FD2-DB4B23F54DB0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2DEF0ADA-164D-416E-89DD-3CFD5891DB82}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2E523D31-2158-4BC2-8350-572DE3654F5E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{2EFC1D3D-CFA0-4858-8EB2-C8CFC78E5BB6}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{31727620-7433-44E7-93FB-853C19B22266}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{320828E9-9AC9-4EB0-93A6-05848B3BC418}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3379E6C0-8DB2-4AF5-8508-666BCAD586AD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{34FF6C43-363F-4CBE-8E21-A3967ED8BC5C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{389301CE-1EF0-498B-8745-087CC9180F06}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3910350E-3B60-452A-B818-3C61B912C8D5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3953FBC2-D2D2-43B7-920A-4B2BEF253462}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{396DB6D4-5B40-4965-AD19-07F4E2D1679E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3A9FDABD-C4A3-402C-9AF0-CF032F4448A4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3B1779F5-DEC2-47A1-91D7-9F29DB812613}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3C289798-1D24-4D19-BD23-0279C94F8326}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3D784984-E744-4012-938B-179360E65771}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3DE4B57F-7DA1-4D99-85B4-2A6014CFC2CD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3F1E4590-55FD-4C26-BA2A-751DF5AA0E09}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{3F523A05-F319-4A7C-B9B0-53490CCC91C1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{421FADDA-B1E3-4FB2-840A-366B206CE431}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4266DE1B-42F9-49B2-9AED-CC298AF59BFD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{42A47F9C-D0B0-443C-83C6-5F700EB682C2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{438D8653-3EFA-420F-BE9F-65AF1AAEDC1A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{43B7C1B0-87FE-415F-9B34-D2EEBA390110}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4446B003-ACA9-47A6-B6D2-D3BC4C4B4C29}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{44E21905-F806-4252-ACE6-0B699F940589}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{44E4D75C-C4DF-4DA1-8D65-72220E1FE313}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{46E24B2E-76C1-4999-A5FB-070FFD6B9682}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{474B0B73-A577-463D-A3DC-9F8D4603F892}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{47AD3953-8195-4F97-A216-5B4FE0FFF442}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4AB82E24-3CA4-48D5-B8B7-5936912E7A0C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4B86B893-3E40-4330-A2DE-6666DA981CD7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4C9F9D14-8754-42A8-B855-159CCDE8491E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4CD4AC6E-0557-45C4-8391-2E2E36B29D08}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4DF1D552-B81C-4AD4-B873-8E2FE94FC61E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{4FEBD5C5-6F21-4DF0-B4BE-08F52ABA5B7D}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5136ECFE-9880-4FE1-8780-9AD9344815CC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{52447C7E-2A55-4694-9228-7673701720CD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{52887B4B-F06D-4077-8093-13119396F2BD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{52B8EA8B-26A0-4347-9FBB-CF51AA92ADBA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{534B4BF7-520A-419F-A3AD-801557C8D2F1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{53E7C016-1584-46AF-B809-1B11B0A2FF28}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{54C22A93-B6B5-46A1-8368-A2A643F4DBEB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5531C8F3-E407-45E5-89B3-174877429DB2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{561DDA6A-DFE8-44FA-A35F-F040CB6B792C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5BABB6F7-E23F-4627-BC6A-63145D79AEA3}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5CE70669-60C4-4EC2-854A-CCE4A214B677}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5D8D041C-C3DE-4209-BAF8-05889FA62AB2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{5E2C2422-D547-418B-A592-3585C2C84B80}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{60166552-38F0-4B4E-A323-4D97A71CFA3E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{61BC0146-BF28-44E1-88CD-44F9795897B0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{632FDB52-8F15-4F89-9D2E-5FB4C1D57453}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{649C2E6B-CE3A-43FF-8477-1AA9937B5311}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{652CBA92-30B1-492F-A1E1-F5AB963AB9D8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{698E133C-02AD-4BDB-81C9-99B1C4B3A10B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{69AD6EA2-229B-4004-9202-9260A770FDC0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6A1DCCD4-5997-45F8-9119-13B01D3EF5EA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6BAE0798-D865-4497-BADD-F9D0355B99E0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6C34616B-CB49-44B6-8703-749A060FB375}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6C8CA266-5A27-4A99-915F-0E30400DCCF6}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6DBE0000-9DBC-40DA-9E98-625F3B0BAAEA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6E802757-F31A-4856-8BA5-7082231087E7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6F0ADBE7-7DAB-45DB-868F-607D7267665F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{6FBCA911-FC2A-479A-B925-80517BC34131}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{700E762C-485C-4B65-800A-A6D9665E6E04}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{718733CB-9708-4D5D-B6E9-1C86428803C7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{71880FAA-05FD-4EF9-8E63-27D7D0A74244}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{722365E2-587E-4A66-A1DC-71DECBB151A8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{72984C24-FD5E-42BB-B048-09337840CD36}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{72A05293-DD5D-4A4C-9DBD-D217F2B66534}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{72CEF538-9A19-4402-9505-414BA740B264}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{7304F6CD-D4F5-4B85-BD0B-B8AD8C1DB398}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{735FE577-EB76-43C3-A97F-ABAA7B7150C0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{73D36AAB-C3AC-4617-AD95-20CD9E81D2F4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{74472458-5072-4459-8633-5CB119E010E0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{7551CB4B-52A5-496F-AA96-D0E5A34D4025}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{75BB7B5F-32D3-4FF6-A02D-1305CEB472CA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{7621DE56-8D2D-4B5F-BE65-AAA4385F3341}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{76A3ECFC-C922-4609-8D1C-5647DAB7D5E6}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{789A536A-B73D-4628-A880-9909894D146C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{7A258E1C-4A8B-44B1-B0C0-828F628C5A31}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8086CA36-B15C-46EE-92C9-B19B0E3C95A8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{80DB53DF-A441-4390-BF01-23E6456A3B7F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{81525EA8-FF60-4869-8C39-E6ADBC7EAE40}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8196C2F6-38D9-452B-B518-8E62F002483A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{824ABBFC-4941-4A3A-A8EB-5362A24FA224}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{82F963A5-C26C-4D12-9FB2-715025A43380}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8474F217-251D-4BCA-B7DA-544968823118}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8540A8B4-4422-4AB5-B9FF-2E275D1BE11E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{85F510CE-F61A-4A68-8CEC-4E56101AAF67}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{889800E9-BDDF-4B1E-8E6E-4D80688B16AA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{895EFC6F-0254-4F99-BE24-4CBDB4EA7A37}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{89808F85-37F2-496C-AB6A-35B239F4B4AE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{89D26A3F-1608-469E-B734-A5BDD7974EC1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8A85F1C4-7C3E-498D-AD34-016404A1E9A4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8AA32360-EC2A-4375-9F3E-CC8FCD03F21B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8B167168-F26F-4185-AE3F-36A5A9B3243C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8C19A08C-81DB-4A19-9C0A-86B7AD1AB5FF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8CD57CC7-B0C3-4E30-86B3-FFB76BD47C5A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8E4B19A7-2002-4EA9-B134-A110DC7C8D42}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8EA5D095-C1C8-4302-AF38-DDDF9026CBCB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8F784CF0-0BD1-4861-A8C9-137F760EFFFC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{8FBD016D-B689-4AF9-A85B-0699E86483E4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{90141B42-23E3-4BD3-BEF5-BCD6F78AA3D8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{90A41E0F-740D-443B-9E4B-84A79AA3159F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{90CD92C6-A463-42EF-8763-D933B5A75C87}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{90D21739-7545-457F-B2BD-52488047DC50}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9169120A-24BE-43AA-ABFE-1592A71B1A53}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{91E82191-5280-42E7-9C38-C0E32D65CEDB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{923DF3BA-4E53-44CB-9B6E-98AAA2157F70}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{94032051-9669-43B4-B007-DD876CFE2E7A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{947E4634-13A8-4C4B-9ABC-749E9AEF8FBC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{96ECE2EB-AFDD-4464-9CEB-CF7351CDD374}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9732E5AD-53D5-4A43-A1A6-50BAC8020421}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{98E4C8C1-B2A1-4C4D-A6EA-2DA80642B524}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{990A732A-5160-4DB3-8236-D49580294A46}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9918961F-E121-45B5-82EA-590C05C0E466}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{99787E73-41F0-447E-AB1B-239459A297BB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{99CFCD83-401E-4883-B5E1-3A27948C1162}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9BB7B91B-0DAF-4837-8F4D-331D384340AF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9D8A194F-EC01-42D8-B3EB-3F31889A1F89}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9D9E20CF-FBC4-44C5-86EF-D4D71C31DBEF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9DBEE798-3431-475C-BDD6-F6D1D5364F1A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9E4DFEBD-59E4-4D37-AC63-FFA72E2F321A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9F08E864-088B-4880-A75D-DC37756965F7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9F0F3419-5653-4971-878C-7ED819ABCB21}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{9F1F43E9-0A48-40A2-AC34-8EB3A0AB26A7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A0471890-2632-4562-A230-D4C1BCE618EC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A0A130AE-FE03-499E-A65C-8E2AF5BE23DC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A136B2D9-CC85-4454-8664-7489EDA2D15C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A13F3E7A-DCCB-4280-81F8-6E6E23656BCE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A1F5AED0-E24D-4764-B2D0-8098F1F3C043}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A2987E77-2522-48B1-8E84-8C28B7CD8C0A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A2A8623D-61C6-4863-854F-0E9EF8452D0B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A2CDC0E1-7C83-4C49-A7E5-65F446966F71}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A5FEEE5A-FE21-4582-B7B1-AE53F8054B84}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A6612D07-2F77-4BB6-8D50-094EA5E0BE5F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A6A4CE49-3C82-416C-946C-1D77DC65018E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A7B6958D-4DFD-45AF-85E9-3616CFB8FD8C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A8509FC5-9FB5-43E4-831A-46AE83A41B21}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A8919EE4-BB82-491C-9071-1AA0F42A80AC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{A91B8C71-1470-4C88-B7B9-F712B7A74050}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AA416EF5-57F8-4D9F-B427-FFE18CC356B0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AAA1FCBC-C072-4E3F-AFF9-EAE91B604E80}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AAF8884C-4788-4263-8ADA-1D7CA7FD0358}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AB276459-CFD0-4F21-9199-DAA7CF3BDC93}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AC24F4C2-D2DA-4F56-988D-C16BF6935EAB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AC37CB2D-5732-4995-BA14-8C90B887CA7E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{ADA80226-3AAB-4908-A63A-8FCDB8A14C89}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{ADFC1B40-C27D-45A8-A323-225338634DF8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AFCA6012-0DF2-47EC-8A2D-AE9FBC67C22F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{AFFC75E0-4C9D-4CF0-B7DD-0750724DACB2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B1BECC07-CAD1-426F-871A-AA58337ECEF0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B1EB2857-E2F3-45EF-87F5-99803A620837}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B210DDC0-4E96-4A24-8BB3-2F106A4E1F0C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B28A3AF2-9A36-4624-B116-FDFCCA2E0F05}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B440281C-5AF1-4749-979E-3D54EC7F9D5A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B4C45915-043A-45C5-A6B9-1AB60B5E23FE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B59A43E3-FA63-4A9F-9AD2-6B40E665E677}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B686AB1B-CD66-46F3-AE4C-0800C484DDE2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B6F7AB34-922D-4D46-873D-7A692F068CBF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B7F2FBAC-B5D1-41DD-BD0F-583072744882}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{B9A13326-39C2-4E7A-886C-715567493973}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BAB2C211-269C-4765-B081-E1EE2093370A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BC976E7C-371C-442C-81E6-740DA79614B1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BDDCB80C-98B3-4905-B936-01F229FA5B98}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BEC7B766-3EA9-4EB6-919B-937B9B15E6C7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BECC7223-E0CB-47E9-B718-1D97E7E347C8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{BFAAEF0C-461D-47B5-AB25-347B6E6633AB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{C561A06F-E0A0-4CDD-B538-360F88F98BA0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{C6D92C0A-9EAF-42A2-AC09-C64FB3AD4E30}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{C73CFDE8-5736-4161-A1AA-D4F316DE11D5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CA0E9D02-6414-4ED8-8498-5A1B66AADA6F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CAF26858-BC9A-412D-BA71-49FD018E8DE5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CB83D595-BE66-494F-A46C-7CCDCA31EBE8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CBCE3FB8-D26C-4C2E-A7D8-78BCB59648DC}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CBD3BC2B-27FD-4A76-9915-3C37835B809C}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CC9B571A-CF57-4FF4-85CE-B2727D9DB7C3}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CCB9FBED-0C92-471F-B493-FA757F3B4577}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CCBD3282-CFC1-4604-AA38-7357AA72C9CF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CCC2F232-EECB-418F-9842-72005E7CDB18}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CCF88BB4-FE66-451B-AF66-5D3079F0FE5E}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CD19CF77-2D02-4440-8C28-E5FDFAFCD7DD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CE93F078-042D-4A77-87D6-64B3D5C7B7BA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CECDCC10-2243-4AA4-BA02-DC52D0E074BA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CEF9826E-9A51-4F3D-854D-1715701218A5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CF54CB98-0544-4777-B4AE-10BCDB0565E0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{CFB77B26-BA93-49CF-A871-F848E88B4AE3}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D256D1E4-A1BD-429F-BC15-13B0F23D9F91}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D39BC7D2-075F-4ED8-AD77-AF3EB64434AB}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D4D1A082-A7FD-463D-9E24-16A385B9156F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D547CFA4-C127-441C-A14F-19D17F0C72B2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D5A2BAC1-99B4-4EE6-8557-AC92ED68855D}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D6A95FA2-6D51-4EA6-8448-02621FC715A1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D7CECE0A-5EB3-4D01-89AF-313A55ACAFD8}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D8F4DD31-C1B3-400E-B42F-0B73BF4FC080}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D9C41C32-98FF-48B0-B355-1D9B6F8BC15F}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{D9F12DF4-40A3-42DF-8A1F-F6C091B0050A}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DC11F4AE-98EA-45C6-993B-A93E8DFCE737}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DCCFD895-590D-46BE-9BE1-9EDE4120A27B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DDBD6AEF-7CFB-4C2B-A17A-D023C6A6D703}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DE09670A-F65F-4A8C-BE1F-01352691ED7D}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DE15AE88-58C2-4DE1-80D1-086D791A6B61}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DE6CAE3F-B456-4607-B8CF-C925C6B45DA4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DEDFAB54-88E6-4E9D-9876-20373A3817BE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{DFB3B96E-3757-4E19-8710-D24D2EA48311}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E02F499A-8F79-4B4C-A568-AD1949A1E8EF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E1EF3673-615F-4696-B455-6A52889A953D}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E3ACF9EA-A96D-4520-9E3B-68E9886C29D5}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E4C1A688-4E7E-4765-948D-C7684E6FA6E9}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E59C72F1-2AA7-4726-AACC-49E6107E9C51}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E5A3189D-0C9B-4054-86B7-0DE0E68C0313}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E64D5A0D-45D1-4B96-840F-1F372FB56AD4}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E712E452-5668-4269-AAC2-AA85B0864E82}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{E7B97043-154F-4DB3-B6EF-1594CBD1D902}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{EB78D88A-6548-4AC7-B0B3-8FB08CC29BDA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{EB78E566-CB83-423F-9BEE-F3844B87D3D6}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{EBF81DA7-156A-4A50-A598-2E2D9F157EED}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{ECC6E84B-3F6D-4A66-8016-F377C4DE27EF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{EF6E8128-4B2A-4AE1-A062-2EC0DDA8BC42}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{EF7BC271-2350-4252-912C-B8775202E7C2}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F0C3EE4D-C3E4-4B48-B80E-105C448B55B7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F17DF802-534A-44E1-BDAC-795599DA9F06}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F208115F-82C6-45AB-B4CC-2DB89102DC22}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F4B775F2-05E6-45A1-8ED1-07817D693E61}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F501D6F6-6B23-4DAF-87A0-90ADB6B6C206}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F5DFD40D-010B-4102-AA62-8AF241226DE0}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F66E5E11-7AD5-4CDA-AE2B-7172EECDC7FE}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F6A3AD56-D56D-4156-9FC8-78D703F33C50}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F6E4FB56-2F39-4DB6-974C-255B4A555843}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F791BD9C-22AA-4144-BD49-CC2273A79B16}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F923ABD5-760F-49B6-9912-B4350139C1B1}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F95AAC03-CBF8-414F-878B-D676D437C4B7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F975EDE1-485B-4A71-B8D7-701A28BA58BF}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{F9CB6C9E-CE8E-4226-97A5-92AF4195FA3B}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FA54C7B4-0242-4BAA-A2F0-6ACFBB2D2E94}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FA5A09F1-6C14-4237-92A5-4AC292EBD483}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FC51EBA1-B951-4006-865C-EED3538610AD}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FD1DACFD-F88C-488C-A8BF-452176FCF914}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FD6D0628-F3A9-4329-8FEF-D8E1DE758CE7}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FE826E17-FC64-415C-9E12-BCA4B3EF9DAA}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FF5F7CD4-3DA5-48DC-AAFB-17D0AFABDBB9}
Successfully deleted: [Empty Folder] C:\Users\JBrown\appdata\local\{FFC9B31C-70AC-4302-A0F3-CF257586703B}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/21/2014 at 17:19:41.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 23 October 2014 - 04:27 PM

is that it? It's running faster and hasn't been hanging up at all since the last step.  Just wanna be sure.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 26 October 2014 - 12:46 PM


Hello skythemonkey666

Very sorry for the delay

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 26 October 2014 - 10:56 PM

computer was running fine for a fwe days then a security window popped up asking to scan a webpage.  when i did this it started all over again ... ran all scans again then combofix and running better again.

 

ComboFix 14-10-27.01 - JBrown 10/26/2014  19:53:55.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8183.5900 [GMT -7:00]
Running from: c:\users\JBrown\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Best Spyware Scanner
c:\program files (x86)\Best Spyware Scanner\BestSpywareScanner.url
c:\users\JBrown\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\JBrown\AppData\Roaming\oymoo.dll
c:\windows\msdownld.tmp
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27  )))))))))))))))))))))))))))))))
.
.
2014-10-26 17:01 . 2014-10-26 17:01 -------- d-----w- c:\windows\system32\SPReview
2014-10-26 01:20 . 2014-10-26 01:20 0 ----a-w- c:\windows\system32\ccejne.dll
2014-10-26 01:20 . 2014-10-26 01:20 70656 ----a-w- c:\windows\system32\vazwex.dll
2014-10-22 00:14 . 2014-10-22 00:14 -------- d-----w- c:\windows\ERUNT
2014-10-21 22:50 . 2014-10-21 22:50 175408 --sha-w- c:\windows\system32\spinstall.exewdscore.dll
2014-10-21 22:49 . 2014-10-27 03:46 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 22:16 . 2014-10-21 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-21 22:15 . 2014-10-21 22:15 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 22:15 . 2014-10-21 22:15 -------- d-----w- c:\program files (x86)\Java
2014-10-21 21:46 . 2014-10-21 21:52 -------- d-----w- C:\AdwCleaner
2014-10-21 21:30 . 2014-10-21 21:30 -------- d-----w- c:\users\JBrown\AppData\Roaming\AVG2015
2014-10-21 21:23 . 2014-10-21 21:29 -------- d-----w- c:\programdata\AVG2015
2014-10-21 21:20 . 2014-10-22 13:38 -------- d-----w- c:\users\JBrown\AppData\Local\Avg2015
2014-10-21 05:11 . 2014-10-27 02:44 -------- d-----w- C:\FRST
2014-10-15 19:30 . 2014-10-10 01:53 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-15 19:30 . 2014-10-10 01:53 504320 ----a-w- c:\windows\system32\aepdu.dll
2014-10-15 19:30 . 2014-10-10 01:47 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-15 19:30 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
2014-10-06 05:05 . 2012-09-23 12:17 21160 ----a-w- c:\windows\system32\drivers\amdkmafd.sys
2014-10-04 05:20 . 2014-09-16 07:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 01:56 . 2012-04-05 01:53 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-27 01:56 . 2011-06-15 10:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-23 23:49 . 2014-07-21 00:29 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-16 02:06 . 2010-10-17 04:50 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 18:11 . 2014-07-21 00:27 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-07-21 00:27 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2014-07-21 00:24 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-16 07:31 . 2012-03-31 05:42 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-16 07:31 . 2012-04-30 23:51 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-16 07:31 . 2010-08-04 08:54 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-16 07:31 . 2012-04-30 23:51 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-16 07:31 . 2009-09-19 02:04 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-16 07:31 . 2012-05-22 09:27 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-16 07:31 . 2012-05-22 09:27 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-16 07:03 . 2012-03-31 05:42 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-16 07:03 . 2012-03-31 05:42 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-16 06:59 . 2012-03-31 05:42 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-16 06:59 . 2012-03-31 05:42 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-03 03:58 . 2011-12-05 00:54 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-21 04:45 . 2014-08-21 04:45 243480 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-08-07 04:39 . 2014-08-07 04:39 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Akamai NetSession Interface"="c:\users\JBrown\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-17 39408]
"Amazon Music"="c:\users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-01 3162944]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2014-09-30 8780152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 118784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-09-05 3593744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 pimou;Pluralinput Mouse 0.8.2.0;c:\windows\system32\DRIVERS\pimou.sys;c:\windows\SYSNATIVE\DRIVERS\pimou.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:56]
.
2014-10-27 c:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
- c:\program files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-08-17 22:16]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 01:52]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 01:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.weather.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer =
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MPOptimizer - c:\program files\MaxPerforma Optimizer\MaxPerforma.exe
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKLM-Run-BestSpywareScanner.exe - c:\program files (x86)\Best Spyware Scanner\BestSpywareScanner.exe
Wow6432Node-HKLM-Run-MSWheel - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Colossus - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3650681831-2466265877-3819662716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3650681831-2466265877-3819662716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\windows\SysWOW64\kmw_run.exe
.
**************************************************************************
.
Completion time: 2014-10-26  20:51:22 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-27 03:51
.
Pre-Run: 531,134,164,992 bytes free
Post-Run: 537,081,749,504 bytes free
.
- - End Of File - - 29D59CAC23FF5B18EE850691D4892DA0
A36C5E4F47E84449FF07ED3517B43A31
 

 

Not sure of this security window is the culprit but seems fishy to me.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 27 October 2014 - 02:13 PM


Hello skythemonkey666

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 28 October 2014 - 12:53 AM

still running ok that same pop up is still coming up but hasnt acted up since rerunning the steps ... don't think its completely clear of whatevers affecting the computer.  Cant find the OS disk so I cant wipe and reinstall atm ... tearing apart my house looking for it.

 

ComboFix 14-10-27.01 - JBrown 10/27/2014  21:56:36.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.8183.5296 [GMT -7:00]
Running from: c:\users\JBrown\Desktop\ComboFix.exe
Command switches used :: c:\users\JBrown\Desktop\CFscript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JBrown\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-28  )))))))))))))))))))))))))))))))
.
.
2014-10-28 05:38 . 2014-10-28 05:38 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-10-28 05:38 . 2014-10-28 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-26 17:01 . 2014-10-26 17:01 -------- d-----w- c:\windows\system32\SPReview
2014-10-26 01:20 . 2014-10-26 01:20 0 ----a-w- c:\windows\system32\ccejne.dll
2014-10-26 01:20 . 2014-10-26 01:20 70656 ----a-w- c:\windows\system32\vazwex.dll
2014-10-22 00:14 . 2014-10-22 00:14 -------- d-----w- c:\windows\ERUNT
2014-10-21 22:50 . 2014-10-21 22:50 175408 --sha-w- c:\windows\system32\spinstall.exewdscore.dll
2014-10-21 22:49 . 2014-10-28 05:41 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 22:16 . 2014-10-21 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-21 22:15 . 2014-10-21 22:15 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 22:15 . 2014-10-21 22:15 -------- d-----w- c:\program files (x86)\Java
2014-10-21 21:46 . 2014-10-27 03:58 -------- d-----w- C:\AdwCleaner
2014-10-21 21:30 . 2014-10-21 21:30 -------- d-----w- c:\users\JBrown\AppData\Roaming\AVG2015
2014-10-21 21:23 . 2014-10-21 21:29 -------- d-----w- c:\programdata\AVG2015
2014-10-21 21:20 . 2014-10-22 13:38 -------- d-----w- c:\users\JBrown\AppData\Local\Avg2015
2014-10-21 05:11 . 2014-10-27 02:44 -------- d-----w- C:\FRST
2014-10-15 19:30 . 2014-10-10 01:53 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-15 19:30 . 2014-10-10 01:53 504320 ----a-w- c:\windows\system32\aepdu.dll
2014-10-15 19:30 . 2014-10-10 01:47 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-15 19:30 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
2014-10-06 05:05 . 2012-09-23 12:17 21160 ----a-w- c:\windows\system32\drivers\amdkmafd.sys
2014-10-04 05:20 . 2014-09-16 07:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 04:17 . 2014-07-21 00:29 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-27 01:56 . 2012-04-05 01:53 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-27 01:56 . 2011-06-15 10:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 02:06 . 2010-10-17 04:50 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 18:11 . 2014-07-21 00:27 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-07-21 00:27 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2014-07-21 00:24 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-16 07:31 . 2012-03-31 05:42 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-16 07:31 . 2012-04-30 23:51 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-16 07:31 . 2010-08-04 08:54 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-16 07:31 . 2012-04-30 23:51 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-16 07:31 . 2009-09-19 02:04 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-16 07:31 . 2012-05-22 09:27 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-16 07:31 . 2012-05-22 09:27 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-16 07:03 . 2012-03-31 05:42 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-16 07:03 . 2012-03-31 05:42 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-16 06:59 . 2012-03-31 05:42 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-16 06:59 . 2012-03-31 05:42 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-03 03:58 . 2011-12-05 00:54 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-21 04:45 . 2014-08-21 04:45 243480 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-08-07 04:39 . 2014-08-07 04:39 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Akamai NetSession Interface"="c:\users\JBrown\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-17 39408]
"Amazon Music"="c:\users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-01 3162944]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2014-09-30 8780152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 118784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-09-05 3593744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 pimou;Pluralinput Mouse 0.8.2.0;c:\windows\system32\DRIVERS\pimou.sys;c:\windows\SYSNATIVE\DRIVERS\pimou.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:56]
.
2014-10-28 c:\windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
- c:\program files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-08-17 22:16]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 01:52]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 01:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.weather.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer =
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3650681831-2466265877-3819662716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3650681831-2466265877-3819662716-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\kmw_run.exe
.
**************************************************************************
.
Completion time: 2014-10-27  22:46:30 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-28 05:46
ComboFix2.txt  2014-10-27 03:51
.
Pre-Run: 536,546,496,512 bytes free
Post-Run: 536,315,277,312 bytes free
.
- - End Of File - - DBF0B9D2C31970B01BFF97ECEFE7F0D1
A36C5E4F47E84449FF07ED3517B43A31
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 31 October 2014 - 02:03 PM

I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.

I would like for you to use these settings
Under whitelist I would like everything to be checked
Under optional scan
Only have Addition.txt select (the other three blank)
Press the Scan button.
It will make a two logs (FRST.txt) and (Addition.txt) in the same directory the tool is run from.

Please attach both reports to your reply to me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 31 October 2014 - 02:32 PM

doesn't seem to want to post

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by JBrown (administrator) on JBROWN-PC on 31-10-2014 12:23:28
Running from C:\Users\JBrown\Desktop
Loaded Profile: JBrown (Available profiles: JBrown)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe
() C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Akamai Technologies, Inc.) C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe
(Kensington Technology Group) C:\Windows\SysWOW64\kmw_run.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [kmw_run.exe] => kmw_run.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [Akamai NetSession Interface] => C:\Users\JBrown\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-17] (Google Inc.)
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [Amazon Music] => C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-3650681831-2466265877-3819662716-1000\...\Run: [DriverMax_RESTART] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8780152 2014-09-30] (Innovative Solutions)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x87612AFABF6DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearch.net/search?q={searchTerms}&utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
SearchScopes: HKCU - DefaultScope {40E04A17-E0EB-46f8-8D61-EF7B4E68E9C7} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
SearchScopes: HKCU - {40E04A17-E0EB-46f8-8D61-EF7B4E68E9C7} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: IEHlprObjClass -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\Kensington\MouseWorks\IE_KMW.DLL No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.safesearch.net/?utm_medium=ch&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988"
CHR Profile: C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\JBrown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [265728 2010-09-06] (AVEO Corp)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
S3 KMW_KBD; C:\Windows\SysWOW64\DRIVERS\KMW_KBD.sys [5760 2005-09-01] (Kensington Technology Group) [File not signed]
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [22856 2013-03-21] (Christian Gulden)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-08-30] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 12:23 - 2014-10-31 12:23 - 00013674 _____ () C:\Users\JBrown\Desktop\FRST.txt
2014-10-31 12:22 - 2014-10-31 12:22 - 00000000 ____D () C:\Users\JBrown\Desktop\FRST-OlderVersion
2014-10-27 22:48 - 2014-10-27 22:48 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-27 22:46 - 2014-10-27 22:46 - 00017840 _____ () C:\ComboFix.txt
2014-10-26 21:03 - 2014-10-26 21:03 - 00000712 _____ () C:\Users\JBrown\Desktop\JRT.txt
2014-10-26 21:00 - 2014-10-26 21:00 - 01998336 _____ () C:\Users\JBrown\Desktop\AdwCleaner.exe
2014-10-26 19:52 - 2014-10-27 22:46 - 00000000 ____D () C:\Qoobox
2014-10-26 19:52 - 2014-10-26 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-10-26 19:52 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-26 19:52 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-26 19:52 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-26 19:52 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-26 19:52 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-26 19:52 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-26 19:52 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-26 19:52 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-26 19:51 - 2014-10-26 19:52 - 05591695 ____R (Swearware) C:\Users\JBrown\Desktop\ComboFix.exe
2014-10-26 10:01 - 2014-10-26 10:01 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-25 18:20 - 2014-10-25 18:20 - 00003858 _____ () C:\Windows\System32\Tasks\{C7A6ACDA-E12D-A31F-8946-5CA2A06F0A7C}
2014-10-25 18:20 - 2014-10-25 18:20 - 00000000 _____ () C:\Windows\system32\ccejne.dll
2014-10-21 17:14 - 2014-10-21 17:14 - 01706144 _____ (Thisisu) C:\Users\JBrown\Desktop\JRT.exe
2014-10-21 17:14 - 2014-10-21 17:14 - 00000000 ____D () C:\Windows\ERUNT
2014-10-21 15:50 - 2014-10-21 15:50 - 00175408 ___SH (Microsoft) C:\Windows\system32\spinstall.exewdscore.dll
2014-10-21 15:50 - 2014-10-21 15:50 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-21 15:49 - 2014-10-28 06:19 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 15:16 - 2014-10-21 15:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-21 15:15 - 2014-10-21 15:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-21 15:15 - 2014-10-21 15:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-21 15:15 - 2014-10-21 15:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 15:15 - 2014-10-21 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 15:15 - 2014-10-21 15:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 14:56 - 2014-10-21 14:56 - 00005797 _____ () C:\Users\JBrown\Desktop\AdwCleaner[S0].txt
2014-10-21 14:46 - 2014-10-26 20:58 - 00000000 ____D () C:\AdwCleaner
2014-10-21 14:41 - 2014-10-21 14:41 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-10-21 14:30 - 2014-10-21 14:30 - 00000000 ____D () C:\Users\JBrown\AppData\Roaming\AVG2015
2014-10-21 14:23 - 2014-10-21 14:29 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 14:20 - 2014-10-22 06:38 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Avg2015
2014-10-20 22:11 - 2014-10-31 12:23 - 00000000 ____D () C:\FRST
2014-10-20 22:11 - 2014-10-20 22:12 - 00031352 _____ () C:\Users\JBrown\Desktop\Addition.txt
2014-10-20 14:40 - 2014-10-31 12:22 - 02113536 _____ (Farbar) C:\Users\JBrown\Desktop\FRST64.exe
2014-10-20 14:21 - 2014-10-20 14:22 - 00006066 _____ () C:\Users\JBrown\Desktop\surrogate.txt
2014-10-19 22:39 - 2014-10-19 22:39 - 00003204 _____ () C:\Windows\System32\Tasks\{8D9B67AE-4349-4DF8-B91A-D872CC6E8ED4}
2014-10-18 19:21 - 2014-10-18 19:21 - 00004048 _____ () C:\Windows\System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F}
2014-10-15 12:30 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:30 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:30 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:30 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-05 22:05 - 2012-09-23 05:17 - 00021160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys
2014-10-03 22:26 - 2014-05-28 23:28 - 00688648 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2014-10-03 22:26 - 2014-05-28 23:28 - 00030728 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2014-10-03 22:26 - 2014-05-08 21:02 - 03300528 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2014-10-03 22:26 - 2014-04-28 21:52 - 01999640 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2014-10-03 22:26 - 2014-04-28 21:52 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2014-10-03 22:26 - 2014-02-26 20:54 - 01986048 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2014-10-03 22:26 - 2014-02-26 17:54 - 00876544 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-10-03 22:26 - 2013-11-01 15:21 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-10-03 22:26 - 2013-07-22 20:41 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2014-10-03 22:26 - 2012-12-12 00:01 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2014-10-03 22:26 - 2012-12-12 00:00 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2014-10-03 22:20 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-10-03 22:20 - 2014-09-16 00:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-10-03 22:20 - 2014-09-16 00:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-10-03 22:20 - 2014-09-16 00:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-10-03 22:20 - 2014-09-16 00:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-10-03 22:20 - 2014-09-16 00:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-10-03 22:20 - 2014-09-16 00:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-10-03 22:20 - 2014-09-16 00:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-10-03 22:20 - 2014-09-16 00:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-03 22:20 - 2014-09-16 00:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-03 22:20 - 2014-09-16 00:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-10-03 22:20 - 2014-09-16 00:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-10-03 22:20 - 2014-09-16 00:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-10-03 22:20 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-10-03 22:20 - 2014-09-16 00:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-10-03 22:20 - 2014-09-16 00:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-10-03 22:20 - 2014-09-16 00:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-10-03 22:20 - 2014-09-16 00:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-10-03 22:20 - 2014-09-16 00:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-10-03 22:20 - 2014-09-16 00:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-10-03 22:20 - 2014-09-16 00:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-10-03 22:20 - 2014-09-16 00:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-10-03 22:20 - 2014-09-15 23:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-10-03 22:20 - 2014-09-15 23:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-10-03 22:20 - 2014-09-15 23:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-10-03 22:20 - 2014-09-02 08:26 - 00759301 _____ () C:\Windows\system32\amdicdxx.dat
2014-10-03 22:20 - 2014-08-31 16:58 - 00322868 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-10-03 22:20 - 2014-08-31 16:56 - 00321200 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-10-03 22:20 - 2014-08-28 23:52 - 00157224 _____ () C:\Windows\system32\amde31a.dat
2014-10-03 22:20 - 2014-08-28 18:58 - 00158928 _____ () C:\Windows\system32\ativce03.dat
2014-10-03 22:20 - 2014-08-14 22:19 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-10-03 22:20 - 2014-07-15 17:54 - 00290080 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2014-10-03 22:20 - 2014-07-02 20:40 - 00234164 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-10-03 22:20 - 2014-07-02 20:38 - 00232752 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 12:17 - 2012-08-16 03:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-31 11:57 - 2010-10-17 02:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 09:48 - 2010-10-16 23:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-31 06:19 - 2014-08-17 10:22 - 00000306 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2014-10-31 06:11 - 2013-03-09 19:07 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EBE9A6B-3764-41CF-B9E5-595633510131}
2014-10-31 06:02 - 2014-04-20 17:32 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Battle.net
2014-10-31 03:02 - 2010-10-17 10:07 - 01902652 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 23:37 - 2014-04-20 17:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-10-30 18:57 - 2010-10-17 02:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 04:39 - 2012-03-12 21:18 - 00000000 ____D () C:\Users\JBrown\AppData\Roaming\Hoyle Puzzle and Board Games
2014-10-29 01:19 - 2010-10-17 03:32 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-10-28 20:09 - 2009-07-13 21:45 - 00020320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 20:09 - 2009-07-13 21:45 - 00020320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 06:19 - 2014-08-17 10:22 - 00002582 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2014-10-28 06:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 06:19 - 2009-07-13 21:51 - 00069716 _____ () C:\Windows\setupact.log
2014-10-27 22:41 - 2009-07-13 19:34 - 00000302 _____ () C:\Windows\system.ini
2014-10-27 22:40 - 2010-10-16 22:02 - 00126676 _____ () C:\Windows\PFRO.log
2014-10-26 21:17 - 2014-07-20 17:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 20:51 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-26 20:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-26 18:57 - 2014-07-18 21:20 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Adobe
2014-10-26 18:56 - 2012-08-16 03:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-26 18:56 - 2012-04-04 18:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-26 18:56 - 2011-06-15 03:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-26 10:33 - 2010-10-16 19:07 - 00000000 ____D () C:\Users\JBrown
2014-10-24 16:35 - 2014-04-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-23 16:48 - 2014-07-20 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 16:48 - 2011-10-13 07:51 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-10-22 22:49 - 2010-07-11 03:25 - 00000000 ____D () C:\Users\JBrown\Downloads\WoW IF mods
2014-10-21 15:16 - 2013-10-20 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 14:42 - 2010-10-16 22:58 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-10-21 14:31 - 2010-10-16 23:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 14:30 - 2014-06-20 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 14:30 - 2014-06-20 03:10 - 00000000 ____D () C:\$AVG
2014-10-20 20:45 - 2010-10-18 22:19 - 00000000 ____D () C:\Users\JBrown\Downloads\Erins stuff
2014-10-20 01:29 - 2011-06-15 17:29 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 00:08 - 2009-07-13 21:45 - 00409160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 23:23 - 2010-10-17 03:03 - 00000000 ____D () C:\Users\JBrown\AppData\Local\Windows Live
2014-10-19 23:22 - 2010-10-16 19:19 - 00109952 _____ () C:\Users\JBrown\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 22:42 - 2010-10-16 19:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-19 22:37 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-19 22:36 - 2010-10-17 02:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-19 22:35 - 2012-12-28 06:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 22:33 - 2009-07-14 00:45 - 00000000 ____D () C:\Windows\ShellNew
2014-10-19 22:33 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-10-19 22:31 - 2009-07-13 19:34 - 00000427 _____ () C:\Windows\win.ini
2014-10-19 22:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-19 22:04 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\Setup
2014-10-19 18:52 - 2010-10-17 02:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 18:52 - 2010-10-17 02:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 10:24 - 2009-07-13 22:08 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 19:21 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-15 19:12 - 2014-07-30 05:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 19:11 - 2013-08-04 17:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 19:06 - 2010-10-16 21:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-05 22:05 - 2012-03-09 17:12 - 00377652 _____ () C:\Windows\DPINST.LOG
2014-10-01 21:55 - 2012-03-09 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2014-10-01 11:11 - 2014-07-20 17:27 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-20 17:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-07-20 17:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 06:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by JBrown at 2014-10-31 12:24:12
Running from C:\Users\JBrown\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
ATI AVIVO64 Codecs (Version: 10.10.0.40918 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CardGames2011 (HKLM-x32\...\{7CBB1E21-8B17-4A7B-9598-F73F38DB2A2D}) (Version: 1.00.0000 - Phantom EFX)
ccc-core-static (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
CCS64 V3.8 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
Character and Starship Creator (HKLM-x32\...\InstallShield_{17FF7B21-A872-429C-9331-5883ACD12EE8}) (Version: 1.04.0000 - Westwood Studios)
Character and Starship Creator (x32 Version: 1.04.0000 - Westwood Studios) Hidden
Classic Menu for Office 2007 v6.05 (HKLM-x32\...\{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1) (Version: 6.05 - Addintools)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.42.0.665 - Innovative Solutions)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.4.15.WIN.FullTilt.COM - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\{B14C3F95-9427-423C-A124-46301242DD58}) (Version: 1.00.0000 - Encore)
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington MouseWorks (HKLM-x32\...\{4C78937F-0C8E-11D9-A3EB-0001025FA304}) (Version: 6.11.4.1 - Kensington Technology Group)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
Patch (HKLM-x32\...\{1F67E172-A1B5-4157-AA22-77118066A90A}) (Version: 1.00.0000 - Phantom EFX)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3650681831-2466265877-3819662716-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\FntCache.dll (Microsoft)

==================== Restore Points  =========================

26-10-2014 17:01:41 Windows 7 Service Pack 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-27 22:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {081980A4-A4A3-4B17-B7F0-4757C14DB8AF} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {08D87BA4-5B36-4636-A140-546D4274896F} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2010-08-30] ()
Task: {3182F43D-EA36-4695-B4BC-FDC045060A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {44714B0D-8BBC-4FAB-B96B-CD624BD41985} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {48678591-1A53-4552-B105-5651A7C00CF6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {4F641808-5BF3-4D3A-B485-D3830140897B} - System32\Tasks\{7B3270EF-D88F-44DB-A221-26B42F38F90B} => C:\Program Files (x86)\EA GAMES\Earth &amp; Beyond\e&amp;b.exe
Task: {4F94E6EC-FDF3-4447-9D21-34D6F0652887} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2014-09-30] (Innovative Solutions)
Task: {6ADDF472-0D40-4C54-9313-FB09FCF71AA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26] (Adobe Systems Incorporated)
Task: {79E84041-52E2-433F-AEE2-E51BA8C80543} - System32\Tasks\4775 => Wscript.exe C:\Users\JBrown\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {7B0ABE25-99C1-4182-8584-06874595B32C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {80C58C76-A420-4D0B-AE04-1D7460A3D526} - System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F} => C:\Users\JBrown\AppData\Roaming\zuxths.dll/s "C:\Users\JBrown\AppData\Roaming\zuxths.dll" <==== ATTENTION
Task: {996EDA0B-8A11-46E2-B40B-1B8FAE85AEDE} - System32\Tasks\{B4556A3F-40AB-4379-A085-34B6865A9A2E} => Iexplore.exe http://ui.skype.com/ui/0/6.1.73.129.457/en/abandoninstall?page=tsWLM
Task: {BA827342-E0A5-4527-8989-F85CF74707E9} - System32\Tasks\{C7A6ACDA-E12D-A31F-8946-5CA2A06F0A7C} => C:\Windows\system32\vazwex.dll/s "C:\Windows\system32\vazwex.dll"
Task: {D327BD77-F824-4A0D-ABF3-EE3BF6B4238F} - System32\Tasks\{0E1EF687-B81B-45BD-BC94-3A57AB460DF6} => C:\Program Files (x86)\EA GAMES\Earth &amp; Beyond\e&amp;b.exe
Task: {F97AA05F-DEFA-4EB9-8134-BD830C9EAD78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-30 20:04 - 2010-08-30 20:04 - 00355640 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-06-23 20:35 - 2014-07-01 11:58 - 03162944 _____ () C:\Users\JBrown\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-30 03:13 - 2010-08-30 03:13 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2010-08-30 00:24 - 2010-08-30 00:24 - 00139264 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2010-08-30 00:25 - 2010-08-30 00:25 - 00262144 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-26 22:37 - 2010-07-26 22:37 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-10-27 22:41 - 2014-10-27 22:41 - 00112318 _____ () C:\Users\JBrown\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
2011-02-16 13:38 - 2011-02-16 13:38 - 00015872 _____ () C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3650681831-2466265877-3819662716-500 - Administrator - Disabled)
Guest (S-1-5-21-3650681831-2466265877-3819662716-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3650681831-2466265877-3819662716-1009 - Limited - Enabled)
JBrown (S-1-5-21-3650681831-2466265877-3819662716-1000 - Administrator - Enabled) => C:\Users\JBrown

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2014 02:49:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time stamp: 0x5126e7ac
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00022262
Faulting process id: 0x381cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/29/2014 07:25:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2014 06:26:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 550

Start Time: 01cff2b2b1064726

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (10/28/2014 03:16:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/27/2014 09:27:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (10/30/2014 04:29:56 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/30/2014 04:29:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/30/2014 04:29:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/28/2014 06:19:13 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\KMW_KBD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/28/2014 04:12:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Microsoft Office Sessions:
=========================
Error: (10/31/2014 02:49:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164765126e7acntdll.dll6.1.7600.169154ec49d10c000000500022262381cc01cff4dca34711b9C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll2e9a43c4-60e3-11e4-97cb-20cf30b483d2

Error: (10/29/2014 07:25:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/28/2014 06:26:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1647655001cff2b2b106472610C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (10/28/2014 03:16:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (10/27/2014 09:27:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

CodeIntegrity Errors:
===================================
  Date: 2014-10-27 22:38:21.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-27 22:38:21.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-27 22:38:21.200
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-27 22:38:21.130
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-26 20:42:33.356
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-26 20:42:33.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 8183.05 MB
Available physical RAM: 3782.07 MB
Total Pagefile: 16364.25 MB
Available Pagefile: 9462.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:497.5 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:153.29 GB) (Free:25.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 955B9DF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 153.4 GB) (Disk ID: E61546E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 PM

Posted 31 October 2014 - 06:46 PM

Hello skythemonkey666



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.14KB   1 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 skythemonkey666

skythemonkey666
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 31 October 2014 - 09:05 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by JBrown at 2014-10-31 19:04:42 Run:1
Running from C:\Users\JBrown\Desktop
Loaded Profile: JBrown (Available profiles: JBrown)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearch.net/search?q={searchTerms}&utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988
CHR StartupUrls: Default -> "hxxp://www.safesearch.net/?utm_medium=ch&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=2515070D777A4988"
Task: {F97AA05F-DEFA-4EB9-8134-BD830C9EAD78} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {BA827342-E0A5-4527-8989-F85CF74707E9} - System32\Tasks\{C7A6ACDA-E12D-A31F-8946-5CA2A06F0A7C} => C:\Windows\system32\vazwex.dll/s "C:\Windows\system32\vazwex.dll"
Task: {80C58C76-A420-4D0B-AE04-1D7460A3D526} - System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F} => C:\Users\JBrown\AppData\Roaming\zuxths.dll/s "C:\Users\JBrown\AppData\Roaming\zuxths.dll" <==== ATTENTION
Task: {79E84041-52E2-433F-AEE2-E51BA8C80543} - System32\Tasks\4775 => Wscript.exe C:\Users\JBrown\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Windows\system32\vazwex.dll
C:\Users\JBrown\AppData\Roaming\zuxths.dll
C:\Users\JBrown\AppData\Local\Temp\launchie.vbs
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}" => Key deleted successfully.
"HKCR\CLSID\{4B51C980-C6B0-11E1-9136-AED16088709B}" => Key not found.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F97AA05F-DEFA-4EB9-8134-BD830C9EAD78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97AA05F-DEFA-4EB9-8134-BD830C9EAD78}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA827342-E0A5-4527-8989-F85CF74707E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA827342-E0A5-4527-8989-F85CF74707E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C7A6ACDA-E12D-A31F-8946-5CA2A06F0A7C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7A6ACDA-E12D-A31F-8946-5CA2A06F0A7C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80C58C76-A420-4D0B-AE04-1D7460A3D526}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C58C76-A420-4D0B-AE04-1D7460A3D526}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA580395-3F3E-7BFD-EA31-7FC83B2E5B2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79E84041-52E2-433F-AEE2-E51BA8C80543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79E84041-52E2-433F-AEE2-E51BA8C80543}" => Key deleted successfully.
C:\Windows\System32\Tasks\4775 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4775" => Key deleted successfully.
"C:\Windows\system32\vazwex.dll" => File/Directory not found.
"C:\Users\JBrown\AppData\Roaming\zuxths.dll" => File/Directory not found.
"C:\Users\JBrown\AppData\Local\Temp\launchie.vbs" => File/Directory not found.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users