Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log; Cannot boot into safe mode.


  • This topic is locked This topic is locked
24 replies to this topic

#1 ArchmageHisummoner

ArchmageHisummoner

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 23 October 2014 - 03:03 AM

I have been having issues with my computer and have stated what those issues were in the "Am I infected" thread. Currently, I still cannot boot into safe mode, but the pop up ads and google redirects seem to be gone. I have used Combo fix, Mbam, Hitman Pro, TDSS killer, Eset Online Scanner, and Spybot to resolve this issue. Nothing seems to work. Here is the log and please tell me if there is anything else you need.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:59 AM, on 10/23/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Detypynizou] "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Alworks] C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion\Network.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Insoft] regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft\Network.dll"
O4 - HKCU\..\Run: [Detypynizou] "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370811169156
O17 - HKLM\System\CCS\Services\Tcpip\..\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C4082DB-377A-454B-A1A8-50D2B518CDB4}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A62DF197-5835-4EF9-BFA5-14517E67924C}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF79C74F-B990-423A-B62D-9892EA39F35D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS3\Services\Tcpip\..\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS4\Services\Tcpip\..\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11656 bytes
 


Sincerely,

Myron Mason


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 28 October 2014 - 03:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552997 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 28 October 2014 - 04:34 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.71.2
Run by Mason at 17:30:57 on 2014-10-28
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.194 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = <-loopback>;<local>
mSearchAssistant = ${SEARCH_URL_IE7}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - c:\program files\aol toolbar\aoltb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
uRun: [Akamai NetSession Interface] "c:\documents and settings\mason\local settings\application data\akamai\netsession_win.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Alworks] c:\windows\system32\regsvr32.exe "c:\documents and settings\mason\local settings\application data\ewtion\Network.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Insoft] regsvr32.exe "c:\documents and settings\mason\local settings\application data\insoft\Network.dll"
uRun: [Detypynizou] "c:\documents and settings\mason\application data\uquxky\iggyo.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Detypynizou] "c:\documents and settings\mason\application data\uquxky\iggyo.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mason\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\80211g~1.lnk - c:\program files\nonbrand\802.11g wireless lan pci card driver and utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: wizard101central.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370811169156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{8C4082DB-377A-454B-A1A8-50D2B518CDB4} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A62DF197-5835-4EF9-BFA5-14517E67924C} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A62DF197-5835-4EF9-BFA5-14517E67924C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CF79C74F-B990-423A-B62D-9892EA39F35D} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mason\application data\mozilla\firefox\profiles\78rs5e9x.default-1414037439015\
FF - plugin: c:\documents and settings\mason\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-1-11 5341536]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2012-7-10 13532]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2013-6-24 137488]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-10-23 30976]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-8-18 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .ini: UltraEdit.ini="c:\program files\idm computer solutions\ultraedit\Uedit32.exe" "%1"
FileExt: .js: UltraEdit.js="c:\program files\idm computer solutions\ultraedit\Uedit32.exe" "%1"
.
=============== Created Last 30 ================
.
2014-10-28 21:28:55    8901368    ----a-w-    c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b2e99c57-0b2f-48c7-a10c-a275bab3b289}\mpengine.dll
2014-10-25 17:59:02    --------    d-----w-    c:\program files\The Guild 2 - Renaissance
2014-10-23 07:48:34    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-10-23 07:00:47    --------    d-----w-    c:\program files\HitmanPro
2014-10-23 06:59:57    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2014-10-23 04:37:00    --------    d-s---w-    c:\documents and settings\all users\application data\Shared Space
2014-10-23 04:32:43    1060864    ----a-w-    c:\windows\system32\mfc71.dll
2014-10-23 04:32:38    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2014-10-23 04:27:33    --------    d-----w-    c:\documents and settings\mason\local settings\application data\COMODO
2014-10-23 04:26:32    --------    d-----w-    c:\documents and settings\all users\application data\Comodo Downloader
2014-10-23 04:25:18    --------    d-----w-    c:\documents and settings\all users\application data\Comodo
2014-10-22 19:37:07    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-10-22 19:37:07    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-10-22 18:41:22    --------    d-----w-    C:\a6ccbffcc3bb40b68cb564152afaea
2014-10-22 18:27:55    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2014-10-22 18:27:49    --------    d-----w-    c:\documents and settings\mason\application data\Check Point Software Technologies LTD
2014-10-22 18:27:11    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2014-10-22 06:03:01    --------    d-----w-    c:\documents and settings\mason\application data\Uquxky
2014-10-22 03:49:32    --------    d-----w-    C:\Sun
2014-10-22 03:49:31    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-10-22 03:49:03    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-20 15:25:40    --------    d-s---w-    c:\windows\Cookies
2014-10-20 14:51:16    98816    ----a-w-    c:\windows\sed.exe
2014-10-20 14:51:16    256000    ----a-w-    c:\windows\PEV.exe
2014-10-20 14:51:16    208896    ----a-w-    c:\windows\MBR.exe
2014-10-20 03:45:56    --------    d-----w-    c:\program files\ESET
2014-10-20 02:11:52    --------    d-----w-    c:\documents and settings\mason\local settings\application data\Insoft
2014-10-20 02:11:40    --------    d-----w-    c:\documents and settings\mason\local settings\application data\Ewtion
2014-10-20 01:52:53    1828352    ----a-w-    c:\documents and settings\all users\application data\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-20 00:37:40    --------    d-----w-    c:\program files\Paradox Entertainment
2014-10-18 17:51:34    --------    d-----w-    c:\program files\iPod
2014-10-18 17:51:27    --------    d-----w-    c:\documents and settings\all users\application data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-14 18:26:59    74864    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-10-14 18:26:59    48240    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-10-14 18:26:59    3231832    ----a-w-    c:\program files\mozilla firefox\d3dcompiler_46.dll
2014-10-14 18:26:59    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-10-14 18:26:59    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-10-14 18:26:59    115312    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-10-12 07:06:12    --------    d-----w-    c:\program files\Jnes
.
==================== Find3M  ====================
.
2014-10-22 05:13:24    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-02 19:53:02    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-29 20:37:41    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-29 20:37:40    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 01:53:49    320120    ----a-w-    c:\windows\system32\drivers\sptd.sys
2014-08-13 17:25:42    341848    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 17:32:06.04 ===============
 


I forgot to attach the DDs attach.txt

Attached Files


Edited by ArchmageHisummoner, 28 October 2014 - 04:34 PM.

Sincerely,

Myron Mason


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:54 PM

Posted 31 October 2014 - 07:16 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi ArchmageHisummoner,
 
You are infected and that may be the reason why you cannot boot into safe mode.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 31 October 2014 - 10:38 AM

Here are both files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by Mason (administrator) on MASON on 31-10-2014 11:35:54
Running from C:\Documents and Settings\Mason\My Documents\Downloads
Loaded Profile: Mason (Available profiles: Default & Mason & Sierra Mason & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
() C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-02-16] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Alworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion\Network.dll"
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Insoft] => regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft\Network.dll"
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g Wireless LAN PCI Card Utility.lnk
ShortcutTarget: 802.11g Wireless LAN PCI Card Utility.lnk -> C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\Mason\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdelete
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8C4082DB-377A-454B-A1A8-50D2B518CDB4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A62DF197-5835-4EF9-BFA5-14517E67924C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CF79C74F-B990-423A-B62D-9892EA39F35D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\78rs5e9x.default-1414037439015
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Mason\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-10]
FF HKCU\...\Firefox\Extensions: [{cb1bb3bd-8ce0-4d26-98c4-99f6415a6002}] - C:\Program Files\Re-Markable\150.xpi

Chrome:
=======
CHR DefaultSearchKeyword: Default -> v9
CHR DefaultSearchURL: Default -> http://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (VisualBeeCommunity) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg [2013-08-27]
CHR Extension: (TF_DisplayAttributeMgr) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [aaaammcpgdgkfmlhodkheokioaampmeh] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ARS3\CRX\ToolbarCR.crx []
CHR HKLM\...\Chrome\Extension: [ailfefceindchpecjhlnaanmmfgdbhdg] - C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - C:\Documents and Settings\All Users\Application Data\Codecv\fgnippahjheicjenccifemomfgjofdhp.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\Default\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Documents and Settings\Default\Local Settings\Application Data\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2012-06-30]
CHR HKCU\...\Chrome\Extension: [ailfefceindchpecjhlnaanmmfgdbhdg] - C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx [2012-06-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [137488 2012-12-17] (Futuremark Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-21] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2013-11-13] (Meetinghouse Data Communications) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2014-10-23] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306560 2007-02-01] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2002-10-02] (Windows ® 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-09-23] (Duplex Secure Ltd.)
R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
U3 ahmcn9tm; C:\WINDOWS\system32\Drivers\ahmcn9tm.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S0 Inspect; System32\DRIVERS\inspect.sys [X]
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 11:35 - 2014-10-31 11:36 - 00000000 ____D () C:\FRST
2014-10-30 01:57 - 2014-10-30 01:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-25 14:11 - 2014-10-25 14:11 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\The Guild 2 - Renaissance.lnk
2014-10-25 14:11 - 2014-10-25 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Guild 2 - Renaissance
2014-10-25 13:59 - 2014-10-25 14:38 - 00000000 ____D () C:\Program Files\The Guild 2 - Renaissance
2014-10-23 03:48 - 2014-10-23 03:51 - 00030976 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-10-23 03:11 - 2014-10-23 03:44 - 00466356 _____ () C:\WINDOWS\system32\.crusader
2014-10-23 03:00 - 2014-10-23 03:00 - 00001615 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-23 03:00 - 2014-10-23 03:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-10-23 02:59 - 2014-10-23 03:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-10-23 00:37 - 2014-10-23 00:37 - 00000000 ___SD () C:\Documents and Settings\All Users\Application Data\Shared Space
2014-10-23 00:36 - 2014-10-23 02:43 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-10-23 00:34 - 2014-10-23 00:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2014-10-23 00:32 - 2014-10-23 00:32 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2014-10-23 00:32 - 2014-10-23 00:32 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc71.dll
2014-10-23 00:28 - 2014-10-23 00:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2014-10-23 00:27 - 2014-10-23 00:48 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\COMODO
2014-10-23 00:26 - 2014-10-23 00:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-10-23 00:25 - 2014-10-23 00:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-10-22 16:39 - 2014-10-22 16:39 - 00000106 _____ () C:\WINDOWS\wininit.ini
2014-10-22 15:54 - 2014-10-21 22:38 - 00001400 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141022-155416.backup
2014-10-22 15:53 - 2014-10-21 22:38 - 00001400 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20141022-155343.backup
2014-10-22 15:37 - 2014-10-23 04:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-22 15:37 - 2014-10-22 15:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-22 15:37 - 2014-10-22 15:37 - 00000938 _____ () C:\Documents and Settings\Mason\Desktop\Spybot - Search & Destroy.lnk
2014-10-22 15:37 - 2014-10-22 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-10-22 14:43 - 2014-10-22 14:43 - 00131648 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-10-22 14:41 - 2014-10-22 14:42 - 00000000 ____D () C:\a6ccbffcc3bb40b68cb564152afaea
2014-10-22 14:27 - 2014-10-22 14:50 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Check Point Software Technologies LTD
2014-10-22 14:27 - 2014-10-22 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-22 14:27 - 2014-10-22 14:27 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-10-22 02:03 - 2014-10-22 13:28 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Uquxky
2014-10-21 23:50 - 2014-10-21 23:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-21 23:49 - 2014-10-21 23:49 - 00000000 ____D () C:\Sun
2014-10-21 23:49 - 2014-10-21 23:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-21 23:49 - 2014-10-21 23:48 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-21 23:49 - 2014-10-21 23:48 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-21 23:49 - 2014-10-21 23:48 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-21 23:49 - 2014-10-21 23:48 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-21 23:49 - 2014-10-21 23:48 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-21 23:48 - 2014-10-21 23:48 - 00000000 ____D () C:\Program Files\Java
2014-10-21 22:38 - 2014-10-21 22:38 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-10-20 15:34 - 2014-10-20 15:34 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Victoria.lnk
2014-10-20 15:32 - 2014-10-20 15:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Paradox Entertainment
2014-10-20 11:24 - 2014-10-30 01:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-20 11:24 - 2014-10-20 11:24 - 00019840 _____ () C:\ComboFix.txt
2014-10-20 11:24 - 2014-10-20 11:24 - 00000000 ____D () C:\Documents and Settings\Sierra Mason\Local Settings\temp
2014-10-20 11:24 - 2014-10-20 11:24 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-20 11:24 - 2014-10-20 11:24 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Local Settings\temp
2014-10-20 11:11 - 2014-10-31 11:36 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\temp
2014-10-20 10:51 - 2014-10-20 11:24 - 00000000 ____D () C:\Qoobox
2014-10-20 10:51 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-20 10:51 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-20 10:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-20 10:51 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-19 23:45 - 2014-10-19 23:45 - 00000000 ____D () C:\Program Files\ESET
2014-10-19 23:41 - 2014-10-20 01:29 - 00000178 ___SH () C:\Documents and Settings\Administrator.MASON\ntuser.ini
2014-10-19 23:41 - 2014-10-19 23:41 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON
2014-10-19 23:41 - 2014-02-10 21:45 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Application Data\Macromedia
2014-10-19 23:41 - 2012-05-04 12:37 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Local Settings\Application Data\Microsoft Help
2014-10-19 23:41 - 2012-02-02 16:28 - 00001599 _____ () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Remote Assistance.lnk
2014-10-19 23:41 - 2012-02-02 16:28 - 00000792 _____ () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Windows Media Player.lnk
2014-10-19 23:41 - 2012-02-02 16:28 - 00000000 ___RD () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Accessories
2014-10-19 22:11 - 2014-10-23 03:15 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft
2014-10-19 22:11 - 2014-10-23 03:14 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion
2014-10-19 20:37 - 2014-10-19 20:37 - 00000000 ____D () C:\Program Files\Paradox Entertainment
2014-10-19 02:49 - 2014-10-19 02:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101914-01.dmp
2014-10-18 13:52 - 2014-10-18 13:52 - 00001547 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-10-18 13:52 - 2014-10-18 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-10-18 13:51 - 2014-10-18 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-18 13:51 - 2014-10-18 13:51 - 00000000 ____D () C:\Program Files\iPod
2014-10-17 14:29 - 2014-10-17 14:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101714-02.dmp
2014-10-17 04:02 - 2014-10-17 04:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101714-01.dmp
2014-10-12 03:06 - 2014-10-12 03:09 - 00000000 ____D () C:\Program Files\Jnes
2014-10-12 03:06 - 2014-10-12 03:06 - 00000631 _____ () C:\Documents and Settings\Mason\Desktop\Jnes.lnk
2014-10-11 22:25 - 2014-10-26 16:48 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-11 22:25 - 2014-10-11 22:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-11 22:25 - 2014-10-11 22:25 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 11:27 - 2013-11-03 22:03 - 00000000 ____D () C:\Program Files\Steam
2014-10-31 11:27 - 2012-07-10 01:28 - 00007675 _____ () C:\WINDOWS\RTacDbg.txt
2014-10-31 11:22 - 2014-04-06 23:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-31 11:22 - 2014-03-12 12:43 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-31 11:22 - 2013-08-28 16:36 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 11:22 - 2012-08-18 02:33 - 00000278 _____ () C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2014-10-31 11:14 - 2012-02-08 21:53 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-10-31 11:12 - 2012-02-02 16:27 - 02024899 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-31 11:11 - 2012-02-02 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-31 11:11 - 2012-02-02 11:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-31 11:11 - 2012-02-02 11:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-31 03:45 - 2013-08-28 16:36 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 15:09 - 2013-01-09 05:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 15:04 - 2008-04-14 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-30 02:05 - 2013-11-30 16:46 - 00131072 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-10-30 02:05 - 2012-02-09 05:03 - 00000178 ___SH () C:\Documents and Settings\Mason\ntuser.ini
2014-10-30 02:05 - 2012-02-02 16:32 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-30 01:53 - 2012-03-20 23:03 - 00000061 _____ () C:\Documents and Settings\Mason\jagex_cl_runescape_LIVE.dat
2014-10-28 17:49 - 2013-08-28 16:39 - 00001818 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-28 01:17 - 2012-07-14 19:16 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Skype
2014-10-27 20:42 - 2012-02-08 15:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-25 02:52 - 2012-02-02 11:16 - 00000479 ___SH () C:\boot.ini
2014-10-24 20:50 - 2012-07-22 21:02 - 00000000 ____D () C:\Documents and Settings\Mason\.maptool
2014-10-24 01:59 - 2012-02-15 22:52 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\DAEMON Tools Lite
2014-10-23 12:38 - 2012-03-19 19:02 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Azureus
2014-10-23 04:05 - 2012-02-09 05:03 - 00000000 ____D () C:\Documents and Settings\Mason
2014-10-23 04:02 - 2012-08-17 18:18 - 00002447 _____ () C:\Documents and Settings\Mason\Desktop\HiJackThis.lnk
2014-10-23 00:37 - 2012-08-08 19:40 - 00590335 _____ () C:\WINDOWS\setupapi.log
2014-10-22 23:54 - 2014-02-18 01:27 - 00000000 ____D () C:\GOG Games
2014-10-22 23:50 - 2014-02-18 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
2014-10-22 20:48 - 2012-07-31 02:36 - 00000000 ____D () C:\Program Files\MUSHclient
2014-10-22 16:51 - 2012-02-08 21:07 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-22 15:41 - 2013-06-09 16:56 - 00001416 _____ () C:\WINDOWS\spupdsvc.log
2014-10-22 15:40 - 2012-02-09 05:03 - 00052072 _____ () C:\Documents and Settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-22 15:39 - 2012-02-02 11:18 - 00221632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-22 14:43 - 2012-02-08 21:10 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-10-22 14:36 - 2012-02-02 11:19 - 00570314 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-22 13:28 - 2012-02-09 05:09 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Adobe
2014-10-22 13:28 - 2012-02-02 11:09 - 00000000 ____D () C:\WINDOWS\Provisioning
2014-10-22 12:01 - 2012-03-17 21:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-22 01:13 - 2014-07-04 15:49 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 22:38 - 2008-04-14 08:00 - 00001400 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.hitmanpro
2014-10-21 03:25 - 2012-02-02 11:09 - 00000000 ____D () C:\WINDOWS\msagent
2014-10-20 17:37 - 2012-02-02 16:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-20 15:32 - 2012-02-15 22:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-20 11:15 - 2008-04-14 08:00 - 00000285 _____ () C:\WINDOWS\system.ini
2014-10-20 11:14 - 2012-02-02 16:26 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-20 11:13 - 2012-02-02 11:18 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-20 11:13 - 2012-02-02 11:18 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-20 11:13 - 2012-02-02 11:16 - 36438016 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-20 11:13 - 2012-02-02 11:16 - 11010048 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-20 11:13 - 2012-02-02 11:16 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-20 11:12 - 2012-08-25 14:02 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-20 11:12 - 2012-08-18 02:39 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-20 01:30 - 2013-10-09 03:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-10-19 13:15 - 2012-02-08 14:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-10-19 04:21 - 2014-01-25 21:50 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\TeamViewer
2014-10-19 04:16 - 2012-08-17 03:35 - 00000687 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-10-19 04:16 - 2012-07-14 18:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-19 04:16 - 2012-07-14 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-10-19 01:58 - 2012-07-03 02:31 - 00015872 _____ () C:\Documents and Settings\Mason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-18 13:52 - 2012-06-28 16:56 - 00000000 ____D () C:\Program Files\iTunes
2014-10-18 13:51 - 2014-09-16 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-18 13:51 - 2012-02-08 15:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 13:47 - 2012-06-28 16:54 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-10-18 13:39 - 2012-02-08 23:23 - 00000000 ____D () C:\Program Files\Vuze
2014-10-18 13:38 - 2012-07-17 19:12 - 00001510 _____ () C:\Documents and Settings\All Users\Desktop\Vuze.lnk
2014-10-18 13:38 - 2012-02-08 23:24 - 00001510 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
2014-10-17 14:29 - 2012-04-11 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-17 01:05 - 2012-12-24 01:02 - 00000000 ____D () C:\Documents and Settings\Mason\My Documents\My Games
2014-10-17 01:00 - 2013-01-21 23:37 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\InstallShield Installation Information
2014-10-17 00:35 - 2014-09-04 21:52 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\My Games
2014-10-16 21:33 - 2014-08-17 22:08 - 00000000 ____D () C:\Program Files\DOSBox-0.74
2014-10-16 03:25 - 2012-05-03 06:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-16 03:23 - 2013-07-24 12:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 03:00 - 2012-02-08 14:26 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-13 19:58 - 2014-09-16 14:02 - 00000000 ___RD () C:\Program Files\Skype
2014-10-13 19:58 - 2012-07-14 19:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-11 22:25 - 2012-07-12 00:11 - 00000000 ____D () C:\Program Files\Adobe
2014-10-11 22:25 - 2012-07-12 00:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-10-08 15:00 - 2014-03-12 12:43 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-03 01:01 - 2014-06-02 17:00 - 00000771 _____ () C:\Documents and Settings\Mason\Desktop\Shortcut to forge.lnk
2014-10-03 01:01 - 2014-06-02 00:30 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Forge
2014-10-02 15:53 - 2012-02-08 15:06 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Documents and Settings\Mason\jagex_cl_runescape_LIVE.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by Mason at 2014-10-31 11:37:09
Running from C:\Documents and Settings\Mason\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
802.11g Wireless LAN PCI Card Driver and Utility (HKLM\...\{982AEF37-67F9-4C67-BD40-5D14530D6F95}) (Version: 1.3.060120 - Nonbrand)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - )
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - )
Aeria Ignite (Version: 1.13.3296 - ) Hidden
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIM for Windows (HKCU\...\AIM) (Version:  - AOL Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{41525333-0076-A76A-76A7-A758B70C0700}) (Version: 12.7.0.2253 - APN, LLC) <==== ATTENTION
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0210.2338 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.593.100-100210a-095952E-ATI - )
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7971 - DsNET Corp)
Black and White (HKLM\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-preinstall (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Character Builder (HKLM\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Children of the Nile: Enhanced Edition + Alexandria Exp. (HKLM\...\Children of the Nile: Enhanced Edition + Alexandria Exp.) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Download Updater (AOL Inc.) (HKLM\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Emperor: Rise of the Middle Kingdom 1.0.1.0 (HKLM\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FINAL FANTASY XI (HKLM\...\InstallShield_{678F6475-D227-432A-94FF-806178A34520}) (Version: 1.010.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI (Version: 1.010.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Chains of Promathia (HKLM\...\InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}) (Version: 1.27.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Chains of Promathia (Version: 1.27.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Rise of the Zilart (HKLM\...\InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}) (Version: 1.18.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Rise of the Zilart (Version: 1.18.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Treasures of Aht Urhgan (HKLM\...\InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}) (Version: 1.35.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Treasures of Aht Urhgan (Version: 1.35.0 - SQUARE ENIX CO., LTD.) Hidden
FINAL FANTASY XI: Wings of the Goddess (HKLM\...\InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}) (Version: 1.42.0 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XI: Wings of the Goddess (Version: 1.42.0 - SQUARE ENIX CO., LTD.) Hidden
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit)
Game Dev Tycoon 1.4.3 (HKLM\...\Game Dev Tycoon 1.4.31.4.3) (Version: 1.4.3 - Friends in War)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Grand Fantasia (HKLM\...\Grand Fantasia) (Version:  - )
Heir to the Throne (HKLM\...\Heir to the Throne_is1) (Version:  - GamersGate)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
In Nomine 1.0 (HKLM\...\In Nomine_is1) (Version:  - Paradox Interactive)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 4.2.13.16151 - LeapFrog)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 4.2.13.16151 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
Morrowind (HKLM\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
MUSHclient (remove only) (HKLM\...\MUSHclient) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
Patch v4.17b Update (HKLM\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - RUNEFORGE Games Studios)
PlayOnline Viewer & Tetra Master (HKLM\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
PlayOnline Viewer & Tetra Master (Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Ruby 1.9.3-p374 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p374 - RubyInstaller Team)
RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
savenosshaare (HKLM\...\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}) (Version: 4.1.0.1548 - savenshare) <==== ATTENTION
SecondLifeViewer (remove only) (HKLM\...\SecondLifeViewer) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Singularity (remove only) (HKLM\...\Singularity) (Version:  - )
SingularityAlpha (remove only) (HKLM\...\SingularityAlpha) (Version:  - )
SingularityViewer (remove only) (HKLM\...\SingularityViewer) (Version:  - )
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SMCWPCI-G 11g Wireless PCI Adapter Utility (HKLM\...\{F61D995D-3555-484F-970B-CC822880696F}) (Version: 3.00 - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Trek Online (HKLM\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tcl (HKLM\...\{02652C80-4753-4E65-8FFB-7790A33FDA05}) (Version: 8.3.3 - Scriptics.com)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TES Construction Set (HKLM\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
UltraEdit (HKCU\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 19.00.1022 - IDM Computer Solutions, Inc.)
UltraEdit (Version: 19.00.1022 - IDM Computer Solutions, Inc.) Hidden
USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Victoria (HKLM\...\{AE7CB755-7C0B-4D11-8E5D-D6B6C1090A7B}) (Version:  - )
Victoria Revolutions 1.0 (HKLM\...\Victoria Revolutions Patch 060822_is1) (Version:  - Paradox Interactive)
Victoria Revolutions 1.0 (HKLM\...\Victoria Revolutions_is1) (Version:  - Paradox Interactive)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.5 (HKLM\...\{EDF914BD-584C-48CE-8254-324201560529}) (Version: 8.5 - Spigot, Inc.) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0) (HKLM\...\9722CA1E8F72F362E93CBEC75A707FDABFC8D880) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizardry 8 (HKLM\...\GOGPACKWIZARDRY8_is1) (Version: 2.0.0.6 - GOG.com)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Xvid 1.1.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZSoft Uninstaller 2.5 (HKLM\...\ZSoft Uninstaller) (Version: 2.5 - ZSoft Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{020993C2-5B29-41AB-B25D-28230DC2956A}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodCertificate.dll ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{0585BE8A-37E1-4132-B627-E647A8B8A4C3}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{2D0A5AF2-A15F-4A88-8093-61CA9A7B54F5}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodCertificate.dll ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Mason\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{4D9AE59C-8651-4F93-8D07-74E3A4B412F8}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodCertificate.dll ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{86F65A80-59CA-44D3-A6BC-CF7E230D4EB6}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodFtpDLX.dll (WeOnlyDo! Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{90454B05-70C6-49C8-A225-BFC9DBC33F13}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodFtpDLX.dll (WeOnlyDo! Inc.)
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{B7039D87-D648-4431-BA87-C3A04E6111DA}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{CDBE00F4-7AD4-4E6B-9825-58F5E1B5E265}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{E20C85D8-4AF9-43AA-99F5-A742D91E00DF}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{EC0628A7-7670-43C0-BCD0-717C54BF878B}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodCertificate.dll ()
CustomCLSID: HKU\S-1-5-21-602162358-1078081533-1417001333-1005_Classes\CLSID\{FE5B9A96-B1A7-4E8B-9713-115F51088981}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\wodFtpDLX.dll (WeOnlyDo! Inc.)

==================== Restore Points  =========================

20-10-2014 15:15:12 System Checkpoint
20-10-2014 19:32:06 Installed Victoria
20-10-2014 19:35:22 Installed Victoria
21-10-2014 06:29:14 Software Distribution Service 3.0
22-10-2014 03:47:10 Removed Java 7 Update 67
22-10-2014 03:48:29 Installed Java 7 Update 71
22-10-2014 18:41:47 Installed Windows KB954550-v5.
22-10-2014 18:42:05 Printer Driver Microsoft XPS Document Writer Installed
22-10-2014 18:42:43 Printer Driver Microsoft XPS Document Writer Installed
23-10-2014 04:39:06 Removed GeekBuddy.
23-10-2014 07:10:24 Checkpoint by HitmanPro
23-10-2014 07:11:09 Checkpoint by HitmanPro
23-10-2014 07:44:15 Checkpoint by HitmanPro
24-10-2014 18:29:05 Software Distribution Service 3.0
28-10-2014 21:28:49 Software Distribution Service 3.0
29-10-2014 16:42:55 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 08:00 - 2014-10-23 03:11 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job => C:\WINDOWS\vVX1000.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2013-04-25 16:57 - 2012-09-12 15:32 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-11-30 16:43 - 2013-11-30 16:43 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 14:36 - 2009-11-24 14:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-11-30 16:39 - 2007-06-26 13:22 - 00081997 _____ () C:\Program Files\USB TV\EM28XX\BDARemote.exe
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-07-10 01:27 - 2006-01-22 15:51 - 06030336 _____ () C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
2012-07-10 01:27 - 2005-07-20 05:53 - 00966765 _____ () C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\acAuth.dll
2014-10-30 01:57 - 2014-10-30 01:58 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-602162358-1078081533-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.MASON
ASPNET (S-1-5-21-602162358-1078081533-1417001333-1006 - Limited - Enabled)
Default (S-1-5-21-602162358-1078081533-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Default
Guest (S-1-5-21-602162358-1078081533-1417001333-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-602162358-1078081533-1417001333-1000 - Limited - Disabled)
Mason (S-1-5-21-602162358-1078081533-1417001333-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mason
Sierra Mason (S-1-5-21-602162358-1078081533-1417001333-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Sierra Mason
SUPPORT_388945a0 (S-1-5-21-602162358-1078081533-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2014 11:24:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/31/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 00:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2014 00:10:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2014 01:06:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2014 01:06:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2014 02:57:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2014 02:57:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtWLan.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/23/2014 00:36:02 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/23/2014 00:36:02 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (10/23/2014 03:51:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).

Error: (10/23/2014 03:16:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).

Error: (10/23/2014 03:11:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (10/23/2014 03:11:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (10/22/2014 00:26:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\system32\ctfmon.exe.
Reference error message: The operation completed successfully.
.

Error: (10/22/2014 00:26:04 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Access is denied.
1" on line Access is denied.
2.

Error: (10/22/2014 00:06:34 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\system32\ctfmon.exe.
Reference error message: The operation completed successfully.
.

Error: (10/22/2014 00:06:33 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Access is denied.
1" on line Access is denied.
2.

Error: (10/22/2014 11:11:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (10/22/2014 10:47:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\system32\ctfmon.exe.
Reference error message: The operation completed successfully.
.


Microsoft Office Sessions:
=========================
Error: (10/31/2014 11:24:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/31/2014 11:24:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/29/2014 00:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/29/2014 00:10:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/25/2014 01:06:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/25/2014 01:06:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/25/2014 02:57:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/25/2014 02:57:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RtWLan.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/23/2014 00:36:02 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/23/2014 00:36:02 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Processor: AMD Sempron™ Processor 3400+
Percentage of memory in use: 78%
Total physical RAM: 958.48 MB
Available physical RAM: 209.89 MB
Total Pagefile: 2373.82 MB
Available Pagefile: 1689.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.54 MB

==================== Drives ================================

Drive c: (Mason) (Fixed) (Total:149.04 GB) (Free:43.42 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Sincerely,

Myron Mason


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:54 PM

Posted 31 October 2014 - 11:31 AM

Hi ArchmageHisummoner,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
AOL Toolbar
Ask Toolbar
Download Updater (AOL Inc.)
savenosshaare
Vuze Remote Toolbar v8.5
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
C:\Documents and Settings\Mason\Application Data\Uquxky
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Alworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion\Network.dll"
C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Insoft] => regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft\Network.dll"
C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
C:\Documents and Settings\Mason\Application Data\Uquxky
AlternateShell:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


Edited by xXToffeeXx, 31 October 2014 - 11:31 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 01 November 2014 - 03:32 PM

I shall continue with the cleaning process as I do not wish to reformat the entire computer. I have the OS cd, but I do not wish to lose all of my vital documents as I have no flash drive or cd to put them on. Besides, I am confident that my computer will be cleaned successfully and I will make sure that any important information is checked and secured.

 

I have used Revo uninstaller (which is similar to Zsoft uninstaller) and to remove the files you have listed. I have also created the fixlist.txt document and used FRST to run the fix. Here is the log from that fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-11-2014
Ran by Mason at 2014-11-01 16:25:20 Run:1
Running from C:\Documents and Settings\Mason\My Documents\Downloads
Loaded Profile: Mason (Available profiles: Default & Mason & Sierra Mason & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
C:\Documents and Settings\Mason\Application Data\Uquxky
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Alworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion\Network.dll"
C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Insoft] => regsvr32.exe "C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft\Network.dll"
C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Detypynizou] => "C:\Documents and Settings\Mason\Application Data\Uquxky\iggyo.exe"
C:\Documents and Settings\Mason\Application Data\Uquxky
AlternateShell:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Detypynizou => value deleted successfully.
C:\Documents and Settings\Mason\Application Data\Uquxky => Moved successfully.
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Alworks => value deleted successfully.
C:\Documents and Settings\Mason\Local Settings\Application Data\Ewtion => Moved successfully.
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Insoft => value deleted successfully.
C:\Documents and Settings\Mason\Local Settings\Application Data\Insoft => Moved successfully.
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Detypynizou => value deleted successfully.
"C:\Documents and Settings\Mason\Application Data\Uquxky" => File/Directory not found.
hklm\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\BrowserMngrDefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}" => Key deleted successfully.
"HKCR\CLSID\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
IntelIde => Service deleted successfully.
TlntSvr => Service deleted successfully.

==== End of Fixlog ====


Sincerely,

Myron Mason


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:54 PM

Posted 01 November 2014 - 04:11 PM

Hi ArchmageHisummoner,

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 02 November 2014 - 01:29 AM

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Mason (administrator) on MASON on 02-11-2014 01:25:05
Running from C:\Documents and Settings\Mason\My Documents\Downloads
Loaded Profile: Mason (Available profiles: Default & Mason & Sierra Mason & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [298616 2013-02-16] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Mason\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-602162358-1078081533-1417001333-1005\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g Wireless LAN PCI Card Utility.lnk
ShortcutTarget: 802.11g Wireless LAN PCI Card Utility.lnk -> C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWLan.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\Mason\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{54CF12C7-0E1B-4EBE-AF20-0C81A114A8A9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8C4082DB-377A-454B-A1A8-50D2B518CDB4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A62DF197-5835-4EF9-BFA5-14517E67924C}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CF79C74F-B990-423A-B62D-9892EA39F35D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\78rs5e9x.default-1414037439015
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Mason\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-10]
FF HKCU\...\Firefox\Extensions: [{cb1bb3bd-8ce0-4d26-98c4-99f6415a6002}] - C:\Program Files\Re-Markable\150.xpi

Chrome:
=======
CHR DefaultSearchKeyword: Default -> v9
CHR DefaultSearchURL: Default -> http://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (VisualBeeCommunity) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg [2013-08-27]
CHR Extension: (TF_DisplayAttributeMgr) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [aaaammcpgdgkfmlhodkheokioaampmeh] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\ARS3\CRX\ToolbarCR.crx []
CHR HKLM\...\Chrome\Extension: [ailfefceindchpecjhlnaanmmfgdbhdg] - C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - C:\Documents and Settings\All Users\Application Data\Codecv\fgnippahjheicjenccifemomfgjofdhp.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\Default\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-06-30]
CHR HKLM\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Documents and Settings\Default\Local Settings\Application Data\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2012-06-30]
CHR HKCU\...\Chrome\Extension: [ailfefceindchpecjhlnaanmmfgdbhdg] - C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx [2012-06-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-10] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [137488 2012-12-17] (Futuremark Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-21] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2013-11-13] (Meetinghouse Data Communications) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2014-10-23] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306560 2007-02-01] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2002-10-02] (Windows ® 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-09-23] (Duplex Secure Ltd.)
R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
U3 a7baff2j; C:\WINDOWS\system32\Drivers\a7baff2j.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S0 Inspect; System32\DRIVERS\inspect.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 15:05 - 2014-11-01 15:05 - 00000922 _____ () C:\Documents and Settings\Mason\Desktop\Revo Uninstaller.lnk
2014-11-01 15:05 - 2014-11-01 15:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-31 10:35 - 2014-11-02 01:25 - 00000000 ____D () C:\FRST
2014-10-30 00:57 - 2014-10-30 00:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-25 13:11 - 2014-10-25 13:11 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\The Guild 2 - Renaissance.lnk
2014-10-25 13:11 - 2014-10-25 13:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Guild 2 - Renaissance
2014-10-25 12:59 - 2014-11-01 00:45 - 00000000 ____D () C:\Program Files\The Guild 2 - Renaissance
2014-10-23 02:48 - 2014-10-23 02:51 - 00030976 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-10-23 02:11 - 2014-10-23 02:44 - 00466356 _____ () C:\WINDOWS\system32\.crusader
2014-10-23 02:00 - 2014-10-23 02:00 - 00001615 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-10-23 02:00 - 2014-10-23 02:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-23 02:00 - 2014-10-23 02:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-10-23 01:59 - 2014-10-23 02:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-10-22 23:37 - 2014-10-22 23:37 - 00000000 ___SD () C:\Documents and Settings\All Users\Application Data\Shared Space
2014-10-22 23:36 - 2014-10-23 01:43 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-10-22 23:34 - 2014-10-22 23:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2014-10-22 23:32 - 2014-10-22 23:32 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdiplus.dll
2014-10-22 23:32 - 2014-10-22 23:32 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc71.dll
2014-10-22 23:28 - 2014-10-22 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2014-10-22 23:27 - 2014-10-22 23:48 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\COMODO
2014-10-22 23:26 - 2014-10-22 23:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-10-22 23:25 - 2014-10-22 23:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-10-22 15:39 - 2014-10-22 15:39 - 00000106 _____ () C:\WINDOWS\wininit.ini
2014-10-22 14:54 - 2014-10-21 21:38 - 00001400 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141022-155416.backup
2014-10-22 14:53 - 2014-10-21 21:38 - 00001400 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20141022-155343.backup
2014-10-22 14:37 - 2014-10-23 03:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-22 14:37 - 2014-10-22 14:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-22 14:37 - 2014-10-22 14:37 - 00000938 _____ () C:\Documents and Settings\Mason\Desktop\Spybot - Search & Destroy.lnk
2014-10-22 14:37 - 2014-10-22 14:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-10-22 13:43 - 2014-10-22 13:43 - 00131648 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-10-22 13:41 - 2014-10-22 13:42 - 00000000 ____D () C:\a6ccbffcc3bb40b68cb564152afaea
2014-10-22 13:27 - 2014-10-22 13:50 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Check Point Software Technologies LTD
2014-10-22 13:27 - 2014-10-22 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-22 13:27 - 2014-10-22 13:27 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-10-21 22:50 - 2014-10-21 22:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-21 22:49 - 2014-10-21 22:49 - 00000000 ____D () C:\Sun
2014-10-21 22:49 - 2014-10-21 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-21 22:49 - 2014-10-21 22:48 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-21 22:49 - 2014-10-21 22:48 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-21 22:49 - 2014-10-21 22:48 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-21 22:49 - 2014-10-21 22:48 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-21 22:49 - 2014-10-21 22:48 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-21 22:48 - 2014-10-21 22:48 - 00000000 ____D () C:\Program Files\Java
2014-10-21 21:38 - 2014-10-21 21:38 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-10-20 14:34 - 2014-10-20 14:34 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Victoria.lnk
2014-10-20 14:32 - 2014-10-20 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Paradox Entertainment
2014-10-20 10:24 - 2014-11-02 00:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-20 10:24 - 2014-10-20 10:24 - 00019840 _____ () C:\ComboFix.txt
2014-10-20 10:24 - 2014-10-20 10:24 - 00000000 ____D () C:\Documents and Settings\Sierra Mason\Local Settings\temp
2014-10-20 10:24 - 2014-10-20 10:24 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-20 10:24 - 2014-10-20 10:24 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Local Settings\temp
2014-10-20 10:11 - 2014-11-02 01:25 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\temp
2014-10-20 09:51 - 2014-10-20 10:24 - 00000000 ____D () C:\Qoobox
2014-10-20 09:51 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-20 09:51 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-20 09:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-20 09:51 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-19 22:45 - 2014-10-19 22:45 - 00000000 ____D () C:\Program Files\ESET
2014-10-19 22:41 - 2014-10-20 00:29 - 00000178 ___SH () C:\Documents and Settings\Administrator.MASON\ntuser.ini
2014-10-19 22:41 - 2014-10-19 22:41 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON
2014-10-19 22:41 - 2014-02-10 20:45 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Application Data\Macromedia
2014-10-19 22:41 - 2012-05-04 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator.MASON\Local Settings\Application Data\Microsoft Help
2014-10-19 22:41 - 2012-02-02 15:28 - 00001599 _____ () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Remote Assistance.lnk
2014-10-19 22:41 - 2012-02-02 15:28 - 00000792 _____ () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Windows Media Player.lnk
2014-10-19 22:41 - 2012-02-02 15:28 - 00000000 ___RD () C:\Documents and Settings\Administrator.MASON\Start Menu\Programs\Accessories
2014-10-19 19:37 - 2014-10-19 19:37 - 00000000 ____D () C:\Program Files\Paradox Entertainment
2014-10-19 01:49 - 2014-10-19 01:49 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101914-01.dmp
2014-10-18 12:52 - 2014-10-18 12:52 - 00001547 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-10-18 12:52 - 2014-10-18 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-10-18 12:51 - 2014-10-18 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-18 12:51 - 2014-10-18 12:51 - 00000000 ____D () C:\Program Files\iPod
2014-10-17 13:29 - 2014-10-17 13:29 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101714-02.dmp
2014-10-17 03:02 - 2014-10-17 03:02 - 00094208 _____ () C:\WINDOWS\Minidump\Mini101714-01.dmp
2014-10-12 02:06 - 2014-10-12 02:09 - 00000000 ____D () C:\Program Files\Jnes
2014-10-12 02:06 - 2014-10-12 02:06 - 00000631 _____ () C:\Documents and Settings\Mason\Desktop\Jnes.lnk
2014-10-11 21:25 - 2014-10-26 15:48 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-11 21:25 - 2014-10-11 21:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-11 21:25 - 2014-10-11 21:25 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 01:22 - 2014-04-06 22:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-02 01:15 - 2012-07-14 18:16 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Skype
2014-11-02 00:45 - 2013-08-28 15:36 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 14:36 - 2013-11-03 21:03 - 00000000 ____D () C:\Program Files\Steam
2014-11-01 14:36 - 2013-08-28 15:36 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 14:36 - 2012-08-18 01:33 - 00000278 _____ () C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2014-11-01 14:36 - 2012-07-10 00:28 - 00031273 _____ () C:\WINDOWS\RTacDbg.txt
2014-11-01 14:35 - 2014-03-12 11:43 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-01 12:02 - 2012-02-02 15:27 - 02070593 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-01 12:01 - 2012-02-08 20:53 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-11-01 11:58 - 2012-02-02 15:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 11:58 - 2012-02-02 10:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-01 11:58 - 2012-02-02 10:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-01 11:58 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-01 02:53 - 2013-11-30 15:46 - 00196608 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-11-01 02:53 - 2012-02-09 04:03 - 00000178 ___SH () C:\Documents and Settings\Mason\ntuser.ini
2014-11-01 02:53 - 2012-02-02 15:32 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-31 10:11 - 2013-01-09 04:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 00:53 - 2012-03-20 22:03 - 00000061 _____ () C:\Documents and Settings\Mason\jagex_cl_runescape_LIVE.dat
2014-10-28 16:49 - 2013-08-28 15:39 - 00001818 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-10-28 05:35 - 2012-02-08 14:06 - 00229000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-27 19:42 - 2012-02-08 14:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-25 01:52 - 2012-02-02 10:16 - 00000479 ___SH () C:\boot.ini
2014-10-24 19:50 - 2012-07-22 20:02 - 00000000 ____D () C:\Documents and Settings\Mason\.maptool
2014-10-24 00:59 - 2012-02-15 21:52 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\DAEMON Tools Lite
2014-10-23 11:38 - 2012-03-19 18:02 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Azureus
2014-10-23 03:05 - 2012-02-09 04:03 - 00000000 ____D () C:\Documents and Settings\Mason
2014-10-23 03:02 - 2012-08-17 17:18 - 00002447 _____ () C:\Documents and Settings\Mason\Desktop\HiJackThis.lnk
2014-10-22 23:37 - 2012-08-08 18:40 - 00590335 _____ () C:\WINDOWS\setupapi.log
2014-10-22 22:54 - 2014-02-18 00:27 - 00000000 ____D () C:\GOG Games
2014-10-22 22:50 - 2014-02-18 18:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\GOG.com
2014-10-22 19:48 - 2012-07-31 01:36 - 00000000 ____D () C:\Program Files\MUSHclient
2014-10-22 15:51 - 2012-02-08 20:07 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-22 14:41 - 2013-06-09 15:56 - 00001416 _____ () C:\WINDOWS\spupdsvc.log
2014-10-22 14:40 - 2012-02-09 04:03 - 00052072 _____ () C:\Documents and Settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-22 14:39 - 2012-02-02 10:18 - 00221632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-22 13:43 - 2012-02-08 20:10 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-10-22 13:36 - 2012-02-02 10:19 - 00570314 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-22 12:28 - 2012-02-09 04:09 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Adobe
2014-10-22 12:28 - 2012-02-02 10:09 - 00000000 ____D () C:\WINDOWS\Provisioning
2014-10-22 11:01 - 2012-03-17 20:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-22 00:13 - 2014-07-04 14:49 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 21:38 - 2008-04-14 07:00 - 00001400 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.hitmanpro
2014-10-21 02:25 - 2012-02-02 10:09 - 00000000 ____D () C:\WINDOWS\msagent
2014-10-20 16:37 - 2012-02-02 15:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-20 14:32 - 2012-02-15 21:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-20 10:15 - 2008-04-14 07:00 - 00000285 _____ () C:\WINDOWS\system.ini
2014-10-20 10:14 - 2012-02-02 15:26 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-20 10:13 - 2012-02-02 10:18 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-20 10:13 - 2012-02-02 10:18 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-20 10:13 - 2012-02-02 10:16 - 36438016 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-20 10:13 - 2012-02-02 10:16 - 11010048 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-20 10:13 - 2012-02-02 10:16 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-20 10:12 - 2012-08-25 13:02 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-20 10:12 - 2012-08-18 01:39 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-20 00:30 - 2013-10-09 02:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-10-19 12:15 - 2012-02-08 13:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-10-19 03:21 - 2014-01-25 20:50 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\TeamViewer
2014-10-19 03:16 - 2012-08-17 02:35 - 00000687 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-10-19 03:16 - 2012-07-14 17:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-19 03:16 - 2012-07-14 17:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-10-19 00:58 - 2012-07-03 01:31 - 00015872 _____ () C:\Documents and Settings\Mason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-18 12:52 - 2012-06-28 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-10-18 12:51 - 2014-09-16 02:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-18 12:51 - 2012-02-08 14:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 12:47 - 2012-06-28 15:54 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-10-18 12:39 - 2012-02-08 22:23 - 00000000 ____D () C:\Program Files\Vuze
2014-10-18 12:38 - 2012-07-17 18:12 - 00001510 _____ () C:\Documents and Settings\All Users\Desktop\Vuze.lnk
2014-10-18 12:38 - 2012-02-08 22:24 - 00001510 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
2014-10-17 13:29 - 2012-04-11 12:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-17 00:05 - 2012-12-24 00:02 - 00000000 ____D () C:\Documents and Settings\Mason\My Documents\My Games
2014-10-17 00:00 - 2013-01-21 22:37 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\InstallShield Installation Information
2014-10-16 23:35 - 2014-09-04 20:52 - 00000000 ____D () C:\Documents and Settings\Mason\Local Settings\Application Data\My Games
2014-10-16 20:33 - 2014-08-17 21:08 - 00000000 ____D () C:\Program Files\DOSBox-0.74
2014-10-16 02:25 - 2012-05-03 05:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-16 02:23 - 2013-07-24 11:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 02:00 - 2012-02-08 13:26 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-13 18:58 - 2014-09-16 13:02 - 00000000 ___RD () C:\Program Files\Skype
2014-10-13 18:58 - 2012-07-14 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-10-11 21:25 - 2012-07-11 23:11 - 00000000 ____D () C:\Program Files\Adobe
2014-10-11 21:25 - 2012-07-11 23:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-10-08 14:00 - 2014-03-12 11:43 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-03 00:01 - 2014-06-02 16:00 - 00000771 _____ () C:\Documents and Settings\Mason\Desktop\Shortcut to forge.lnk
2014-10-03 00:01 - 2014-06-01 23:30 - 00000000 ____D () C:\Documents and Settings\Mason\Application Data\Forge

Files to move or delete:
====================
C:\Documents and Settings\Mason\jagex_cl_runescape_LIVE.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


Sincerely,

Myron Mason


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:54 PM

Posted 02 November 2014 - 09:10 AM

Hi ArchmageHisummoner,
 
Are you able to boot into safe mode now?
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 02 November 2014 - 01:53 PM

I still cannot boot into safe mode, but I do have the report from Adwcleaner:

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 13:47:30
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mason - MASON
# Running from : C:\Documents and Settings\Mason\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx
File Found : C:\Program Files\Mozilla Firefox\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Codecv
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\SkypEmoticons
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
Folder Found : C:\Documents and Settings\Mason\Local Settings\Application Data\emaze
Folder Found : C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
Folder Found : C:\Documents and Settings\Mason\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\Mason\Local Settings\Application Data\visi_coupon
Folder Found : C:\Program Files\Bench

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\usyndication.com
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Bench
Key Found : HKLM\SOFTWARE\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2442944
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3032526
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SkypEmoticons_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\visualbee
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{cb1bb3bd-8ce0-4d26-98c4-99f6415a6002}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\78rs5e9x.default-1414037439015\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}
Found [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}

[ File : C:\Documents and Settings\Sierra Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [6709 octets] - [02/11/2014 13:47:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6769 octets] ##########
 


Sincerely,

Myron Mason


#12 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 02 November 2014 - 02:00 PM

Sorry, here is the log after I cleaned it:

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 13:53:25
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mason - MASON
# Running from : C:\Documents and Settings\Mason\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Codecv
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SkypEmoticons
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files\Bench
Folder Deleted : C:\Documents and Settings\Mason\Local Settings\Application Data\emaze
Folder Deleted : C:\Documents and Settings\Mason\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Mason\Local Settings\Application Data\visi_coupon
[!] Folder Deleted : C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
File Deleted : C:\Documents and Settings\Mason\Local Settings\Application Data\CRE\ailfefceindchpecjhlnaanmmfgdbhdg.crx
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{cb1bb3bd-8ce0-4d26-98c4-99f6415a6002}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ailfefceindchpecjhlnaanmmfgdbhdg
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2442944
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3032526
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe]
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SkypEmoticons_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\78rs5e9x.default-1414037439015\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Documents and Settings\Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1403219891&from=amt&uid=SAMSUNGXSP1604N_S013J10Y930446&i=psd&t=344625d06&q={searchTerms}

[ File : C:\Documents and Settings\Sierra Mason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [6849 octets] - [02/11/2014 13:47:30]
AdwCleaner[S0].txt - [6914 octets] - [02/11/2014 13:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6974 octets] ##########
 


Sincerely,

Myron Mason


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:54 PM

Posted 02 November 2014 - 02:48 PM

Hi ArchmageHisummoner,
 
Download Windows Repair (All in One) from this site
 
Install the program then run it.
 
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

 
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.
 
1406373241-3-o.png
 
 
Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.
 
1406373250-4-o.png
 
 
Go to Step 5 and under"System Restore" click on Create button.
 
1406373259-5-o.png
 
 
Go to Start Repairs tab and click the Start button.
 
1406373267-start1-o.png
 
 
Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
 
Click on Start Repairs button.
 
1406373275-start2-o.png
 
 
After the repair finished, you may be prompted to restart the computer. Please allow it to do so.
 
Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Are you able to boot into safe mode after this step?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 03 November 2014 - 05:02 PM

The windows repair programs succeeded in restoring the safe mode boot! I can now enter safe mode and the computer is still running fine. Thank you for the assistance Toffee!


Sincerely,

Myron Mason


#15 ArchmageHisummoner

ArchmageHisummoner
  • Topic Starter

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore
  • Local time:03:54 PM

Posted 03 November 2014 - 05:37 PM

Here is the Repair log:

 

Tweaking.com - Windows Repair v2.10.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: MASON
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Mason
Current Profile SID: S-1-5-21-602162358-1078081533-1417001333-1005
Current Profile Classes: S-1-5-21-602162358-1078081533-1417001333-1005_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Mason\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:42:39

Process Count: 50
Commit Total: 423.78 MB
Commit Limit: 2.35 GB
Commit Peak: 632.61 MB
Handle Count: 11833
Kernel Total: 55.23 MB
Kernel Paged: 42.51 MB
Kernel Non Paged: 12.72 MB
System Cache: 436.55 MB
Thread Count: 549
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 958.48 MB
Memory Used: 468.66 MB(48.8964%)
Memory Avail.: 489.82 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 958.48 MB
Memory Used: 313.52 MB(32.7095%)
Memory Avail.: 644.97 MB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (11/3/2014 2:41:31 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 170
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/3/2014 2:41:37 PM)
   Running Repair Under Current User Account
   Done (11/3/2014 2:41:49 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/3/2014 2:41:49 PM)
   Running Repair Under System Account
   Done (11/3/2014 2:44:48 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/3/2014 2:44:48 PM)
   Running Repair Under System Account
   Done (11/3/2014 2:46:24 PM)

03 - Reset Service Permissions
   Start (11/3/2014 2:46:24 PM)
   Running Repair Under System Account
   Done (11/3/2014 2:46:56 PM)

04 - Register System Files
   Start (11/3/2014 2:46:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:48:51 PM)

05 - Repair WMI
   Start (11/3/2014 2:48:51 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting 3rd Party Firewall Info...
   No 3rd Party Firewall Products Reported.

   Running Repair Under Current User Account
   Done (11/3/2014 2:54:15 PM)

06 - Repair Windows Firewall
   Start (11/3/2014 2:54:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:54:28 PM)

07 - Repair Internet Explorer
   Start (11/3/2014 2:54:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:56:19 PM)

08 - Repair MDAC/MS Jet
   Start (11/3/2014 2:56:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:56:32 PM)

09 - Repair Hosts File
   Start (11/3/2014 2:56:32 PM)
   Running Repair Under System Account
   Done (11/3/2014 2:56:33 PM)

10 - Remove Policies Set By Infections
   Start (11/3/2014 2:56:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:56:35 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (11/3/2014 2:56:35 PM)
   Running Repair Under System Account
   Done (11/3/2014 2:56:37 PM)

12 - Repair Icons
   Start (11/3/2014 2:56:37 PM)
   Running Repair Under Current User Account
   Done (11/3/2014 2:56:38 PM)

13 - Repair Winsock & DNS Cache
   Start (11/3/2014 2:56:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:56:52 PM)

15 - Repair Proxy Settings
   Start (11/3/2014 2:56:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:56:54 PM)

17 - Repair Windows Updates
   Start (11/3/2014 2:56:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (11/3/2014 2:57:34 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (11/3/2014 2:57:34 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (11/3/2014 2:57:34 PM)

19 - Repair Volume Shadow Copy Service
   Start (11/3/2014 2:57:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:15 PM)

21 - Repair MSI (Windows Installer)
   Start (11/3/2014 2:58:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:23 PM)

23.01 - Repair bat Association
   Start (11/3/2014 2:58:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:26 PM)

23.02 - Repair cmd Association
   Start (11/3/2014 2:58:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:28 PM)

23.03 - Repair com Association
   Start (11/3/2014 2:58:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:30 PM)

23.04 - Repair Directory Association
   Start (11/3/2014 2:58:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:32 PM)

23.05 - Repair Drive Association
   Start (11/3/2014 2:58:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:34 PM)

23.06 - Repair exe Association
   Start (11/3/2014 2:58:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:36 PM)

23.07 - Repair Folder Association
   Start (11/3/2014 2:58:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:38 PM)

23.08 - Repair inf Association
   Start (11/3/2014 2:58:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:40 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (11/3/2014 2:58:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:42 PM)

23.10 - Repair msc Association
   Start (11/3/2014 2:58:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:45 PM)

23.11 - Repair reg Association
   Start (11/3/2014 2:58:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:47 PM)

23.12 - Repair scr Association
   Start (11/3/2014 2:58:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:49 PM)

24 - Repair Windows Safe Mode
   Start (11/3/2014 2:58:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:58:51 PM)

25 - Repair Print Spooler
   Start (11/3/2014 2:58:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:59:04 PM)

26 - Restore Important Windows Services
   Start (11/3/2014 2:59:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:59:15 PM)

27 - Set Windows Services To Default Startup
   Start (11/3/2014 2:59:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:59:27 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

31 - Repair Windows 'New' Submenu
   Start (11/3/2014 2:59:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/3/2014 2:59:29 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11/3/2014 2:59:29 PM)
   Total Repair Time: 00:17:59


...YOU MUST RESTART YOUR SYSTEM...
 


Sincerely,

Myron Mason





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users