Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have both iexplorer.exe and dllhost on my pc !!!


  • This topic is locked This topic is locked
25 replies to this topic

#1 sirockabye

sirockabye

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 28 November 2014 - 04:14 PM

Hi my name is Valentino,

I just want to thank you in adavance for any help you can give me. I have two problems, iexplorer.exe and dllhost, they are slowing my computer way down.I have tried to used reg cure and malware bytes to remove but they seem to come back? Please help

 here are my logs and I attached the attach file. thanks again.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by val at 13:00:44 on 2014-11-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1984.163 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\val\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files (x86)\Common Files\AOL\1376331060\ee\aolsoftware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\splwow64.exe
svchost.exe
svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AOL Toolbar Loader: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
uRun: [Google+ Auto Backup] "C:\Users\val\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLSoftware.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [PDF Seven] C:\Program Files\PDFSeven\PDF.exe
StartupFolder: C:\Users\val\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AOLDES~1.LNK - C:\Program Files (x86)\Common Files\AOL\Launch\aollaunch.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAutoTwo/commonActiveX/smsx.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EE920706-272F-4AA1-B49F-05DA578DD544} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Search App by Ask: {4F524A2D-5350-4500-76A7-7A786E7484D7} -
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-4 59392]
.
=============== Created Last 30 ================
.
2014-11-28 20:31:36 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CD298AB-CDD3-454D-99C2-78C506D2879E}\mpengine.dll
2014-11-19 18:52:03 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 18:52:03 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 18:52:02 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-19 18:52:02 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 18:35:19 -------- d-----w- C:\Users\val\AppData\Local\AskPartnerNetwork
2014-11-19 18:34:56 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2014-11-19 18:34:56 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2014-11-19 18:30:35 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-19 18:15:23 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-19 17:54:54 -------- d-s---w- C:\ComboFix
2014-11-14 18:06:03 -------- d-----w- C:\Users\val\AppData\Roaming\ParetoLogic
2014-11-14 18:04:51 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-11-14 18:04:45 -------- d-----w- C:\ProgramData\ParetoLogic
2014-11-14 18:04:45 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-11-12 16:57:27 -------- d-sh--w- C:\Users\val\AppData\Local\EmieBrowserModeList
2014-11-11 22:35:01 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-11 22:35:00 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-11 22:35:00 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-11 22:35:00 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-11 22:34:59 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-11 22:34:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-11 22:34:58 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-11 22:34:58 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-11 22:34:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-11 22:31:56 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-11 22:31:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-11 22:31:54 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-11 22:31:54 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-11 22:31:53 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-11-11 22:31:53 378880 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-11-11 22:31:53 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-11 22:31:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-11 22:31:51 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-11-11 22:31:50 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-11 22:29:05 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-11 22:29:04 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-11-11 22:29:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 22:29:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-11 22:27:58 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-11 22:27:56 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-11 22:27:29 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 22:27:29 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-11 22:27:28 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-11 22:27:27 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-11 22:27:27 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-11 22:27:27 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-11 22:27:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-11 22:27:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-11-11 22:26:22 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-11-11 22:26:20 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-11-11 22:26:20 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-11-11 22:26:20 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-11-11 22:26:17 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-11-11 22:26:17 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-11-11 22:26:16 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-11-11 22:26:13 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-11 22:26:13 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-11-11 22:26:13 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-11-11 22:26:12 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-11-11 22:26:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-11-11 22:24:31 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-11 22:24:31 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-11 22:24:28 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-11 22:24:22 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-11 22:24:21 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-11 22:22:30 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 22:22:30 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-05 01:24:52 0 ----a-w- C:\Windows\System32\exqsqd.dll
2014-11-05 01:24:41 71168 ----a-w- C:\Windows\System32\bxvlef.dll
.
==================== Find3M  ====================
.
2014-11-26 21:12:23 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 21:12:23 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-19 17:35:07 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 22:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-16 16:27:00 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-10-02 21:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-28 05:51:16 369168 ----a-w- C:\Windows\System32\wpcap.dll
2014-09-28 05:51:16 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2014-09-28 05:51:16 106000 ----a-w- C:\Windows\System32\packet.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 13:04:09.88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 29 November 2014 - 10:22 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 29 November 2014 - 06:41 PM

ok here is frst and addition txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by val (administrator) on VAL-PC on 29-11-2014 11:18:45
Running from C:\Users\val\Downloads
Loaded Profiles: val & UpdatusUser (Available profiles: val & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(ParetoLogic, Inc.) C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
(Google Inc.) C:\Users\val\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\1376331060\ee\aolsoftware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLDesktop.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Windows\ERUNT.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [PDF Seven] => C:\Program Files\PDFSeven\PDF.exe [489472 2009-12-10] (PDFLogic Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...\Run: [Google+ Auto Backup] => C:\Users\val\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-10] (NETGEAR Inc.)
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found
AppInit_DLLs:  c:\progra~2\linkey\ieexte~1\iedll64.dll => c:\progra~2\linkey\ieexte~1\iedll64.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
ShortcutTarget: AOL Desktop.lnk -> C:\Program Files (x86)\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM-x32 - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
URLSearchHook: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=310&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=310&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> DefaultScope {9647C1E4-2505-4951-A8FB-559667C99507} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {549D0F98-EE42-4149-936E-4287727E7FDC} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.18.0.82&apn_uid=4A1DB136-4B63-41C3-81E8-0EA8C611EE05&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17420&doi=2014-11-19&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {9647C1E4-2505-4951-A8FB-559667C99507} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
SearchScopes: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> {A7963CCF-4A41-4F90-A4FF-9F7FFEB23154} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Loader -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farmersinsurance.com/PLA/eAgent/eAutoTwo/commonActiveX/smsx.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1382782913-3747055031-3309349280-1001: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-b155910bba974e13\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1382782913-3747055031-3309349280-1001: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-b155910bba974e13\\NPRobloxProxy64.dll ( ROBLOX Corporation)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (InternetHelper3.1) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-09-23]
CHR Extension: (Google Wallet) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\val\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-09-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
S2 PDFSevenPrinting; C:\Program Files\PDFSeven\PDFSevenPrinting.exe [513536 2009-07-06] (PDFLogic Corporation) [File not signed]
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-09-27] (CACE Technologies, Inc.)
R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 mwompxgv; System32\drivers\ejxgwmdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 11:18 - 2014-11-29 11:23 - 00017252 _____ () C:\Users\val\Downloads\FRST.txt
2014-11-29 11:18 - 2014-11-29 11:19 - 00000000 ____D () C:\FRST
2014-11-29 11:18 - 2014-11-29 11:18 - 02117632 _____ (Farbar) C:\Users\val\Downloads\FRST64.exe
2014-11-28 13:04 - 2014-11-28 13:06 - 00005348 _____ () C:\Users\val\Desktop\attach.txt
2014-11-28 13:04 - 2014-11-28 13:05 - 00016197 _____ () C:\Users\val\Desktop\dds.txt
2014-11-28 12:58 - 2014-11-28 12:58 - 00688992 ____R (Swearware) C:\Users\val\Desktop\dds.com
2014-11-28 12:01 - 2014-11-28 12:01 - 00010334 _____ () C:\Users\val\Downloads\hijackthis.log
2014-11-28 12:00 - 2014-11-28 12:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\val\Downloads\HijackThis.exe
2014-11-28 12:00 - 2014-11-28 12:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\val\Downloads\HijackThis (1).exe
2014-11-28 11:44 - 2014-11-28 11:44 - 00285896 _____ () C:\Windows\Minidump\112814-32573-01.dmp
2014-11-26 11:52 - 2014-11-26 11:52 - 00000000 _____ () C:\Windows\SysWOW64\SBRC.dat
2014-11-23 06:18 - 2014-11-23 06:18 - 00117248 _____ () C:\Users\val\Desktop\Prezi.exe
2014-11-22 21:20 - 2014-11-22 21:23 - 00000000 ____D () C:\Users\val\Desktop\soaring-in-the-54716e14
2014-11-22 21:18 - 2014-11-22 21:19 - 61079094 _____ () C:\Users\val\Downloads\soaring-in-the-21-c-learning-environment-ik0xp99lr8ii.zip
2014-11-19 10:52 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:52 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:52 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:52 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:35 - 2014-11-19 10:35 - 00000000 ____D () C:\Users\val\AppData\Local\AskPartnerNetwork
2014-11-19 10:34 - 2014-11-19 10:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-11-19 10:34 - 2014-11-19 10:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-11-19 10:31 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-19 10:30 - 2014-11-19 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 10:30 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-19 10:30 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-19 10:30 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-19 10:28 - 2014-11-19 10:30 - 00004654 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-19 09:54 - 2014-11-19 09:56 - 00000000 ___SD () C:\ComboFix
2014-11-19 09:53 - 2014-11-19 09:54 - 00000000 ___SD () C:\32788R22FWJFW
2014-11-17 12:09 - 2014-11-28 11:44 - 00000280 _____ () C:\Windows\setupact.log
2014-11-17 12:09 - 2014-11-17 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-17 12:08 - 2014-11-20 03:49 - 00024782 _____ () C:\Windows\PFRO.log
2014-11-14 10:06 - 2014-11-28 18:00 - 00000464 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-11-14 10:06 - 2014-11-14 10:06 - 00003124 _____ () C:\Windows\System32\Tasks\ParetoLogic Registration3
2014-11-14 10:06 - 2014-11-14 10:06 - 00000000 ____D () C:\Users\val\AppData\Roaming\ParetoLogic
2014-11-14 10:05 - 2014-11-29 11:10 - 00000559 _____ () C:\Windows\Tasks\RegCure Pro_sch_D977F6D8-6C28-11E4-AE59-00038A000015.job
2014-11-14 10:05 - 2014-11-28 11:45 - 00000456 _____ () C:\Windows\Tasks\RegCure Pro Startup.job
2014-11-14 10:05 - 2014-11-15 17:03 - 00000438 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-11-14 10:05 - 2014-11-15 17:03 - 00000438 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-11-14 10:05 - 2014-11-14 10:06 - 00002606 _____ () C:\Windows\System32\Tasks\RegCure Pro Startup
2014-11-14 10:05 - 2014-11-14 10:05 - 00003984 _____ () C:\Windows\System32\Tasks\RegCure Pro_sch_D977F6D8-6C28-11E4-AE59-00038A000015
2014-11-14 10:05 - 2014-11-14 10:05 - 00003246 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-11-14 10:05 - 2014-11-14 10:05 - 00002912 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3_triggeronce
2014-11-14 10:05 - 2014-11-14 10:05 - 00001194 _____ () C:\Users\val\Desktop\RegCure Pro.lnk
2014-11-14 10:04 - 2014-11-14 10:04 - 00000000 ____D () C:\Users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-11-14 10:04 - 2014-11-14 10:04 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-11-14 10:04 - 2014-11-14 10:04 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-11-14 10:02 - 2014-11-14 10:02 - 06822176 _____ (ParetoLogic, Inc.) C:\Users\val\Downloads\RegCureProSetup_e688389_.exe
2014-11-12 08:57 - 2014-11-12 08:57 - 00000000 __SHD () C:\Users\val\AppData\Local\EmieBrowserModeList
2014-11-11 14:35 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:35 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 14:35 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:35 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:34 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:34 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:34 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 14:34 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 14:34 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:32 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 14:32 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 14:32 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 14:32 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 14:32 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 14:32 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 14:32 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 14:32 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 14:32 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 14:32 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 14:32 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 14:32 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 14:32 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 14:32 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 14:32 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 14:32 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 14:32 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 14:32 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 14:32 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 14:32 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 14:32 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 14:32 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 14:32 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 14:32 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 14:32 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 14:32 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 14:32 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 14:32 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 14:32 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 14:32 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 14:32 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 14:32 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 14:32 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 14:32 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 14:32 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 14:32 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 14:32 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 14:32 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 14:32 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 14:32 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 14:32 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 14:32 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 14:32 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 14:32 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 14:32 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 14:32 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 14:32 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 14:32 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 14:31 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 14:31 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 14:31 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 14:31 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 14:31 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 14:31 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 14:31 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 14:31 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 14:29 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:29 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 14:29 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:29 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 14:27 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:27 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:27 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:27 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:27 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:27 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:27 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:27 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:27 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 14:27 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 14:26 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:26 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 14:26 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 14:26 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 14:26 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 14:26 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 14:26 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 14:24 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:24 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:24 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 14:24 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 14:24 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:22 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:22 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-08 15:06 - 2014-11-08 15:07 - 00823646 _____ () C:\Users\val\Downloads\Untitled_Message (3).zip
2014-11-08 15:05 - 2014-11-08 15:05 - 00000023 ____N () C:\Users\val\Desktop\ATT00001.txt
2014-11-08 15:04 - 2014-11-08 15:04 - 01766822 _____ () C:\Users\val\Downloads\Untitled_Message (1).zip
2014-11-08 15:04 - 2014-11-08 15:04 - 00000000 ____D () C:\Users\val\Downloads\Untitled_Message (1)
2014-11-08 14:59 - 2014-11-08 14:59 - 01766822 _____ () C:\Users\val\Downloads\Untitled_Message (2).zip
2014-11-08 14:47 - 2014-11-08 14:48 - 03289541 _____ () C:\Users\val\Downloads\Untitled_Message.zip
2014-11-04 17:24 - 2014-11-04 17:24 - 00071168 _____ () C:\Windows\system32\bxvlef.dll
2014-11-04 17:24 - 2014-11-04 17:24 - 00003858 _____ () C:\Windows\System32\Tasks\{54FDC3DA-60FE-9AED-4B5B-4F20AC5AC92E}
2014-11-04 17:24 - 2014-11-04 17:24 - 00000000 _____ () C:\Windows\system32\exqsqd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 11:23 - 2013-08-03 12:04 - 01822309 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 11:12 - 2014-06-03 18:11 - 00000000 ___RD () C:\Users\val\Google Drive
2014-11-29 11:12 - 2013-08-04 09:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 11:12 - 2013-08-04 09:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 11:10 - 2013-08-04 09:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 11:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-11-28 20:18 - 2009-07-13 21:13 - 00785670 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 14:27 - 2013-08-09 10:11 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0F6BF9F8-39EF-49D7-BACB-B552983EE3B6}
2014-11-28 12:13 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 12:13 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 11:44 - 2013-08-11 09:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-28 11:44 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 13:31 - 2013-08-04 09:15 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 13:12 - 2013-08-04 09:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:12 - 2013-08-04 09:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 13:12 - 2013-08-04 09:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 11:52 - 2014-09-27 21:51 - 00000000 ____D () C:\Users\val\AppData\Local\NETGEARGenie
2014-11-21 10:17 - 2013-08-04 23:51 - 00000000 ____D () C:\Users\val\AppData\Roaming\vlc
2014-11-19 10:33 - 2013-11-14 19:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 10:30 - 2013-08-15 02:22 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-19 09:35 - 2014-04-07 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 11:05 - 2013-08-04 09:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 11:05 - 2013-08-04 09:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 16:27 - 2013-08-03 02:56 - 00000000 ____D () C:\Windows\Panther
2014-11-14 13:15 - 2013-08-12 10:12 - 00000000 ____D () C:\Program Files (x86)\AOL Toolbar
2014-11-14 12:14 - 2014-04-06 21:19 - 00000000 ____D () C:\temp
2014-11-14 12:13 - 2014-04-06 19:22 - 00000000 ____D () C:\Program Files\pcreg
2014-11-14 12:12 - 2013-09-20 15:08 - 00000000 ____D () C:\Users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
2014-11-14 12:12 - 2012-09-27 15:44 - 00000000 ____D () C:\Users\val\Desktop\BILLS
2014-11-13 20:10 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-13 17:25 - 2009-07-13 18:34 - 64749568 _____ () C:\Windows\system32\config\software.bak
2014-11-13 17:25 - 2009-07-13 18:34 - 12845056 _____ () C:\Windows\system32\config\system.bak
2014-11-13 17:25 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-13 17:25 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-13 17:25 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-13 17:22 - 2013-08-04 00:17 - 00000000 ____D () C:\Windows\ERDNT
2014-11-13 12:22 - 2013-02-16 20:53 - 05597734 ____R (Swearware) C:\Users\val\Desktop\ComboFix.exe
2014-11-13 10:51 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 10:01 - 2011-07-19 20:29 - 00000000 ____D () C:\Users\val\Desktop\Annette's Job Folder
2014-11-12 08:54 - 2009-07-13 20:45 - 00332440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:15 - 2014-10-01 08:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:07 - 2014-10-01 08:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-05 10:26 - 2014-06-03 18:10 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-05 10:26 - 2014-06-03 18:10 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-05 10:26 - 2014-06-03 18:10 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-05 10:26 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 14:30 - 2013-08-03 00:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 09:34 - 2014-04-07 10:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

Some content of TEMP:
====================
C:\Users\val\AppData\Local\Temp\APNSetup.exe
C:\Users\val\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\val\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-16 12:58

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by val at 2014-11-29 11:27:10
Running from C:\Users\val\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AOL Mail and AIM Gadget (HKLM-x32\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Registration (HKLM-x32\...\AOL Regclient) (Version:  - )
AOL Toolbar for Firefox (HKLM-x32\...\AOL Toolbar for Firefox) (Version: 5.13.6.2 - AOL LLC)
AOL Toolbar for Internet Explorer (HKLM-x32\...\AOL Toolbar) (Version: 5.13.4.1 - AOL LLC)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
EWD 3D 5.2.2 (HKLM-x32\...\EWD 3D_is1) (Version:  - East Wind SoftWare)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3230.2052 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
My Singing Monsters (HKLM-x32\...\BFG-My Singing Monsters) (Version:  - )
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDF Creator for Windows 7 (HKLM\...\PDF Creator for Windows 7_is1) (Version:  - PDFLogic Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlanetSide 2 (HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Plants Vs Zombies: Game of the Year Edition (remove only) (HKLM-x32\...\Plants Vs Zombies: Game of the Year Edition) (Version:  - )
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.12.0 - ParetoLogic, Inc.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.1.0.20 - Seagate Technology)
Toy Defense - Free to Play (HKLM-x32\...\BFG-Toy Defense - Free to Play) (Version:  - )
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
War Thunder Launcher 1.0.1.391 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path

==================== Restore Points  =========================

17-11-2014 19:27:16 RegCure Pro Backup
19-11-2014 18:24:27 Installed Java 7 Update 71
20-11-2014 11:01:22 Windows Update
26-11-2014 20:07:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-13 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C9E16D2-4362-436E-B701-E30FE5F9D9A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {246F5E21-E1E1-4E03-B5C8-01A3A1616B9F} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {35C4C37B-A820-462B-9518-BC09F056A777} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {36F62482-3B80-4E4D-8E89-307CC2B6889C} - System32\Tasks\{54FDC3DA-60FE-9AED-4B5B-4F20AC5AC92E} => C:\Windows\system32\bxvlef.dll [2014-11-04] ()
Task: {43BA75EA-961D-4BEF-865B-429E961B4FF4} - System32\Tasks\{3DEDE4E5-1759-4C4F-B578-6A63729BDA34} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe [2014-01-06] (Google Inc.)
Task: {4D99BDB0-00CB-48A3-B4EB-BC722FA17F25} - System32\Tasks\{54F10120-AE56-49CD-80C5-542A7B324ABF} => C:\Program Files (x86)\Common Files\AOL\Launch\aollaunch.exe [2008-06-24] (AOL LLC)
Task: {5BEC484A-F128-4F25-BAF4-3C59D7331D37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {648EEA32-C73F-4CB6-86A0-BD6BE9525330} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27] ()
Task: {8C10FC78-3A0B-4A09-A8ED-996848741B17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {9D1D780F-04FF-476F-840D-6B7745841FEB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9F44F9B8-DF8B-46DE-B4FD-F4C50D1C59B9} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27] (ParetoLogic, Inc.)
Task: {B09F39F1-7F59-43EA-9B2A-62C593548A7D} - System32\Tasks\RegCure Pro_sch_D977F6D8-6C28-11E4-AE59-00038A000015 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27] (ParetoLogic, Inc.) <==== ATTENTION
Task: {B11A380A-17DC-487F-84CB-CD180F9791AA} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {B7E0BF87-9209-4C57-89FF-4A9A0F4A4E88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D7D8D0E1-D443-437E-84A8-ACD871854945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {DCB0DB89-A8DD-401A-AFB6-72DF49425ED0} - System32\Tasks\{D4622100-D489-49A5-A196-BAE074008099} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe [2014-01-06] (Google Inc.)
Task: {DF651327-AD22-41A9-8148-3C729178EB9C} - System32\Tasks\{62364D8E-74FB-4E9A-A13C-96CD5F7880A8} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe [2014-01-06] (Google Inc.)
Task: {E32A3330-3CC7-49A3-BD51-CBBD8C1E049C} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_D977F6D8-6C28-11E4-AE59-00038A000015.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-08-03 00:14 - 2013-01-31 01:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-10 23:40 - 2014-06-10 23:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2013-02-22 07:05 - 2013-02-21 18:04 - 00157696 _____ () C:\Windows\ERUNT.exe
2014-10-27 09:35 - 2014-10-27 09:35 - 00540784 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\7ZipDLL.dll
2014-10-27 09:35 - 2014-10-27 09:35 - 00045680 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\LiteZip.dll
2014-10-27 09:35 - 2014-10-27 09:35 - 00083568 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\ExtensionManager.dll
2014-10-27 09:34 - 2014-10-27 09:34 - 00155248 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\CommonLoggingExtension.pxt
2014-10-27 09:35 - 2014-10-27 09:35 - 00153712 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\CommonSpecialist.pxt
2014-10-27 09:35 - 2014-10-27 09:35 - 00138864 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegHookSpecialist.pxt
2014-10-27 09:35 - 2014-10-27 09:35 - 00925808 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\Utility.pxt
2014-10-27 09:35 - 2014-10-27 09:35 - 00053360 _____ () C:\Program Files (x86)\ParetoLogic\RegCure Pro\LiteUnzip.dll
2014-01-06 09:52 - 2014-01-06 09:52 - 03244032 _____ () C:\Users\val\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-06-10 23:40 - 2014-06-10 23:40 - 00523776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-06-10 23:09 - 2014-06-10 23:09 - 01554944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-06-10 23:10 - 2014-06-10 23:10 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-06-10 23:11 - 2014-06-10 23:11 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-06-10 23:59 - 2014-06-10 23:59 - 05992960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-03-23 19:33 - 2014-03-23 19:33 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-10 23:30 - 2014-06-10 23:30 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-03-23 19:33 - 2014-03-23 19:33 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-06-10 23:29 - 2014-06-10 23:29 - 01175552 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-06-10 23:31 - 2014-06-10 23:31 - 10063872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-06-12 23:39 - 2014-06-12 23:39 - 01361920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-06-10 23:35 - 2014-06-10 23:35 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-06-10 23:36 - 2014-06-10 23:36 - 00885248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-06-10 23:38 - 2014-06-10 23:38 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-04-08 00:07 - 2014-04-08 00:07 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-04-08 00:06 - 2014-04-08 00:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-03-23 19:31 - 2014-03-23 19:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-03-23 19:31 - 2014-03-23 19:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-03-23 19:31 - 2014-03-23 19:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-06-10 23:36 - 2014-06-10 23:36 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-06-10 23:38 - 2014-06-10 23:38 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-03-23 20:08 - 2014-03-23 20:08 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-03-23 19:31 - 2014-03-23 19:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-28 11:45 - 2014-11-28 11:45 - 00098816 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32api.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00110080 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\pywintypes27.dll
2014-11-28 11:45 - 2014-11-28 11:45 - 00364544 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\pythoncom27.dll
2014-11-28 11:45 - 2014-11-28 11:45 - 00045568 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_socket.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 01160704 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_ssl.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00320512 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32com.shell.shell.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00713216 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_hashlib.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 01175040 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._core_.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00805888 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._gdi_.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00811008 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._windows_.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 01062400 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._controls_.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00735232 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._misc_.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00128512 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_elementtree.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00127488 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\pyexpat.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00557056 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\pysqlite2._sqlite.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00087552 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_ctypes.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00119808 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32file.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00108544 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32security.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00007168 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\hashobjs_ext.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00167936 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32gui.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00018432 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32event.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00038912 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32inet.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00011264 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32crypt.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00070656 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._html2.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00027136 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\_multiprocessing.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00035840 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32process.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00686080 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\unicodedata.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00122368 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._wizard.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00024064 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32pipe.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00025600 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32pdh.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00525640 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\windows._lib_cacheinvalidation.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00010240 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\select.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00017408 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32profile.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00022528 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\win32ts.pyd
2014-11-28 11:45 - 2014-11-28 11:45 - 00078336 _____ () C:\Users\val\AppData\Local\Temp\_MEI29482\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:1C678466
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\ProgramData\TEMP:CE707633

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1382782913-3747055031-3309349280-500 - Administrator - Disabled)
Guest (S-1-5-21-1382782913-3747055031-3309349280-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1382782913-3747055031-3309349280-1002 - Administrator - Enabled)
UpdatusUser (S-1-5-21-1382782913-3747055031-3309349280-1003 - Administrator - Enabled) => C:\Users\UpdatusUser
val (S-1-5-21-1382782913-3747055031-3309349280-1001 - Administrator - Enabled) => C:\Users\val

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2014 00:19:18 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location M:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/26/2014 11:51:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e54

Start Time: 01d009b21624c6d0

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 832b63b1-75a5-11e4-851e-00038a000015

Error: (11/19/2014 07:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000172745
Faulting process id: 0x7a8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/19/2014 10:21:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 49c

Start Time: 01d00425134b56f0

Termination Time: 17

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/19/2014 09:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a68

Start Time: 01d0041e642cdc80

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/19/2014 09:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 288

Start Time: 01d0041e521bcce0

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/18/2014 10:40:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AOLDesktop.exe version 16.0.2.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 118

Start Time: 01d0035e0676d2a0

Termination Time: 16

Application Path: C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLDesktop.exe

Report Id: 7ad1c741-6f51-11e4-a9f4-00038a000015

Error: (11/18/2014 10:01:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (11/17/2014 00:15:38 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2014 00:15:38 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/29/2014 11:09:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (11/29/2014 11:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (11/29/2014 11:09:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

Error: (11/29/2014 11:08:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

Error: (11/28/2014 09:40:14 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/28/2014 07:10:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/28/2014 07:03:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/28/2014 06:25:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/28/2014 06:04:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/28/2014 02:59:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Microsoft Office Sessions:
=========================
Error: (11/26/2014 00:19:18 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: M:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/26/2014 11:51:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17420e5401d009b21624c6d00C:\Program Files\Internet Explorer\iexplore.exe832b63b1-75a5-11e4-851e-00038a000015

Error: (11/19/2014 07:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ole32.dll6.1.7601.175144ce7c92cc000000500000000001727457a801d0042558d5b148C:\Windows\system32\svchost.exeC:\Windows\system32\ole32.dll075baab0-7064-11e4-bb08-00038a000015

Error: (11/19/2014 10:21:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1742049c01d00425134b56f017C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/19/2014 09:31:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174201a6801d0041e642cdc800C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/19/2014 09:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1742028801d0041e521bcce00C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (11/18/2014 10:40:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AOLDesktop.exe16.0.2.111801d0035e0676d2a016C:\Program Files (x86)\Common Files\AOL\1376331060\ee\AOLDesktop.exe7ad1c741-6f51-11e4-a9f4-00038a000015

Error: (11/18/2014 10:01:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (11/17/2014 00:15:38 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/17/2014 00:15:38 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4400

CodeIntegrity Errors:
===================================
  Date: 2014-11-13 17:20:01.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 17:20:01.058
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 17:20:00.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 17:20:00.449
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-30 22:44:06.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-30 22:44:05.905
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-30 22:44:05.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-30 22:44:05.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-12 09:33:15.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-12 09:33:15.383
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X3 435 Processor
Percentage of memory in use: 93%
Total physical RAM: 1983.55 MB
Available physical RAM: 128.47 MB
Total Pagefile: 5812.8 MB
Available Pagefile: 1733.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178.3 GB) (Free:18.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:8.01 GB) (Free:7.94 GB) NTFS
Drive g: () (Fixed) (Total:127.99 GB) (Free:2.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (New Volume) (Fixed) (Total:803.52 GB) (Free:605.47 GB) NTFS
Drive m: (Lexar) (Removable) (Total:14.9 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B4E3B4E3)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=803.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=178.3 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 29 November 2014 - 07:10 PM

I just noticed that I also have an error message:

 

File not found

C:\Windows\ERDNT.E_E

This file is part of a restoration program ERDNT. Without this file later restoration of registry can only be done manually by using another OS to copy file back.



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 29 November 2014 - 07:33 PM

Don't worry about that error.  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S0 mwompxgv; System32\drivers\ejxgwmdp.sys [X]
2014-11-04 17:24 - 2014-11-04 17:24 - 00071168 _____ () C:\Windows\system32\bxvlef.dll
2014-11-04 17:24 - 2014-11-04 17:24 - 00003858 _____ () C:\Windows\System32\Tasks\{54FDC3DA-60FE-9AED-4B5B-4F20AC5AC92E}
2014-11-04 17:24 - 2014-11-04 17:24 - 00000000 _____ () C:\Windows\system32\exqsqd.dll
CustomCLSID: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:1C678466
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\ProgramData\TEMP:CE707633
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 29 November 2014 - 08:45 PM

ok...after the program rebooted my computer it gave me this log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by val at 2014-11-29 16:52:37 Run:1
Running from C:\Users\val\Downloads
Loaded Profiles: val & UpdatusUser (Available profiles: val & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S0 mwompxgv; System32\drivers\ejxgwmdp.sys [X]
2014-11-04 17:24 - 2014-11-04 17:24 - 00071168 _____ () C:\Windows\system32\bxvlef.dll
2014-11-04 17:24 - 2014-11-04 17:24 -
00003858 _____ () C:\Windows\System32\Tasks\{54FDC3DA-60FE-9AED-4B5B-4F20AC5AC92E}
2014-11-04 17:24 - 2014-11-04 17:24 - 00000000 _____ () C:\Windows\system32\exqsqd.dll
CustomCLSID: HKU\S-1-5-21-1382782913-3747055031-3309349280-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\ProgramData\TEMP:1C678466
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\ProgramData\TEMP:CE707633
EmptyTemp:
*****************

"HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-1382782913-3747055031-3309349280-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
pcregservice => Service deleted successfully.
mwompxgv => Service deleted successfully.
C:\Windows\system32\bxvlef.dll => Moved successfully.
"2014-11-04 17:24 - 2014-11-04 17:24 -" => File/Directory not found.
00003858 _____ () C:\Windows\System32\Tasks\{54FDC3DA-60FE-9AED-4B5B-4F20AC5AC92E} => Error: No automatic fix found for this entry.
Could not move "C:\Windows\system32\exqsqd.dll" => Scheduled to move on reboot.
"HKU\S-1-5-21-1382782913-3747055031-3309349280-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\ProgramData\TEMP => ":1C678466" ADS removed successfully.
C:\ProgramData\TEMP => ":2A66F1C3" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":6E6A4F42" ADS removed successfully.
C:\ProgramData\TEMP => ":CE707633" ADS removed successfully.
EmptyTemp: => Removed 2.1 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-29 17:38:04)<=

C:\Windows\system32\exqsqd.dll => Is moved successfully.

==== End of Fixlog ====



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 30 November 2014 - 10:28 AM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 November 2014 - 04:42 PM

ok...here is the combo fix log...thanks again for helping me.

ComboFix 14-11-25.01 - val 11/30/2014  11:58:22.7.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1984.906 [GMT -8:00]
Running from: c:\users\val\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\val\AppData\Local\Temp\_MEI39082\_ctypes.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\_elementtree.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\_hashlib.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\_multiprocessing.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\_socket.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\_ssl.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\hashobjs_ext.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\pyexpat.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\pysqlite2._sqlite.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\python27.dll
c:\users\val\AppData\Local\Temp\_MEI39082\pythoncom27.dll
c:\users\val\AppData\Local\Temp\_MEI39082\PyWinTypes27.dll
c:\users\val\AppData\Local\Temp\_MEI39082\select.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\unicodedata.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32api.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32com.shell.shell.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32crypt.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32event.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32file.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32gui.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32inet.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32pdh.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32pipe.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32process.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32profile.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32security.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\win32ts.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\windows._lib_cacheinvalidation.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._animate.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._controls_.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._core_.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._gdi_.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._html2.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._misc_.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._windows_.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wx._wizard.pyd
c:\users\val\AppData\Local\Temp\_MEI39082\wxbase294u_net_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI39082\wxbase294u_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI39082\wxmsw294u_adv_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI39082\wxmsw294u_core_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI39082\wxmsw294u_html_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI39082\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
C:\END
c:\programdata\ntuser.pol
c:\users\val\AppData\Local\Temp\_MEI23282\_ctypes.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\_elementtree.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\_hashlib.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\_multiprocessing.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\_socket.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\_ssl.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\hashobjs_ext.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\pyexpat.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\pysqlite2._sqlite.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\python27.dll
c:\users\val\AppData\Local\Temp\_MEI23282\pythoncom27.dll
c:\users\val\AppData\Local\Temp\_MEI23282\PyWinTypes27.dll
c:\users\val\AppData\Local\Temp\_MEI23282\select.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\unicodedata.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32api.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32com.shell.shell.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32crypt.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32event.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32file.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32gui.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32inet.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32pdh.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32pipe.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32process.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32profile.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32security.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\win32ts.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\windows._lib_cacheinvalidation.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._animate.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._controls_.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._core_.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._gdi_.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._html2.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._misc_.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._windows_.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wx._wizard.pyd
c:\users\val\AppData\Local\Temp\_MEI23282\wxbase294u_net_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI23282\wxbase294u_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI23282\wxmsw294u_adv_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI23282\wxmsw294u_core_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI23282\wxmsw294u_html_vc90.dll
c:\users\val\AppData\Local\Temp\_MEI23282\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\u
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-28 to 2014-11-30  )))))))))))))))))))))))))))))))
.
.
2014-11-30 20:13 . 2014-11-30 20:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-11-30 20:13 . 2014-11-30 20:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-30 20:13 . 2014-11-30 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-29 19:18 . 2014-11-30 01:38 -------- d-----w- C:\FRST
2014-11-28 20:31 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CD298AB-CDD3-454D-99C2-78C506D2879E}\mpengine.dll
2014-11-19 18:52 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 18:52 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 18:52 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 18:52 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 18:35 . 2014-11-19 18:35 -------- d-----w- c:\users\val\AppData\Local\AskPartnerNetwork
2014-11-19 18:34 . 2014-11-19 18:34 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-11-19 18:34 . 2014-11-19 18:34 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-11-19 18:32 . 2014-11-19 18:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-19 18:30 . 2014-09-27 02:42 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-14 18:06 . 2014-11-14 18:06 -------- d-----w- c:\users\val\AppData\Roaming\ParetoLogic
2014-11-14 18:04 . 2014-11-14 18:04 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2014-11-14 18:04 . 2014-11-14 18:04 -------- d-----w- c:\programdata\ParetoLogic
2014-11-14 18:04 . 2014-11-14 18:04 -------- d-----w- c:\program files (x86)\ParetoLogic
2014-11-12 16:57 . 2014-11-12 16:57 -------- d-sh--w- c:\users\val\AppData\Local\EmieBrowserModeList
2014-11-11 22:35 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-11 22:35 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-11 22:35 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-11 22:35 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-11 22:34 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-11 22:34 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-11 22:34 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-11 22:34 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-11 22:34 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-11 22:31 . 2014-11-06 02:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-11 22:31 . 2014-11-06 03:29 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-11 22:31 . 2014-11-06 03:46 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-11 22:31 . 2014-11-06 03:23 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-11 22:31 . 2014-11-06 04:11 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-11-11 22:31 . 2014-11-06 02:17 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 22:31 . 2014-11-06 01:58 378880 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-11-11 22:31 . 2014-11-06 03:44 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-11 22:31 . 2014-11-07 19:49 293040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-11-11 22:31 . 2014-11-06 03:02 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-11 22:31 . 2014-11-06 03:00 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-11 22:31 . 2014-11-06 04:03 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-11 22:29 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 22:29 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-11-11 22:29 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-11 22:29 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-11-11 22:27 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 22:27 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-11 22:27 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-11 22:27 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-11-11 22:27 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-11 22:27 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-11-11 22:27 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-11 22:27 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-11 22:27 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-11-11 22:27 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-11-11 22:26 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll
2014-11-11 22:26 . 2014-09-19 09:42 309760 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-11 22:26 . 2014-09-19 09:23 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-11-11 22:26 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-11-11 22:26 . 2014-09-19 09:42 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-11 22:26 . 2014-09-19 09:23 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-11-11 22:26 . 2014-09-19 09:42 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-11-11 22:26 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-11 22:26 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-11-11 22:26 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-11-11 22:26 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
2014-11-11 22:26 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-11-11 22:24 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-11 22:24 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-11 22:24 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-11 22:24 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-11 22:24 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-11 22:22 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 22:22 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 21:12 . 2013-08-04 17:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 21:12 . 2013-08-04 17:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-19 17:35 . 2014-04-07 18:04 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 11:07 . 2014-10-01 16:35 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 22:30 . 2013-08-03 08:18 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-16 16:27 . 2014-10-16 16:26 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-10-02 21:23 . 2014-10-02 21:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23 . 2014-10-02 21:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-10-01 18:11 . 2014-04-07 18:04 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-04-07 18:04 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2014-04-07 18:04 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-28 05:51 . 2014-09-28 05:51 369168 ----a-w- c:\windows\system32\wpcap.dll
2014-09-28 05:51 . 2014-09-28 05:51 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2014-09-28 05:51 . 2014-09-28 05:51 106000 ----a-w- c:\windows\system32\packet.dll
2014-09-25 02:08 . 2014-10-01 16:15 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 16:15 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 17:01 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 17:01 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 16:42 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 16:42 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
2014-11-24 18:38 12184 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5350-4500-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" [2014-11-24 12184]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5350-4500-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\val\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-22 22869088]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-06-11 596480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"HostManager"="c:\program files (x86)\Common Files\AOL\1376331060\ee\AOLSoftware.exe" [2008-06-24 41824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-11-24 2039192]
"PDF Seven"="c:\program files\PDFSeven\PDF.exe" [2009-12-11 489472]
.
c:\users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files (x86)\Common Files\AOL\Launch\aollaunch.exe /d locale=en-US /d brand=aol ee://aol/frontierApp /preload [2008-6-24 41824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2014-1-29 144384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PDFSevenPrinting;PDF Seven Printing;c:\program files\PDFSeven\PDFSevenPrinting.exe;c:\program files\PDFSeven\PDFSevenPrinting.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 19:53 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-04 21:12]
.
2014-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04 17:15]
.
2014-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04 17:15]
.
2014-11-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-11-16 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27 17:35]
.
2014-11-16 c:\windows\Tasks\ParetoLogic Update Version3_triggeronce.job
- c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2014-10-27 17:35]
.
2014-11-30 c:\windows\Tasks\RegCure Pro Startup.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27 17:34]
.
2014-11-30 c:\windows\Tasks\RegCure Pro_sch_D977F6D8-6C28-11E4-AE59-00038A000015.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-10-27 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
2014-11-24 18:38 13720 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5350-4500-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" [2014-11-24 13720]
.
[HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,a8,3f,1d,de,7d,a2,44,91,98,f8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,a8,3f,1d,de,7d,a2,44,91,98,f8,\
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (LocalSystem)
"2314AECFBD50C5878D94D69E695B58E823D6E95AE2"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,a8,3f,1d,de,7d,a2,44,91,98,f8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\AOL\1376331060\ee\AOLDesktop.exe
.
**************************************************************************
.
Completion time: 2014-11-30  13:31:22 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-30 21:31
ComboFix2.txt  2014-03-12 16:36
ComboFix3.txt  2014-02-27 07:22
.
Pre-Run: 22,183,981,056 bytes free
Post-Run: 22,011,883,520 bytes free
.
- - End Of File - - F6336DE1BDA000CB0B1ACCD298FF9706
A36C5E4F47E84449FF07ED3517B43A31
 



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 30 November 2014 - 05:49 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

c:\users\val\AppData\Local\EmieBrowserModeList
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • Fixlog.txt report
  • adwCleaner log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 November 2014 - 08:05 PM

hello mr.mcmurphy,

 

I am running mbam  and a message popped up :

 

mbam was unable to load the anti rootkit dda driver this error may be caused by rootkit activity. Do you want to reboot the system in attempt to install the Driver?(if you don't reboot anti rootkit scanning will be disabled)

 

Should I reboot, the scan looks like it is still running on prescan opertation?



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 30 November 2014 - 08:15 PM

Please click 'Yes' to this message, to allow the driver to load after a restart.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 November 2014 - 10:40 PM

ok...here are al the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01
Ran by val at 2014-11-30 16:08:53 Run:2
Running from C:\Users\val\Downloads
Loaded Profiles: val & UpdatusUser (Available profiles: val & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
c:\users\val\AppData\Local\EmieBrowserModeList
*****************

c:\users\val\AppData\Local\EmieBrowserModeList => Moved successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 16:11:45
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : val - VAL-PC
# Running from : C:\Users\val\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

File Found : C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
Folder Found : C:\Program Files (x86)\AOL Toolbar
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ParetoLogic
Folder Found : C:\Program Files (x86)\PC Speed Maximizer
Folder Found : C:\Program Files\pcreg
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\iWin
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\val\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\val\AppData\Local\Conduit
Folder Found : C:\Users\val\AppData\Local\DefineExt
Folder Found : C:\Users\val\AppData\Local\NativeMessaging
Folder Found : C:\Users\val\AppData\LocalLow\Conduit
Folder Found : C:\Users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Found : C:\Users\val\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\val\Documents\PC Speed Maximizer

***** [ Scheduled Tasks ] *****

Task Found : LaunchSignup
Task Found : paretologic registration3
Task Found : paretologic update version3
Task Found : RunAsStdUser Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\LINKEY
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{549D0F98-EE42-4149-936E-4287727E7FDC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7963CCF-4A41-4F90-A4FF-9F7FFEB23154}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : [x64] HKCU\Software\LINKEY
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{549D0F98-EE42-4149-936E-4287727E7FDC}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7963CCF-4A41-4F90-A4FF-9F7FFEB23154}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AdvertisingSupport
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Bench
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v39.0.2171.71

[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN31603392591208311&ctid=CT3289663&UM=2
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN31603392591208311&ctid=CT3289663&UM=2
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=310&src=ds&p={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [9773 octets] - [30/11/2014 16:11:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9833 octets] ##########

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/30/2014
Scan Time: 6:53:45 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.30.11
Rootkit Database: v2014.11.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: val

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362269
Time Elapsed: 15 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\INPROCSERVER32, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKU\S-1-5-21-1382782913-3747055031-3309349280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, HKU\S-1-5-21-1382782913-3747055031-3309349280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\WOW6432NODE\AdvertisingSupport, Quarantined, [34bacf729ae234021ba97bc8bf44a060],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1382782913-3747055031-3309349280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [6b8368d9c7b5d066af640d36aa5919e7],

Registry Values: 4
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1]
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [ae40f74ae795a294961da220639fc53b],
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [9559ac9589f3be78ecc716ac3bc70df3],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],
PUP.Optional.Ask.A, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll, Quarantined, [9f4fd170423ac571d8dbdce6f30f2fd1],

Physical Sectors: 0
(No malicious items detected)

(end)



#13 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 November 2014 - 10:44 PM

should I delet items in mbam quarantine?



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 PM

Posted 30 November 2014 - 11:21 PM

Yes, you may delete those items.  How is your computer running now?  Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-Uncheck any lines related to items you wish to keep->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is your computer running now?
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 sirockabye

sirockabye
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 01 December 2014 - 12:12 AM

well I could not run eset scanner because when I tried to run after I agreed to terms and hit the start button,  there was an error message:

 

an add-on has failed to load.

 

here is the log for adware

# AdwCleaner v4.102 - Report created 30/11/2014 at 20:33:30
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : val - VAL-PC
# Running from : C:\Users\val\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\pcreg
Folder Deleted : C:\Users\val\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\val\AppData\Local\Conduit
Folder Deleted : C:\Users\val\AppData\Local\DefineExt
Folder Deleted : C:\Users\val\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\val\AppData\Local\Temp\apn
Folder Deleted : C:\Users\val\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\val\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\val\Documents\PC Speed Maximizer
File Deleted : C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : paretologic registration3
Task Deleted : paretologic update version3
Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{549D0F98-EE42-4149-936E-4287727E7FDC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7963CCF-4A41-4F90-A4FF-9F7FFEB23154}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v39.0.2171.71

[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN31603392591208311&ctid=CT3289663&UM=2
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN31603392591208311&ctid=CT3289663&UM=2
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=310&src=ds&p={searchTerms}
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=
[C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M19B9BBAF-37E6-40F7-B981-001C84F71F4E&SearchSource=58&CUI=&UM=5&UP=SP0E4B32CD-EA87-4599-846E-930C67A926F8&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [9997 octets] - [30/11/2014 16:11:45]
AdwCleaner[R1].txt - [9996 octets] - [30/11/2014 20:31:58]
AdwCleaner[S0].txt - [9078 octets] - [30/11/2014 20:33:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9138 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users