Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparently this issue no one can solve,not even mighty god himself!


  • Please log in to reply
49 replies to this topic

#1 stanleybeast

stanleybeast

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 23 December 2014 - 08:29 PM

Hi Guys,
 
 
I am new here. I am also new to learning the back end of a computer, lightly! But I seem to have got something I cannot get rid of.

It seems my computer has some kind of safety back set up for itself no matter what I do to remove programs/updates/weird named files and folders in system32 folder. Its like everything I try to download to remove it, is no good as this writes and injects  inf files and other ones to make that program miss them in the search. Even regular files like google or skype, it will still inject its self in and then when I right click it, its no longer an EXE file I installed, but deatils says its an MSI file now. I have win 7 32 bit, home basic only,  yet this or whatever or WHOEVER, as I have remote logger user getting int via user32.exe,  is controlling my computer as an NT comp, or XP as it has many dos programs to open his way thru anything and neverything, win sever 2008 so it can do remote in, all crazy stuff....

 

In comp  mgmt it has dcom and com and all those tiny robot balls that you can modifiy and see it is created to be there and attched to one prgram like svchost and that would open strings to files that opens even more cab files of additions this bug wants to add.. OVER BEARING to say the least..

I am always seeing leaking reg S-1-5 21, classes making changes to everything, and sure enough, no matter what I did, my comp is restored to where I did nothing, even despite turning off system restore, deleting them all, cleaning temp files,, zap-0 my hardrive, new install(install cd seems infected as well as it has a hugely bloated system 32 folder and even c root dir.
 
I need help bad. It owned my destop computer, then my laptop, then my back up desktop.. I cant even open my1 terabyte external hardrive no mater what I did in device mgr.. Maybe thats what got infected and passed it around..

 

 

Here is the dds ran files

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2014 11:24:44 AM
System Uptime: 12/24/2014 7:34:20 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4N68T-M-LE-V2
Processor: AMD Athlon™ II X2 250 Processor | AM3 | 2280/200mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 343 GiB total, 343.102 GiB free.
C: is FIXED (NTFS) - 122 GiB total, 107.079 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 12/21/2014 1:11:20 PM - me 1 11pm sun 21st dec
RP6: 12/21/2014 5:09:41 PM - Device Driver Package Install: NVIDIA Display adapters
RP8: 12/21/2014 5:10:39 PM - Installed NVIDIA 3D Vision Controller Driver
RP9: 12/21/2014 5:10:57 PM - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
RP10: 12/21/2014 5:16:59 PM - Windows Update
RP11: 12/21/2014 5:54:19 PM - Windows Update
RP12: 12/24/2014 1:25:52 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP13: 12/24/2014 3:21:40 AM - Windows Modules Installer
RP15: 12/24/2014 4:01:31 AM - Removed NVIDIA 3D Vision Controller Driver
RP16: 12/24/2014 4:20:53 AM - Windows Update
RP17: 12/24/2014 4:58:28 AM - Windows Modules Installer
RP18: 12/24/2014 4:59:10 AM - Windows Modules Installer
RP19: 12/24/2014 4:59:55 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 28 December 2014 - 08:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560832 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 30 December 2014 - 02:08 AM

Hi bot,

 

I do still need help I think. When my comp sleeps or shuts down it re-configures itself back to any changes I have made

so we need to fix that so when the computer is shut down while I am waiting for your assistance, no changes are made thus

thwarting our progress. It seems I have many diff windows OS's on my computer which allow old school programs for remote changing and controlling my computer.

 

Attached is the dds file you requested too.

 

I do have the original Windows CD as well.


Edited by stanleybeast, 30 December 2014 - 02:10 AM.


#4 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 30 December 2014 - 12:01 PM

I'm not getting any assistance from real people, bot only and last one who replied now doesnt have an account, whats on the go with bleeping computer support?:((((((((((((((((((((9



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 31 December 2014 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#6 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 02 January 2015 - 02:36 PM

Here is RogueKillers Report
 

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : LBDP [Administrator]
Mode : Delete -- Date : 01/02/2015  13:21:58
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 15 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> Deleted
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2234649931-1513563446-759412437-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.microsoft.com/  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2234649931-1513563446-759412437-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2234649931-1513563446-759412437-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2234649931-1513563446-759412437-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2234649931-1513563446-759412437-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Replaced (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160812AS ATA Device +++++
--- User ---
[MBR] f8f31cbe66a20606d266fbcf1e73ed78
[BSP] 07fbebbeb1f7236c0e5a4ddd22f454c5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_01022015_131735.log





Here is the Adware Scan result

# AdwCleaner v4.106 - Report created 02/01/2015 at 14:22:45
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)
# Username : LBDP - SCHNUCKIMAUS
# Running from : C:\Users\LBDP\Desktop\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.18667
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\SteveO UR BOSS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\SteveO UR BOSS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1326 octets] - [02/01/2015 14:20:03]
AdwCleaner[S0].txt - [1257 octets] - [02/01/2015 14:22:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1317 octets] ##########



And the FRST scan results now.
 
FRST Scan is 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by LBDP (administrator) on SCHNUCKIMAUS on 02-01-2015 14:26:42
Running from C:\Users\LBDP\Desktop
Loaded Profile: LBDP (Available profiles: LBDP)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKU\S-1-5-21-2234649931-1513563446-759412437-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2234649931-1513563446-759412437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
 
Chrome: 
=======
CHR StartupUrls: Profile 3 -> "https://www.microsoft.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
CHR Profile: C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (YouTube) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
CHR Extension: (Google Search) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
CHR Extension: (Google Sheets) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
CHR Extension: (Gmail) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 14:26 - 2015-01-02 14:27 - 00006247 _____ () C:\Users\LBDP\Desktop\FRST.txt
2015-01-02 14:26 - 2015-01-02 14:26 - 00000000 ____D () C:\FRST
2015-01-02 14:25 - 2015-01-02 14:25 - 00001397 _____ () C:\Users\LBDP\Desktop\AdwCleaner[S0].txt
2015-01-02 14:19 - 2015-01-02 14:22 - 00000000 ____D () C:\AdwCleaner
2015-01-02 13:34 - 2015-01-02 13:34 - 01115136 _____ (Farbar) C:\Users\LBDP\Desktop\FRST.exe
2015-01-02 13:31 - 2015-01-02 13:31 - 02173952 _____ () C:\Users\LBDP\Desktop\adwcleaner_4.106.exe
2015-01-02 13:14 - 2015-01-02 13:14 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-02 13:14 - 2015-01-02 13:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-02 13:12 - 2015-01-02 13:12 - 15298136 _____ () C:\Users\LBDP\Desktop\RogueKiller.exe
2015-01-02 09:56 - 2009-09-22 22:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2015-01-02 09:51 - 2015-01-02 09:56 - 00006592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 07:42 - 2015-01-02 07:42 - 00000000 __SHD () C:\Users\LBDP\AppData\Local\EmieUserList
2015-01-02 07:42 - 2015-01-02 07:42 - 00000000 __SHD () C:\Users\LBDP\AppData\Local\EmieSiteList
2015-01-02 07:42 - 2015-01-02 07:42 - 00000000 __SHD () C:\Users\LBDP\AppData\Local\EmieBrowserModeList
2015-01-02 07:01 - 2015-01-02 09:56 - 00006592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 05:32 - 2015-01-02 14:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 05:21 - 2015-01-02 05:21 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\Macromedia
2015-01-01 22:41 - 2015-01-01 22:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-01 22:41 - 2015-01-01 22:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-01 15:07 - 2015-01-01 15:07 - 00000000 ____D () C:\Users\LBDP\Documents\My Pics
2015-01-01 12:30 - 2015-01-01 12:30 - 10812849 _____ () C:\Users\LBDP\Documents\Heap-20150102T013039.heapsnapshot
2015-01-01 11:40 - 2015-01-01 11:41 - 15298136 _____ () C:\Users\LBDP\Downloads\RogueKiller.exe
2015-01-01 10:15 - 2015-01-01 15:35 - 00000191 _____ () C:\Users\LBDP\Documents\steves odesk info.txt
2014-12-27 05:17 - 2014-12-27 05:17 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\Adobe
2014-12-27 05:13 - 2014-12-27 05:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-27 05:13 - 2014-12-27 05:13 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-20 19:18 - 2014-12-20 19:18 - 00000000 ____D () C:\Users\LBDP\AppData\Local\Apps\2.0
2014-12-20 14:50 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-20 14:50 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-20 14:50 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-20 14:50 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-20 14:50 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-20 14:02 - 2014-12-20 14:07 - 00012341 _____ () C:\Windows\IE11_main.log
2014-12-20 13:59 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-20 13:59 - 2014-11-21 05:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-20 13:59 - 2014-11-21 05:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-20 13:59 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-20 13:59 - 2014-11-21 05:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-20 13:59 - 2014-11-21 05:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-20 13:59 - 2014-11-21 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-20 13:59 - 2014-11-21 05:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-20 13:59 - 2014-11-21 05:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 13:59 - 2014-11-21 05:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-20 13:59 - 2014-11-21 05:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-20 13:59 - 2014-11-21 04:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-20 13:59 - 2014-11-21 02:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-20 13:59 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-20 13:59 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-20 13:58 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-20 13:58 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-20 13:58 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-20 13:58 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-20 13:58 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-20 13:58 - 2014-10-29 20:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-20 13:58 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-20 13:58 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-20 13:58 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-20 13:58 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-20 13:58 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-20 13:58 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-20 13:58 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-20 13:58 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-20 13:58 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-20 13:58 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-20 13:58 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-20 13:58 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-20 13:58 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-20 13:50 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-20 13:50 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-20 13:50 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-20 13:50 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-20 13:50 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-20 13:47 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-20 13:47 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-20 13:47 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-20 13:47 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-20 13:47 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-20 13:42 - 2014-12-20 13:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-20 13:42 - 2014-12-20 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-20 13:42 - 2014-12-20 13:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-20 13:34 - 2014-12-20 13:34 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-12-20 13:33 - 2015-01-02 14:23 - 00003174 _____ () C:\Windows\PFRO.log
2014-12-20 13:30 - 2015-01-02 14:23 - 00002020 _____ () C:\Windows\setupact.log
2014-12-20 13:30 - 2014-12-20 13:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 13:20 - 2014-12-20 13:20 - 00000052 _____ () C:\Windows\avmcoins.log
2014-12-20 10:55 - 2015-01-02 05:17 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\WinPatrol
2014-12-20 10:54 - 2014-12-20 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-20 10:54 - 2014-12-20 10:54 - 00000000 ____D () C:\Program Files\Ruiware
2014-12-20 09:51 - 2015-01-02 09:56 - 00000000 ____D () C:\Program Files\Intel
2014-12-20 09:51 - 2014-12-20 09:52 - 00000000 ____D () C:\Users\LBDP\Downloads\willkill
2014-12-20 09:51 - 2009-07-08 16:34 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2014-12-20 05:32 - 2015-01-02 08:09 - 00000000 ___RD () C:\Program Files\Skype
2014-12-20 05:32 - 2014-12-27 05:49 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\Skype
2014-12-20 02:03 - 2014-12-20 02:03 - 00044618 _____ () C:\Users\LBDP\Documents\config.img
2014-12-19 21:15 - 2014-12-19 21:15 - 00109280 _____ () C:\Users\SteveO UR BOSS\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 21:10 - 2014-12-20 11:00 - 00000000 ___RD () C:\Users\SteveO UR BOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-19 21:10 - 2014-12-20 11:00 - 00000000 ___RD () C:\Users\SteveO UR BOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 21:10 - 2014-12-20 11:00 - 00000000 ____D () C:\Users\SteveO UR BOSS
2014-12-19 21:10 - 2014-12-19 21:10 - 00000000 ____D () C:\Users\SteveO UR BOSS\AppData\Local\VirtualStore
2014-12-19 21:10 - 2014-12-19 21:10 - 00000000 ____D () C:\Users\SteveO UR BOSS\AppData\Local\Google
2014-12-19 18:43 - 2015-01-02 14:26 - 01320438 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 17:50 - 2014-12-19 17:50 - 01240498 _____ () C:\Users\LBDP\Documents\cc_20141219_175001.reg
2014-12-19 17:44 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-19 17:44 - 2014-12-20 11:00 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-19 17:36 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-19 17:36 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-19 17:36 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-19 17:36 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-19 17:36 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-19 17:36 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-19 17:36 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-19 17:36 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-19 17:35 - 2015-01-02 07:19 - 00000000 ____D () C:\Qoobox
2014-12-19 17:35 - 2014-12-19 17:40 - 00000000 ____D () C:\Windows\erdnt
2014-12-19 17:27 - 2014-12-19 17:27 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 17:27 - 2014-12-19 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 17:26 - 2014-12-19 17:26 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 16:13 - 2014-12-19 16:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-19 15:58 - 2014-12-19 15:58 - 00000000 ____D () C:\Intel
2014-12-19 15:44 - 2014-12-19 15:44 - 00000000 ____D () C:\Users\LBDP\AppData\Roaming\TeamViewer
2014-12-19 15:03 - 2014-12-19 15:03 - 133102966 _____ () C:\reg-bakup.reg
2014-12-19 14:55 - 2015-01-01 09:30 - 00109280 _____ () C:\Users\LBDP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 10:40 - 2014-12-09 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk
2014-12-06 22:09 - 2014-12-06 22:09 - 00000000 ____D () C:\Users\LBDP\AppData\Local\Mozilla
2014-12-06 22:08 - 2014-12-06 22:08 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-06 01:47 - 2014-12-19 15:26 - 00000000 ____D () C:\Users\LBDP\Desktop\OTHERWORK
2014-12-05 10:37 - 2012-10-13 09:20 - 00805376 _____ () C:\Windows\system32\EditCtlsU.ocx
2014-12-05 10:37 - 2011-08-13 08:06 - 01031168 _____ () C:\Windows\system32\ExLVwU.ocx
2014-12-05 10:37 - 2011-05-20 11:02 - 00604672 _____ () C:\Windows\system32\ExTVwU.ocx
2014-12-05 10:37 - 2008-01-18 22:34 - 00554008 _____ (Microsoft Corporation) C:\Windows\system32\dao360.dll
2014-12-05 10:37 - 2005-04-15 02:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.ocx
2014-12-05 10:37 - 2004-03-09 01:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\system32\richtx32.ocx
2014-12-05 10:37 - 2004-03-08 11:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2014-12-05 10:37 - 2000-05-21 23:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2014-12-05 10:37 - 1998-06-23 12:00 - 00198456 _____ (Microsoft Corporation) C:\Windows\system32\MCI32.OCX
2014-12-04 17:40 - 2014-12-04 17:40 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-04 17:25 - 2014-12-04 17:25 - 00001067 _____ () C:\Users\Public\Desktop\X-Lite.lnk
2014-12-04 17:25 - 2014-12-04 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CounterPath X-Lite
2014-12-04 17:25 - 2014-12-04 17:25 - 00000000 ____D () C:\Program Files\CounterPath
2014-12-04 14:32 - 2014-12-04 14:32 - 07654592 _____ (TeamViewer GmbH) C:\Users\LBDP\Downloads\TeamViewer_Setup_en.exe
2014-12-04 13:26 - 2014-12-13 21:14 - 00000000 ____D () C:\Users\LBDP\Desktop\PELICAN
2014-12-04 02:49 - 2014-12-04 02:49 - 03722456 _____ (oDesk Corporation) C:\Users\LBDP\Downloads\oDeskSetup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 14:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 14:13 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-01-02 12:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-02 09:55 - 2010-11-20 16:01 - 00671164 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 09:51 - 2014-11-01 00:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-02 09:50 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-02 09:50 - 2007-08-28 05:14 - 00179159 _____ () C:\Windows\Minidump\010215-42915-01.dmp
2015-01-02 09:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-02 07:29 - 2014-10-10 05:26 - 00000000 ____D () C:\Users\LBDP
2015-01-01 22:43 - 2014-10-22 01:50 - 00000000 ____D () C:\Users\LBDP\AppData\Local\Adobe
2014-12-27 05:51 - 2009-07-13 23:53 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 05:16 - 2009-07-13 23:33 - 00408000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-27 05:16 - 2009-07-13 21:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 05:16 - 2007-08-28 06:14 - 00000000 ____D () C:\Windows\Panther
2014-12-27 05:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-27 05:13 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-27 05:13 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-20 14:19 - 2014-10-31 12:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 13:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-20 11:00 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-20 11:00 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-12-20 10:59 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-20 10:05 - 2014-10-09 11:52 - 00000000 ____D () C:\Windows\system32\Lang
2014-12-20 08:41 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-20 08:03 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\spool
2014-12-19 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-12-19 17:40 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-19 17:36 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-12-19 16:57 - 2014-10-09 12:19 - 00000000 ____D () C:\Users\LBDP\AppData\Local\Google
2014-12-19 16:39 - 2014-10-10 06:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-19 15:35 - 2014-10-10 06:03 - 00000000 ___RD () C:\MSOCache
2014-12-19 15:32 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 15:32 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 12:11 - 2014-10-10 06:08 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-09 10:44 - 2014-10-09 12:19 - 00000000 ____D () C:\Program Files\Google
 
Some content of TEMP:
====================
C:\Users\LBDP\AppData\Local\temp\dllnt_dump.dll
C:\Users\LBDP\AppData\Local\temp\Quarantine.exe
C:\Users\LBDP\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-01 18:03
 
==================== End Of Log ============================


FRST addition txt results are   

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2015
Ran by LBDP at 2015-01-02 14:27:37
Running from C:\Users\LBDP\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
X-Lite (HKLM\...\{C3BCD420-E3AB-41F2-BF6A-24011A337EC2}) (Version: 47.7.4247 - CounterPath Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-12-2014 19:30:03 after MY FIXING 19-2014
19-12-2014 23:34:03 SuperEasy Registry Cleaner Fri, Dec 19, 14  23:34
20-12-2014 08:26:56 Windows Modules Installer
20-12-2014 10:58:29 BEFORE WIN PATROL removal of comp programs-ME
20-12-2014 14:00:10 Windows Update
01-01-2015 10:15:46 Windows Modules Installer
02-01-2015 07:07:32 Device MGR settings, NEW
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2015-01-02 13:21 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {24BE8FB4-C2AF-4EFE-A35F-EA53A7C852FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2234649931-1513563446-759412437-1000UA => C:\Users\LBDP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2E698C88-773D-4A15-B4E0-BF2247CCCAF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4F815696-950C-4A08-84F1-999329FDBE81} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2234649931-1513563446-759412437-1000Core => C:\Users\LBDP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8D6CEDD0-BD50-42E5-A50C-F74DB6225576} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {966350C3-FF75-41E1-9EE1-4B73A20DE586} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {A446336C-648C-4A34-9D4A-20C2390E50F2} - System32\Tasks\{91ABEAF5-1621-45A8-91A1-526967F70CA4} => pcalua.exe -a C:\Users\LBDP\Favorites\Downloads\VGA_Intel_8.15.10.1825_W7x86_A\VGA_Intel_v.8.15.10.1825_Win7x86\Graphics\TVWSetup.exe -d C:\Users\LBDP\Favorites\Downloads\VGA_Intel_8.15.10.1825_W7x86_A\VGA_Intel_v.8.15.10.1825_Win7x86\Graphics
Task: {C7349B8E-1F0B-4B35-9FDB-8DFE892394E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {D3CECAF6-B1D4-4B08-89FC-89AB8C2E1143} - System32\Tasks\{977116E8-7D89-4DC1-BBD1-B273622A5555} => pcalua.exe -a C:\Users\LBDP\Favorites\Downloads\jxpiinstall.exe -d C:\Users\LBDP\Favorites\Downloads
Task: {EDAE67D8-5E38-4AA2-8845-754394D3B2BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-01] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: TeamViewer => 2
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2234649931-1513563446-759412437-500 - Administrator - Disabled)
Guest (S-1-5-21-2234649931-1513563446-759412437-501 - Limited - Disabled)
LBDP (S-1-5-21-2234649931-1513563446-759412437-1000 - Administrator - Enabled) => C:\Users\LBDP
 
==================== Faulty Device Manager Devices =============
 
Name: Motorola SM56 Data Fax Modem
Description: Motorola SM56 Data Fax Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Motorola Inc
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 02:25:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 01:02:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce796f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x4b0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/02/2015 09:52:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2015 08:58:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 05:18:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 05:10:13 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/31/2014 05:01:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 05:26:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/27/2014 05:16:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 05:13:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/02/2015 02:24:04 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (01/02/2015 02:24:03 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (01/02/2015 02:23:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/02/2015 09:56:13 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (01/02/2015 09:56:12 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (01/02/2015 09:51:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/02/2015 09:51:17 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x1000000a (0x24c4f7eb, 0x000000ff, 0x00000001, 0x82883523)C:\Windows\Minidump\010215-42915-01.dmp010215-42915-01
 
Error: (01/02/2015 09:51:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:50:01 PM on ‎1/‎2/‎2015 was unexpected.
 
Error: (01/02/2015 05:54:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
 
Error: (01/01/2015 08:57:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 02:25:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2015 01:02:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce796f3unknown0.0.0.000000000c0000005000000004b001d0269c3ae914e1C:\Windows\Explorer.EXEunknown84307230-92a9-11e4-8389-0019213fa713
 
Error: (01/02/2015 09:52:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/01/2015 08:58:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 05:18:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/31/2014 05:10:13 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (12/31/2014 05:01:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 05:26:00 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (12/27/2014 05:16:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/27/2014 05:13:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 25%
Total physical RAM: 2038.3 MB
Available physical RAM: 1510.92 MB
Total Pagefile: 3038.3 MB
Available Pagefile: 2489.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:127.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: F87813F1)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


Seems a bit smoother running.. I'll wait for your feed back first


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 03 January 2015 - 08:54 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2234649931-1513563446-759412437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Extension: (Google Wallet) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe"

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 05 January 2015 - 05:27 AM

The frst program is on my desktop, and the folder is in my c drive, which is where I saved the fixlist.txt file but when running frst it says the fixlist.txt is not found in the same dir as frst.. I am not sure why or what to do next.... I'll await your reply before moving forward.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 05 January 2015 - 08:58 AM

The frst program is on my desktop, and the folder is in my c drive
Move the fixlist.txt to your desktop.

p.s.
Keep in mind that the Desktop is also a folder.

#10 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 08 January 2015 - 07:43 AM

LOL, yeah, you're right haha.

 

Here is the fixlogtxt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2015
Ran by LBDP at 2015-01-08 07:04:12 Run:1
Running from C:\Users\LBDP\Desktop
Loaded Profile: LBDP (Available profiles: LBDP)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2234649931-1513563446-759412437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2234649931-1513563446-759412437-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Extension: (Google Wallet) - C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe"
 
End
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
"HKCR\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
"HKCR\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
"HKCR\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
"HKCR\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
"HKCR\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2234649931-1513563446-759412437-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2234649931-1513563446-759412437-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-2234649931-1513563446-759412437-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\LBDP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll not found.
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File not found.
C:\Users\LBDP\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
SkypeUpdate => Service deleted successfully.
 
==== End of Fixlog 07:04:12 ====
 
 
and results of the security test
 
 
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Flash Player 16.0.0.235  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


I noticed ndis.sys in many root dir folders like winsxs and erdnt... Online says its malware.. Just thought I should share with you. I am online at your disposal to do more tests faster


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 08 January 2015 - 11:03 AM

I noticed ndis.sys in many root dir folders like winsxs and erdnt... Online says its malware.. Just thought I should share with you. I am online at your disposal to do more tests faster

These are not necessarily malware. If your computer is running fine let it go.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 08 January 2015 - 11:20 AM

So the fixit.txt and security check test all came back good? Nothing more to do? Sent you a PM too, check on that and let me know if this computer is good. I can log on my other one

and would like you to take a look at it if okay. Its where it all started and it is fresh now with new install too, so I hope we can see the problem early and catch it. 

 

**Sidenote**

Couple of days ago when I did a fresh install on it the first time, Malwarebytes I think, picked up root access Trojan, so I did new install for you too look at and hopefully find it right away



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:56 PM

Posted 08 January 2015 - 12:00 PM

For the other computer you need to start a new topic for it.

We do not service 2 different computers on the same topic.

Run the Farbar tool on the computer and post both logs in the new topic.

When submitted give the URL in your next post here and I will expedite the matter.

#14 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 08 January 2015 - 01:11 PM

Okay here is the URL

http://www.bleepingcomputer.com/forums/t/562544/new-win7-genuine-installfound-root-access-trojan-in-win-def-flagsr-there-more/



#15 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 09 January 2015 - 08:49 AM

I did some scans, removal, found some more stuff, 

 

here is the combo results.

 

ComboFix 15-01-08.01 - LBDP 01/09/2015   8:22.1.2 - x86
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2038.1085 [GMT -5:00]
Running from: c:\users\LBDP\Desktop\callofduty.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-09 to 2015-01-09  )))))))))))))))))))))))))))))))
.
.
2015-01-09 13:27 . 2015-01-09 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-09 13:07 . 2015-01-09 13:09 -------- d-----w- C:\AdwCleaner
2015-01-08 22:43 . 2015-01-08 22:43 -------- d-----w- c:\program files\AVAST Software
2015-01-02 19:26 . 2015-01-08 12:04 -------- d-----w- C:\FRST
2015-01-02 18:14 . 2015-01-09 10:36 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-02 18:14 . 2015-01-02 18:14 -------- d-----w- c:\programdata\RogueKiller
2015-01-02 12:42 . 2015-01-02 12:42 -------- d-sh--w- c:\users\LBDP\AppData\Local\EmieUserList
2015-01-02 12:42 . 2015-01-02 12:42 -------- d-sh--w- c:\users\LBDP\AppData\Local\EmieSiteList
2015-01-02 12:42 . 2015-01-02 12:42 -------- d-sh--w- c:\users\LBDP\AppData\Local\EmieBrowserModeList
2014-12-27 10:13 . 2014-12-27 10:13 -------- d-s---w- c:\windows\system32\CompatTel
2014-12-27 10:13 . 2014-12-27 10:13 -------- d-----w- c:\windows\system32\appraiser
2014-12-20 19:50 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-20 19:50 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-20 19:50 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-20 19:50 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-20 19:50 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-20 18:58 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-12-20 18:50 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-20 18:50 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-20 18:50 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-20 18:50 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-20 18:50 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-20 18:47 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-12-20 18:47 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-12-20 18:47 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-12-20 18:47 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-12-20 18:47 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-12-20 18:42 . 2014-12-20 18:42 -------- d-----w- c:\program files\Common Files\Skype
2014-12-20 15:55 . 2015-01-02 10:17 -------- d-----w- c:\users\LBDP\AppData\Roaming\WinPatrol
2014-12-20 15:54 . 2014-12-20 15:54 -------- d-----w- c:\program files\Ruiware
2014-12-20 14:51 . 2015-01-09 10:49 -------- d-----w- c:\program files\Intel
2014-12-20 14:51 . 2009-07-08 21:34 53248 ----a-r- c:\windows\system32\CSVer.dll
2014-12-20 10:32 . 2015-01-05 05:13 -------- d-----w- c:\users\LBDP\AppData\Roaming\Skype
2014-12-20 10:32 . 2015-01-02 13:09 -------- d-----r- c:\program files\Skype
2014-12-20 02:10 . 2014-12-20 16:00 -------- d-----w- c:\users\SteveO UR BOSS
2014-12-19 22:52 . 2014-12-15 09:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D199B1FB-B2CB-41F0-9CEC-C2EBF5B81592}\mpengine.dll
2014-12-19 22:44 . 2015-01-09 10:46 -------- d-----w- c:\program files\CCleaner
2014-12-19 22:41 . 2015-01-09 13:27 -------- d-----w- c:\users\LBDP\AppData\Local\temp
2014-12-19 22:27 . 2014-12-19 22:27 -------- d-----w- c:\programdata\Malwarebytes
2014-12-19 22:27 . 2014-12-19 22:27 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-19 22:26 . 2014-12-19 22:26 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-19 21:13 . 2014-12-19 21:13 -------- d-----w- c:\windows\ERUNT
2014-12-19 20:58 . 2014-12-19 20:58 -------- d-----w- C:\Intel
2014-12-19 20:44 . 2014-12-19 20:44 -------- d-----w- c:\users\LBDP\AppData\Roaming\TeamViewer
2014-12-19 20:03 . 2014-12-19 20:03 133102966 ----a-w- C:\reg-bakup.reg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 19:59 . 2014-12-02 08:16 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-24 19:04 . 2014-10-22 07:12 229000 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 03201469
*Deregistered* - 03201469
*Deregistered* - tmcomm
*Deregistered* - tmrkb
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 01:38 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
Trusted Zone: ringio.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\LBDP\AppData\Roaming\Mozilla\Firefox\Profiles\6mtwf0xn.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-41689140.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000089
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-09  08:29:19
ComboFix-quarantined-files.txt  2015-01-09 13:29
.
Pre-Run: 146,339,319,808 bytes free
Post-Run: 146,305,744,896 bytes free
.
- - End Of File - - 5BEDA208A4D8C70115D14D7EDE183F7B
A36C5E4F47E84449FF07ED3517B43A31
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users