Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Malware


  • Please log in to reply
14 replies to this topic

#1 StarkTheWolf

StarkTheWolf

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 06 January 2015 - 08:00 PM

Hi guys,

 

I have adware/malware that refuses to be vanquished despite my best efforts. I've used SuperAntiSpyware, HijackThis, Norton 360, Malwarebytes, and Kapersky, and although all of them have found 10+ serious threats and supposedly quarantined/removed them, the viruses have not disappeared, or even been diminished. I do run WinPatrol, which I think has helped stave off the worst effects of the viruses.

 

I don't have any logs because the last time I tried cleaning my PC was about a week ago, and I deleted everything out of frustration since I couldn't get anywhere.

 

What is the next step? I defer to your infinite wisdom.

 

Thank you so much for your help,


Edited by StarkTheWolf, 06 January 2015 - 08:00 PM.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 06 January 2015 - 10:03 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 07 January 2015 - 07:30 PM

Security Check LOG:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java™ 6 Update 31  
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome 38.0.2125.104 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

 

 

 

FSS LOG:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Harry (administrator) on 07-01-2015 at 18:48:54
Running from "C:\Users\Harry\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 

 

 

MINITOOLBOX LOG:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Harry (administrator) on 07-01-2015 at 18:54:14
Running from "C:\Users\Harry\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-69-95-70-65-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::941d:1b19:fa93:7882%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, January 07, 2015 4:32:13 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 07, 2015 7:02:14 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 333474197
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-3B-DE-F3-E0-69-95-70-65-C5
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  openrg.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:80c::1009
      74.125.226.34
      74.125.226.33
      74.125.226.41
      74.125.226.40
      74.125.226.32
      74.125.226.37
      74.125.226.36
      74.125.226.39
      74.125.226.35
      74.125.226.46
      74.125.226.38


Pinging google.com [74.125.226.162] with 32 bytes of data:
Reply from 74.125.226.162: bytes=32 time=10ms TTL=55
Reply from 74.125.226.162: bytes=32 time=17ms TTL=55

Ping statistics for 74.125.226.162:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 17ms, Average = 13ms
Server:  openrg.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=87ms TTL=49
Reply from 206.190.36.45: bytes=32 time=86ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 87ms, Average = 86ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...e0 69 95 70 65 c5 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10    200
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    356
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    356
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    356
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    356
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    356
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    266 fe80::/64                On-link
 13    266 fe80::941d:1b19:fa93:7882/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2015 05:03:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2015 05:03:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/06/2015 08:44:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xc10
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/06/2015 08:11:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.
.

Error: (01/06/2015 08:11:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.
.

Error: (01/06/2015 03:30:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/06/2015 03:30:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/06/2015 03:16:54 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/06/2015 05:21:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/06/2015 02:01:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x18fc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (01/07/2015 04:32:44 PM) (Source: Service Control Manager) (User: )
Description: The CouponArificService64 service failed to start due to the following error:
%%2

Error: (01/07/2015 04:32:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WS.Sustainer service to connect.

Error: (01/06/2015 03:06:36 PM) (Source: Service Control Manager) (User: )
Description: The CouponArificService64 service failed to start due to the following error:
%%2

Error: (01/06/2015 03:06:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WS.Sustainer service to connect.

Error: (01/06/2015 05:55:06 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/06/2015 05:10:40 AM) (Source: Service Control Manager) (User: )
Description: The CouponArificService64 service failed to start due to the following error:
%%2

Error: (01/06/2015 05:10:40 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WS.Sustainer service to connect.

Error: (01/05/2015 02:19:14 PM) (Source: Service Control Manager) (User: )
Description: The CouponArificService64 service failed to start due to the following error:
%%2

Error: (01/05/2015 02:19:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WS.Sustainer service to connect.

Error: (01/04/2015 06:22:52 PM) (Source: Service Control Manager) (User: )
Description: The CouponArificService64 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/07/2015 05:03:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/07/2015 05:03:36 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/06/2015 08:44:57 PM) (Source: Application Error)(User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425c1001d02a13f6de963aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc86b03fc-960e-11e4-83da-e069957065c5

Error: (01/06/2015 08:11:45 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (01/06/2015 08:11:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied.

Error: (01/06/2015 03:30:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/06/2015 03:30:31 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/06/2015 03:16:54 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/06/2015 05:21:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/06/2015 02:01:23 AM) (Source: Application Error)(User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142518fc01d0297e295aa1ccC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld27ae99c-9571-11e4-b827-e069957065c5


CodeIntegrity Errors:
===================================
  Date: 2013-02-27 00:08:21.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 00:08:21.710
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 00:07:18.641
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-27 00:07:18.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 07:18:36.435
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 07:18:36.404
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 07:17:56.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 07:17:56.189
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-25 02:18:34.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-25 02:18:34.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



=========================== Installed Programs ============================
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
BatchPurifier (HKLM-x32\...\{759F4C0F-2066-461F-8EDE-6CB123FC735D}) (Version: 4.1.0 - Digital Confidence)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BestChoice (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3d6032a1}) (Version:  - Software Publisher)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DealsFactor (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - DealsFactor)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.5.0 (HKCU\...\FileZilla Client) (Version: 3.5.0 - )
FllaSHCOupOOnn (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version:  - "")
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IHA_MessageCenter (HKLM-x32\...\{9DA5D90E-6C6D-484B-A549-EF54FEC1C08C}) (Version: 1.8.5 - Verizon)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KinGCoupon (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version:  - "")
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NSIS vgif (HKLM-x32\...\vgif) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.1 - PC Utilities Software Limited)
Outlast (HKLM-x32\...\Outlast_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Panky)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
RoyalCoupOOn (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version:  - "")
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SalesChecker (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version:  - "")
Savinsshopo (HKLM-x32\...\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}) (Version:  - "")
ShareX 9.3.1 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.3.1 - ShareX Developers)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmmaerTCompAre (HKLM-x32\...\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}) (Version:  - SmartCompare)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.2b - Aequus Gaming Ltd.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VidGIF (HKLM-x32\...\VidGIF_is1) (Version:  - GeoVid)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{302A1E2E-DD58-4673-BC99-9CC10EC2637A}) (Version: 24.3.2012 - BillP Studios)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8174.54 MB
Available physical RAM: 5042.2 MB
Total Pagefile: 13435.82 MB
Available Pagefile: 10096.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.17 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:920.21 GB) (Free:8.93 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.2 GB) (Free:1.33 GB) NTFS

========================= Users: ========================================

User accounts for \\HP

Administrator            Aksh                     Gary                     
Guest                    Harry                    

========================= Restore Points ==================================

04-01-2015 08:03:14 Scheduled Checkpoint
05-01-2015 00:00:17 Windows Backup
07-01-2015 01:11:44 Windows Update

**** End of log ****

 



#4 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 07 January 2015 - 08:14 PM

MBAM LOG (no restart required):

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2015
Scan Time: 6:58:18 PM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.20
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Harry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 489546
Time Elapsed: 30 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 48
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9183aeb7-2591-4342-9122-8aa31c7c57a6}, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9183AEB7-2591-4342-9122-8AA31C7C57A6}, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_.9, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_.9, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{9183AEB7-2591-4342-9122-8AA31C7C57A6}, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{9183AEB7-2591-4342-9122-8AA31C7C57A6}\INPROCSERVER32, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9183AEB7-2591-4342-9122-8AA31C7C57A6}, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9183AEB7-2591-4342-9122-8AA31C7C57A6}, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{40DC4B27-4588-C56F-7737-D03A0ACE4383}, No Action By User, [30685a9a0c7dfb3b47910bd17f838e72],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{af6e72fc-975c-41fe-9666-3daeeccd5b9a}, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AF6E72FC-975C-41FE-9666-3DAEECCD5B9A}, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.9, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.9, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AF6E72FC-975C-41FE-9666-3DAEECCD5B9A}, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AF6E72FC-975C-41FE-9666-3DAEECCD5B9A}\INPROCSERVER32, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6E72FC-975C-41FE-9666-3DAEECCD5B9A}, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6E72FC-975C-41FE-9666-3DAEECCD5B9A}, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}, No Action By User, [633539bb4643f442eaee617bfc06c937],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6faccd9e-14f1-4a5d-8701-1857a2b0af5b}, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6FACCD9E-14F1-4A5D-8701-1857A2B0AF5B}, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.9, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.9, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{6FACCD9E-14F1-4A5D-8701-1857A2B0AF5B}, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{6FACCD9E-14F1-4A5D-8701-1857A2B0AF5B}\INPROCSERVER32, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6FACCD9E-14F1-4A5D-8701-1857A2B0AF5B}, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6FACCD9E-14F1-4A5D-8701-1857A2B0AF5B}, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}, No Action By User, [6b2d14e0e7a2ea4c83551dbf3dc501ff],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3d6032a1}, No Action By User, [bade41b3d2b743f311a6fe89df243fc1],
PUP.Optional.CouponArific.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponArificService64, No Action By User, [4e4aa84c1277af87528c85eb887b29d7],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4078119499-3288300230-806680709-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, No Action By User, [3a5e04f08dfc3afc1be79ecd9a69e41c],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-4078119499-3288300230-806680709-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork, No Action By User, [4f49ce266c1d62d42f556dfa20e341bf],
PUP.Optional.DealsFactor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, No Action By User, [dfb9d61e92f7fc3add0dff554bb8bf41],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{152ea13d-717d-44ec-be08-6ac194d18083}, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{152EA13D-717D-44EC-BE08-6AC194D18083}, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\CLASSES\., No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\CLASSES\..9, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\., No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{152EA13D-717D-44EC-BE08-6AC194D18083}, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{152EA13D-717D-44EC-BE08-6AC194D18083}\INPROCSERVER32, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{152EA13D-717D-44EC-BE08-6AC194D18083}, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{152EA13D-717D-44EC-BE08-6AC194D18083}, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-4078119499-3288300230-806680709-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&SSPV=, Good: (www.google.com), Bad: (http://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&SSPV=),No Action By User,[e2b6ac48ec9d42f478b3bdc6c1446e92]

Folders: 7
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor, No Action By User, [dfb9d61e92f7fc3add0dff554bb8bf41],
PUP.Optional.CouponArific, C:\Program Files\CouponArific, No Action By User, [96020fe5206980b6020bd885986b38c8],
PUP.Optional.CouponArific, C:\Program Files\CouponArific\SSL, No Action By User, [96020fe5206980b6020bd885986b38c8],
PUP.Optional.SoftCoup.A, C:\ProgramData\SoftCoup, No Action By User, [beda21d34247da5c3768cb9303006a96],
PUP.Optional.KingCoupon.A, C:\ProgramData\KinGCoupon, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.Booster.A, C:\ProgramData\GreatSoft\WS.Booster, No Action By User, [fa9eb73d355450e60836104f7c87ce32],
PUP.Optional.Booster.A, C:\ProgramData\GreatSoft\WS.Booster\5195167130, No Action By User, [fa9eb73d355450e60836104f7c87ce32],

Files: 36
PUP.Optional.MultiPlug.A, C:\ProgramData\RoyalCoupOOn\n676Mx4zCcKP9O.dll, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.MultiPlug.A, C:\ProgramData\RoyalCoupOOn\n676Mx4zCcKP9O.x64.dll, No Action By User, [9bfdd61e4f3a1b1b39d37010a95c2bd5],
PUP.Optional.Multiplug, C:\ProgramData\RoyalCoupOOn\n676Mx4zCcKP9O.exe, No Action By User, [30685a9a0c7dfb3b47910bd17f838e72],
PUP.Optional.MultiPlug.A, C:\ProgramData\Savinsshopo\1bX11gnmt32Els.dll, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.MultiPlug.A, C:\ProgramData\Savinsshopo\1bX11gnmt32Els.x64.dll, No Action By User, [c9cf4da786033afcb359d6aae91c9e62],
PUP.Optional.Multiplug, C:\ProgramData\Savinsshopo\1bX11gnmt32Els.exe, No Action By User, [633539bb4643f442eaee617bfc06c937],
PUP.Optional.MultiPlug.A, C:\ProgramData\SmmaerTCompAre\fczlYV13PReqbr.dll, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.MultiPlug.A, C:\ProgramData\SmmaerTCompAre\fczlYV13PReqbr.x64.dll, No Action By User, [b2e67f75f5940b2b13f9b9c70500df21],
PUP.Optional.Multiplug, C:\ProgramData\SmmaerTCompAre\fczlYV13PReqbr.exe, No Action By User, [6b2d14e0e7a2ea4c83551dbf3dc501ff],
PUP.Optional.SmartSec, C:\Users\Aksh\Downloads\Setup (1).exe, No Action By User, [514708ec0a7f69cdc194db19827f7090],
PUP.Optional.SmartSec, C:\Users\Aksh\Downloads\Setup v2 1 (1).exe, No Action By User, [dabec92bbfca00362f260aea6b9633cd],
PUP.Optional.SmartSec, C:\Users\Aksh\Downloads\Setup v2 1 (2).exe, No Action By User, [950362928405cd698dc85b993dc451af],
PUP.Optional.SmartSec, C:\Users\Aksh\Downloads\Setup v2 1 (3).exe, No Action By User, [83152dc7aedb0333c293af4533ce659b],
PUP.Optional.DomaIQ, C:\Users\Aksh\Downloads\Setup v2 1.exe, No Action By User, [4b4d8f659bee96a032222ec5c73a926e],
PUP.Optional.DomaIQ, C:\Users\Aksh\Downloads\Setup.exe, No Action By User, [d9bf41b39fea58deb1a39c576f92ea16],
PUP.Optional.SmartSec, C:\Users\Harry\Downloads\Setup.exe, No Action By User, [f0a89361ccbdb1858dba668fe21f3cc4],
PUP.Optional.LiveLyrics.A, C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, No Action By User, [bfd925cf8405d264ba311081f40f7d83],
PUP.Optional.LiveLyrics.A, C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, No Action By User, [20783cb8daaf6acc816a1180c73cf20e],
PUP.Optional.Trovi.A, C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage, No Action By User, [3761c82cd2b742f4ebcfb9d9fb0846ba],
PUP.Optional.Trovi.A, C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trovi.com_0.localstorage-journal, No Action By User, [1880757f1f6ad56111a99200dd26df21],
PUP.Optional.ReMarkable.A, C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, No Action By User, [1880f5ffe9a00d29dcbb2abccf357d83],
PUP.Optional.ReMarkable.A, C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, No Action By User, [6a2eb53f0287f442564111d509fb8779],
PUP.Optional.ReMarkable.A, C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, No Action By User, [3a5eaf4522671323583fb3334fb5ed13],
PUP.Optional.ReMarkable.A, C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, No Action By User, [aaeed321cfbae4529403e30336ce9070],
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor\DealsFactor.exe, No Action By User, [dfb9d61e92f7fc3add0dff554bb8bf41],
PUP.Optional.CouponArific, C:\Program Files\CouponArific\mfs695.tmp, No Action By User, [96020fe5206980b6020bd885986b38c8],
PUP.Optional.CouponArific, C:\Program Files\CouponArific\mfs751.tmp, No Action By User, [96020fe5206980b6020bd885986b38c8],
PUP.Optional.SoftCoup.A, C:\ProgramData\SoftCoup\GK4YflMZVRKjzL.dat, No Action By User, [beda21d34247da5c3768cb9303006a96],
PUP.Optional.SoftCoup.A, C:\ProgramData\SoftCoup\GK4YflMZVRKjzL.tlb, No Action By User, [beda21d34247da5c3768cb9303006a96],
PUP.Optional.KingCoupon.A, C:\ProgramData\KinGCoupon\jQ0QOyT7D3ovGd.dat, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, C:\ProgramData\KinGCoupon\jQ0QOyT7D3ovGd.dll, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, C:\ProgramData\KinGCoupon\jQ0QOyT7D3ovGd.x64.dll, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.KingCoupon.A, C:\ProgramData\KinGCoupon\jQ0QOyT7D3ovGd.tlb, No Action By User, [0d8bd420cbbe46f0b462a0bf788b5ca4],
PUP.Optional.Booster.A, C:\ProgramData\GreatSoft\WS.Booster\5195167130.ini, No Action By User, [fa9eb73d355450e60836104f7c87ce32],
PUP.Optional.Trovi.A, C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (    "homepage": "http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=55&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&SSPV=",), No Action By User,[d9bf24d01a6f20164b26a2246a9b837d]
PUP.Optional.Trovi.A, C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\by28qcbw.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144");), No Action By User,[ecac797be9a081b5db93b214e3222fd1]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

MBAR DATE LOG:

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.07.21

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Harry :: HP [administrator]

1/7/2015 7:34:35 PM
mbar-log-2015-01-07 (19-34-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 491879
Time elapsed: 30 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

MBAR SYSTEM LOG:

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8571621376, free: 5818552320

Downloaded database version: v2015.01.07.21
Downloaded database version: v2015.01.07.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
------------ Kernel report ------------
     01/07/2015 19:34:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ak8fjy0k.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800ac35060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa800ac1a750
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800ac35060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa800ac1a750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800d0f3940
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800ac19060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa800ac0c060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800cb2f360
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800ac40060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa800ac17750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800d24a090
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ac42060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa800ac1a060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800c92de40
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009619790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b7a050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800d188ad0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009619790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096192c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009619790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b7a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00f3e11c0, 0xfffffa8009619790, 0xfffffa800d348790
Lower DeviceData: 0xfffff8a0188c14e0, 0xfffffa8007b7a050, 0xfffffa800d188ad0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8980C8A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1929828352

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1930035200  Numsec = 23486464

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800ac42060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac42b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ac42060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ac1a060, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800ac40060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac40b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ac40060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ac17750, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800ac19060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac19b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ac19060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ac0c060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800ac35060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac35b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ac35060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800ac1a750, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

RKILL LOG:

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2015 08:10:25 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/07/2015 08:12:43 PM
Execution time: 0 hours(s), 2 minute(s), and 17 seconds(s)


Edited by StarkTheWolf, 07 January 2015 - 08:16 PM.


#5 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 07 January 2015 - 08:15 PM

I was not instructed to restart my computer at any point during any of the scans.



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 07 January 2015 - 09:37 PM

I don't see any AV program running.

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program.  How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.
 

Next....

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 09 January 2015 - 01:20 PM

TFC LOG:

 

TFC LOG:

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Administrator
 
User: Aksh
->Temp folder emptied: 2341844 bytes
->Temporary Internet Files folder emptied: 396 bytes
->Java cache emptied: 8778367 bytes
->FireFox cache emptied: 332791579 bytes
->Google Chrome cache emptied: 289078848 bytes
->Flash cache emptied: 143227 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gary
->Temp folder emptied: 5600673 bytes
->Temporary Internet Files folder emptied: 391068063 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 159697279 bytes
->Google Chrome cache emptied: 283220294 bytes
->Flash cache emptied: 55833 bytes
 
User: Guest
 
User: Harry
->Temp folder emptied: 458261552 bytes
->Temporary Internet Files folder emptied: 9751212 bytes
->Java cache emptied: 862468 bytes
->FireFox cache emptied: 439726921 bytes
->Google Chrome cache emptied: 295274643 bytes
->Flash cache emptied: 444083 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 293510 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 860151897 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33432 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321243 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 3,414.00 mb


Edited by StarkTheWolf, 09 January 2015 - 01:20 PM.


#8 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 09 January 2015 - 01:22 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Harry on Fri 01/09/2015 at  7:07:28.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{028CEAC2-6B05-4858-A2EA-2ADA8201E655}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{029C50C5-C400-4635-A819-6E695AD3B82C}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{05CBDDEC-1D86-4B0B-9683-BEB1E3F3B406}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{07506FF0-807E-4749-93AD-B1934669AF57}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{0CB9376C-0FE0-43DA-ACA7-32723122B547}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{10D83416-AB04-4638-B1CD-9EB69D952045}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{173967D2-3130-43B8-A07B-3AF418EBEDBE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{195B1A99-1FBC-4751-B99B-139D85793058}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{19FAEE28-CAD9-484C-91C5-E4E535CFA4FB}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{1B15963A-EC36-4F5A-9AAA-131A3D17B179}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{1BFCB532-899D-44E7-A33F-96E1287A3313}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2267D321-F1E2-427B-81F2-1605DE19A248}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{22BDFB24-0D73-421E-8F73-20DA7C4C85F8}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{23236405-D70E-4662-8ABD-F05BC94863CC}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{24EF26E7-F7A7-43B8-87E2-8012A9E5D300}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2652D86B-5FD4-44FC-BD15-5C8EFD038720}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{27F53B4F-D8A7-43D7-AD84-40760BFBBDCC}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2AC69918-6FE3-4287-8685-21D3AE706EBD}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2B669510-EF85-4866-BBEE-9CE14AA0B42B}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2BBEA663-6009-4B5E-90C4-AB0158ABAAFF}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2D90DC7F-233E-4F3A-96A4-9BF86EE6C371}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{2ED8AC8C-0258-4A1B-9F0E-884C7241DB53}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{31D6566B-C44E-4D7A-B61F-5256BAB7C459}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{33B3D5AE-FDBF-4D30-9B7E-5AC6D25FDA82}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{341721CA-9CAB-49D9-86DA-D74449E3AEC6}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{34D568DF-A1BA-498D-A867-86AF5383B6DC}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{367F28E6-53E5-4C78-9B01-721BB55F1BF6}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{3911D5F3-EA22-4D8E-8D4E-8C1A3DC80E06}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{3BCE6AB5-A27A-4036-8095-18677D0D45FD}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{40ED84BB-DD8E-4CDF-983B-731E17EB149D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{41D353F5-A780-4BD9-A080-75CA5C39EDBA}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{42A58801-A00D-45BD-81BD-93F2291EDED7}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{4472A259-B161-4115-9C39-AD2A4DC4E4F7}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{4BE09A5C-BE04-4D16-B8F7-B0DF4071E75B}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{4FCD9F49-1EC6-4148-94CA-1B3866C64F9B}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{51B8E2B8-D80D-473E-B69E-F7DB19D04078}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{54251FC7-F31C-431A-9DCB-23B4FEFE97CB}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{544305BF-868B-4671-BF02-0CA8F114480D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{56305732-722C-488B-9B75-60FF4D3AEBA3}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{5B94B413-5C72-489C-A5FC-78521555A7F2}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{5FF788CE-D7F9-4D59-9028-D39D63F03DD2}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{60FA10B8-96C5-47F0-A1CD-9FBE266AC818}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{63ECF94F-3087-47EE-AC29-C652C0A22475}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{66222EF2-62DB-4F0D-9FC3-784C9F9600A9}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{66923A76-E5BF-4E52-A1A3-74358ED1F91D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{68CC3FB3-2470-4300-8A68-65C448FA7F57}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{6A70B92A-307F-4417-8D0C-D49B2E2BA81D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{6D377C7E-7846-40C8-962E-5E3760CC6D9A}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{6E77B4BD-99DA-487B-9628-50B3CA5E7ED6}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{6F468F4E-8AB5-4193-AF54-BD18731DFCA3}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{707FE98B-69BA-4E00-A609-65CDAE011E68}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{70C6DCE9-0091-4F29-9E45-1096BE73B732}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{75DCF0EF-B82E-424B-AEA4-2466AD095DB5}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{776B0F91-28CC-410A-89D6-DE3D7DE08591}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{79149D45-F790-43E0-BDA6-87EFB499AEEE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{7AD9481A-A54E-4190-9133-DC2D94EC3830}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{7B25D869-5B35-4559-89BD-15C98B40BF69}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{7D59F3D6-3392-4773-BFEE-4E0D1B87BA6C}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{7EA6F5E9-201E-4F61-92EA-D84DF1FA0463}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{7EE9ACD3-B005-4A75-B94B-C52D10658594}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{806573D2-41A2-4533-9267-A63A31B49282}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{899CDC91-14BF-4C10-9F00-F098875963CE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{8B04C6F3-C1F1-44AE-B83D-4684BABFE32A}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{9215C4BE-70AB-4933-9166-78D5EB430341}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{92C14FBA-DDA2-4F9C-9DD9-A8041D10B42F}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{99F62E83-8F67-413D-8EA0-291563CB133F}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{9B6B439F-F3E0-40E2-9E3C-94AE72CAAC07}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{9D1F1CC3-F72D-49BA-8B16-B6133120A354}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{9F78AEAA-3950-4DC4-AFD4-68D9DF46CD0C}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{A145B522-2472-4046-B626-BD6803388E4C}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{A1774D40-B644-482A-9A0D-499541A0B3DE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{A1916C08-6EA5-4F2A-8E32-D3552FED223A}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{A39B3F63-9FC8-4949-9F5B-72AEEDBE5A97}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{A78F9ABA-218C-433E-9FD9-403180C87B79}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{AC847B98-BF2F-4069-98AB-FA4FA050F02D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{ACCD9C44-C0C7-4197-BACE-A378462051B4}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{AEA378C1-9905-4842-8F7C-0AC3D33E37A7}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{AF844913-3C48-44DB-A626-8BED68C421B4}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{B0924318-01E7-443F-81A3-56BE0B41C518}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{B170A838-E3A5-433B-BB10-BED8E6E939FE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{B18CBB23-4FAB-4EF0-8BC3-52531E1649D3}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{B4DA28F4-6BD1-45EA-8450-090424C82F01}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{B5C45935-7907-44FD-8270-87420FAB4888}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{BC3F311D-6C4F-411A-865E-BDB8BAE149AC}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C399462F-E108-4605-B68B-ADC784A8BDEE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C4B04082-5476-45D5-90C3-EE76482D4A0A}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C574EBDF-90B0-41B3-AB37-D87158543877}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C5A67F7D-6963-41A5-AE4A-529AC9550E6F}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C852A823-8428-49D1-8DBE-6572F4151345}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{C9C82A1C-A6B9-42AF-9184-A258BE1FA6CB}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CAF235B2-15C9-4366-B6D2-09B865E4A263}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CAFA41B5-3497-4114-B8F0-67CB3FE6C236}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CC1826D6-109C-4CFE-B3F3-B062367A0C65}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CC3B5898-F17D-4546-9D77-ADA3E0CCD158}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CC9679F0-A986-406D-AC6C-D1A514150CEB}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{CEA83F7D-9D56-421B-9416-DF71ED814863}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{D00DEDCD-2AC6-4562-B1AE-B2B634D9D22A}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{D05AC6B3-306B-4627-9EF6-27AA3B3155A6}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{D1674C1B-1081-473D-9EF4-C0078ED03FCE}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{D7667F43-7311-4479-B38A-7E321FE4459D}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{D917DB4B-DDAD-4EC0-A6DA-83B2AB0A8394}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{DCE238B0-0FA5-4EA7-A585-5018FCE4DBE5}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{DEA9DC56-62B8-4EA2-B452-2B00F4FA5790}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{E240DDE2-EC15-4CF8-9A45-784CCB7D8BDB}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{E3C4CD96-6DFE-4D53-8C90-0AD6DCE8B8B0}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{E45D5D94-2C1B-4664-BA46-36140B15FFA3}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{E9134576-F550-4649-BB6A-A7414EA75359}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{EAA58BD5-D56C-4861-ACB1-FA3A96D75CF9}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{EDB2AE65-9FC2-49BC-95A4-D0CCCB79F444}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{EE36A49A-C33D-4E2D-B7D6-7ED8571D64B9}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{EFA97672-6E20-4131-8939-FB08243723BA}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{F0FAB5BF-ACFD-4890-9575-8A57A4245E03}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{F50B7863-C735-45E7-9002-6F1F6FF785E7}
Successfully deleted: [Empty Folder] C:\Users\Harry\appdata\local\{FAE13806-D049-443A-916A-028C591BA2DF}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Harry\AppData\Roaming\mozilla\firefox\profiles\by28qcbw.default\prefs.js

user_pref("extensions.1fft3zKLPLP38sw6.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.B71feo40xVzQMkFY.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.cyp2cpO7nuqVjWgM.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.f2PJzQOeV6qmerg7.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.ogxx2DBrpTc7KtAF.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.wVKzazqELVYI8G99.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_executeCode", "var VBATES_IsValidUrl=function(currentUrl,currentBrowser,queryParam){try{var urlParts=curren
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partn_time_scores.espn.go.com", "not set");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_VBATES_partners", "{_&&_www.brandalley.co.uk_&&_:_&&_www.awin1.com/awclick.php?mid=3676&id=178119_&&_,_&&_www.curr
Emptied folder: C:\Users\Harry\AppData\Roaming\mozilla\firefox\profiles\by28qcbw.default\minidumps [384 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/09/2015 at  7:10:59.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


SOPHOS PRE-REBOOT

 

2015-01-09 12:14:27.967    Sophos Virus Removal Tool version 2.5.4
2015-01-09 12:14:27.967    Copyright © 2009-2014 Sophos Limited. All rights reserved.

2015-01-09 12:14:27.967    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-09 12:14:27.967    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-01-09 12:14:27.967    Checking for updates...
2015-01-09 12:14:32.896    Option all = no
2015-01-09 12:14:32.896    Option recurse = yes
2015-01-09 12:14:32.896    Option archive = no
2015-01-09 12:14:32.896    Option service = yes
2015-01-09 12:14:32.896    Option confirm = yes
2015-01-09 12:14:32.896    Option sxl = yes
2015-01-09 12:14:32.896    Option max-data-age = 35
2015-01-09 12:14:32.896    Option EnableSafeClean = yes
2015-01-09 12:14:34.191    Option vdl-logging = yes
2015-01-09 12:14:34.285    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 12:14:34.285    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 12:14:34.285    Component SVRTcli.exe version 2.5.4
2015-01-09 12:14:34.285    Component control.dll version 2.5.4
2015-01-09 12:14:34.285    Component SVRTservice.exe version 2.5.4
2015-01-09 12:14:34.285    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 12:14:34.285    Component engine\veex.dll version 3.58.3.2183
2015-01-09 12:14:34.285    Component engine\savi.dll version 8.1.5.2183
2015-01-09 12:14:34.285    Component rkdisk.dll version 1.5.30.0
2015-01-09 12:14:34.285    Version info:    Product version    2.5.4
2015-01-09 12:14:34.285    Version info:    Detection engine    3.58.3
2015-01-09 12:14:34.285    Version info:    Detection data    5.08
2015-01-09 12:14:34.285    Version info:    Build date    11/11/2014
2015-01-09 12:14:34.285    Version info:    Data files added    546
2015-01-09 12:14:34.285    Version info:    Last successful update    (not yet updated)
2015-01-09 12:14:41.570    Update progress: proxy server not available
2015-01-09 12:14:47.857    Downloading updates...
2015-01-09 12:14:47.857    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-09 12:14:47.857    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-09 12:14:47.857    Update progress: [I19463] Syncing product SAVIW32 48
2015-01-09 12:14:49.214    Update progress: [I19463] Syncing product IDE509 177
2015-01-09 12:14:49.838    Installing updates...
2015-01-09 12:14:50.446    Error level 1
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE510 179
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE511 170
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE512 25
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE513 1
2015-01-09 12:15:18.994    Update successful
2015-01-09 12:15:38.494    Option all = no
2015-01-09 12:15:38.494    Option recurse = yes
2015-01-09 12:15:38.494    Option archive = no
2015-01-09 12:15:38.494    Option service = yes
2015-01-09 12:15:38.494    Option confirm = yes
2015-01-09 12:15:38.494    Option sxl = yes
2015-01-09 12:15:38.510    Option max-data-age = 35
2015-01-09 12:15:38.510    Option EnableSafeClean = yes
2015-01-09 12:15:38.541    Option vdl-logging = yes
2015-01-09 12:15:38.541    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 12:15:38.541    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 12:15:38.541    Component SVRTcli.exe version 2.5.4
2015-01-09 12:15:38.541    Component control.dll version 2.5.4
2015-01-09 12:15:38.541    Component SVRTservice.exe version 2.5.4
2015-01-09 12:15:38.541    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 12:15:38.541    Component engine\veex.dll version 3.58.3.2183
2015-01-09 12:15:38.541    Component engine\savi.dll version 8.1.5.2183
2015-01-09 12:15:38.541    Component rkdisk.dll version 1.5.30.0
2015-01-09 12:15:38.541    Version info:    Product version    2.5.4
2015-01-09 12:15:38.541    Version info:    Detection engine    3.58.3
2015-01-09 12:15:38.541    Version info:    Detection data    5.08G
2015-01-09 12:15:38.541    Version info:    Build date    11/11/2014
2015-01-09 12:15:38.541    Version info:    Data files added    546
2015-01-09 12:15:38.541    Version info:    Last successful update    1/9/2015 7:15:18 AM

2015-01-09 12:16:00.880    Warning: rootkit scan failed to open volume "\\?\Volume{10fea9da-6d7a-11e1-aa79-e069957065c5}" (5)
2015-01-09 12:45:33.435    Could not open C:\hiberfil.sys
2015-01-09 12:45:38.666    Could not open C:\pagefile.sys
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\R.G. Gamblers\Outlast\Binaries\Win32\steam_api.dll
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{512363d9-96fc-11e4-a552-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{68b8fa9b-95df-11e4-83da-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{7ef07a91-9468-11e4-b651-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{9f66fc21-97f7-11e4-9c6b-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{a483fff6-8f15-11e4-8c8e-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:02:04.688    >>> Virus 'Mal/ZAccConf-A' found in file C:\Users\Aksh\AppData\Local\1948c0c4\@
2015-01-09 13:02:04.688    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:05:49.406    >>> Virus 'CXmal/BadLnk-A' found in file C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012\System Security  2012.lnk
2015-01-09 13:05:49.406    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:05:49.409    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:05:49.409    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file C:\Users\Harry\Downloads\MediaMonkey Gold\MediaMonkey.Gold.v3.2.5.1306.Multilingual\UST\Keygen.exe
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:17:08.976    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-09 13:17:09.001    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-09 13:17:19.600    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-09 13:17:19.622    Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-09 13:17:19.623    Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-09 13:17:19.626    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-09 13:17:19.627    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-09 13:33:16.636    Could not open LOGICAL:0005:00000000
2015-01-09 13:33:16.646    Could not open F:\
2015-01-09 13:33:16.656    Could not open LOGICAL:0006:00000000
2015-01-09 13:33:16.666    Could not open G:\
2015-01-09 13:33:16.676    Could not open LOGICAL:0007:00000000
2015-01-09 13:33:16.686    Could not open H:\
2015-01-09 13:33:16.696    Could not open LOGICAL:0008:00000000
2015-01-09 13:33:16.706    Could not open I:\
2015-01-09 13:33:16.706    Could not open LOGICAL:0010:00000000
2015-01-09 13:33:16.706    Could not open Q:\
2015-01-09 13:33:16.786    Could not open PHYSICAL:0081:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0082:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0083:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0084:0000:0000:0001
2015-01-09 13:33:16.826    The following items will be cleaned up:
2015-01-09 13:33:16.826    Mal/VMProtBad-A
2015-01-09 13:33:16.826    Mal/ZAccConf-A
2015-01-09 13:33:16.826    CXmal/BadLnk-A
2015-01-09 13:33:16.826    CXmal/KeyGen-M
 


SOPHOS POST REBOOT

 

2015-01-09 12:14:27.967    Sophos Virus Removal Tool version 2.5.4
2015-01-09 12:14:27.967    Copyright © 2009-2014 Sophos Limited. All rights reserved.

2015-01-09 12:14:27.967    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-09 12:14:27.967    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-01-09 12:14:27.967    Checking for updates...
2015-01-09 12:14:32.896    Option all = no
2015-01-09 12:14:32.896    Option recurse = yes
2015-01-09 12:14:32.896    Option archive = no
2015-01-09 12:14:32.896    Option service = yes
2015-01-09 12:14:32.896    Option confirm = yes
2015-01-09 12:14:32.896    Option sxl = yes
2015-01-09 12:14:32.896    Option max-data-age = 35
2015-01-09 12:14:32.896    Option EnableSafeClean = yes
2015-01-09 12:14:34.191    Option vdl-logging = yes
2015-01-09 12:14:34.285    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 12:14:34.285    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 12:14:34.285    Component SVRTcli.exe version 2.5.4
2015-01-09 12:14:34.285    Component control.dll version 2.5.4
2015-01-09 12:14:34.285    Component SVRTservice.exe version 2.5.4
2015-01-09 12:14:34.285    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 12:14:34.285    Component engine\veex.dll version 3.58.3.2183
2015-01-09 12:14:34.285    Component engine\savi.dll version 8.1.5.2183
2015-01-09 12:14:34.285    Component rkdisk.dll version 1.5.30.0
2015-01-09 12:14:34.285    Version info:    Product version    2.5.4
2015-01-09 12:14:34.285    Version info:    Detection engine    3.58.3
2015-01-09 12:14:34.285    Version info:    Detection data    5.08
2015-01-09 12:14:34.285    Version info:    Build date    11/11/2014
2015-01-09 12:14:34.285    Version info:    Data files added    546
2015-01-09 12:14:34.285    Version info:    Last successful update    (not yet updated)
2015-01-09 12:14:41.570    Update progress: proxy server not available
2015-01-09 12:14:47.857    Downloading updates...
2015-01-09 12:14:47.857    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-09 12:14:47.857    Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-09 12:14:47.857    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-09 12:14:47.857    Update progress: [I19463] Syncing product SAVIW32 48
2015-01-09 12:14:49.214    Update progress: [I19463] Syncing product IDE509 177
2015-01-09 12:14:49.838    Installing updates...
2015-01-09 12:14:50.446    Error level 1
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE510 179
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE511 170
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE512 25
2015-01-09 12:14:50.446    Update progress: [I19463] Syncing product IDE513 1
2015-01-09 12:15:18.994    Update successful
2015-01-09 12:15:38.494    Option all = no
2015-01-09 12:15:38.494    Option recurse = yes
2015-01-09 12:15:38.494    Option archive = no
2015-01-09 12:15:38.494    Option service = yes
2015-01-09 12:15:38.494    Option confirm = yes
2015-01-09 12:15:38.494    Option sxl = yes
2015-01-09 12:15:38.510    Option max-data-age = 35
2015-01-09 12:15:38.510    Option EnableSafeClean = yes
2015-01-09 12:15:38.541    Option vdl-logging = yes
2015-01-09 12:15:38.541    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 12:15:38.541    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 12:15:38.541    Component SVRTcli.exe version 2.5.4
2015-01-09 12:15:38.541    Component control.dll version 2.5.4
2015-01-09 12:15:38.541    Component SVRTservice.exe version 2.5.4
2015-01-09 12:15:38.541    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 12:15:38.541    Component engine\veex.dll version 3.58.3.2183
2015-01-09 12:15:38.541    Component engine\savi.dll version 8.1.5.2183
2015-01-09 12:15:38.541    Component rkdisk.dll version 1.5.30.0
2015-01-09 12:15:38.541    Version info:    Product version    2.5.4
2015-01-09 12:15:38.541    Version info:    Detection engine    3.58.3
2015-01-09 12:15:38.541    Version info:    Detection data    5.08G
2015-01-09 12:15:38.541    Version info:    Build date    11/11/2014
2015-01-09 12:15:38.541    Version info:    Data files added    546
2015-01-09 12:15:38.541    Version info:    Last successful update    1/9/2015 7:15:18 AM

2015-01-09 12:16:00.880    Warning: rootkit scan failed to open volume "\\?\Volume{10fea9da-6d7a-11e1-aa79-e069957065c5}" (5)
2015-01-09 12:45:33.435    Could not open C:\hiberfil.sys
2015-01-09 12:45:38.666    Could not open C:\pagefile.sys
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\R.G. Gamblers\Outlast\Binaries\Win32\steam_api.dll
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.398    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.399    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 12:54:24.400    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{512363d9-96fc-11e4-a552-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.185    Could not open C:\System Volume Information\{68b8fa9b-95df-11e4-83da-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{7ef07a91-9468-11e4-b651-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{9f66fc21-97f7-11e4-9c6b-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:01:58.186    Could not open C:\System Volume Information\{a483fff6-8f15-11e4-8c8e-e069957065c5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-09 13:02:04.688    >>> Virus 'Mal/ZAccConf-A' found in file C:\Users\Aksh\AppData\Local\1948c0c4\@
2015-01-09 13:02:04.688    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.689    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:02:04.690    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:02:04.691    >>> Virus 'Mal/ZAccConf-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:05:49.406    >>> Virus 'CXmal/BadLnk-A' found in file C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012\System Security  2012.lnk
2015-01-09 13:05:49.406    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.407    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:05:49.408    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:05:49.409    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:05:49.409    >>> Virus 'CXmal/BadLnk-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file C:\Users\Harry\Downloads\MediaMonkey Gold\MediaMonkey.Gold.v3.2.5.1306.Multilingual\UST\Keygen.exe
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2015-01-09 13:12:07.023    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.024    >>> Virus 'CXmal/KeyGen-M' found in file HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.025    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:12:07.026    >>> Virus 'CXmal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-01-09 13:17:08.976    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-09 13:17:09.001    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-09 13:17:19.600    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-09 13:17:19.622    Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-09 13:17:19.623    Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-09 13:17:19.626    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-09 13:17:19.627    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-09 13:33:16.636    Could not open LOGICAL:0005:00000000
2015-01-09 13:33:16.646    Could not open F:\
2015-01-09 13:33:16.656    Could not open LOGICAL:0006:00000000
2015-01-09 13:33:16.666    Could not open G:\
2015-01-09 13:33:16.676    Could not open LOGICAL:0007:00000000
2015-01-09 13:33:16.686    Could not open H:\
2015-01-09 13:33:16.696    Could not open LOGICAL:0008:00000000
2015-01-09 13:33:16.706    Could not open I:\
2015-01-09 13:33:16.706    Could not open LOGICAL:0010:00000000
2015-01-09 13:33:16.706    Could not open Q:\
2015-01-09 13:33:16.786    Could not open PHYSICAL:0081:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0082:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0083:0000:0000:0001
2015-01-09 13:33:16.796    Could not open PHYSICAL:0084:0000:0000:0001
2015-01-09 13:33:16.826    The following items will be cleaned up:
2015-01-09 13:33:16.826    Mal/VMProtBad-A
2015-01-09 13:33:16.826    Mal/ZAccConf-A
2015-01-09 13:33:16.826    CXmal/BadLnk-A
2015-01-09 13:33:16.826    CXmal/KeyGen-M
2015-01-09 14:58:52.361    Threat 'Mal/VMProtBad-A' has been cleaned up.
2015-01-09 14:58:52.375    File "C:\Program Files (x86)\R.G. Gamblers\Outlast\Binaries\Win32\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.375    File "C:\Program Files (x86)\R.G. Gamblers\Outlast\Binaries\Win32\steam_api.dll" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKU\S-1-5-21-4078119499-3288300230-806680709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.376    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-01-09 14:58:52.376    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208" has been cleaned up.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208" belongs to malware 'Mal/VMProtBad-A'.
2015-01-09 14:58:52.377    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208" has been cleaned up.
2015-01-09 14:58:52.377    Removal successful
2015-01-09 14:58:54.636    Threat 'Mal/ZAccConf-A' needs a reboot to complete cleanup.
2015-01-09 14:58:54.636    File "C:\Users\Aksh\AppData\Local\1948c0c4\@" belongs to malware 'Mal/ZAccConf-A'.
2015-01-09 14:58:54.637    File "C:\Users\Aksh\AppData\Local\1948c0c4\@" needs a reboot to complete cleanup.
2015-01-09 14:58:54.637    Threat will be removed on reboot.
2015-01-09 14:58:58.046    Threat 'CXmal/BadLnk-A' has been cleaned up.
2015-01-09 14:58:58.046    File "C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012\System Security  2012.lnk" belongs to malware 'CXmal/BadLnk-A'.
2015-01-09 14:58:58.046    File "C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012\System Security  2012.lnk" has been cleaned up.
2015-01-09 14:58:58.046    Removal successful
2015-01-09 14:59:01.187    Threat 'CXmal/KeyGen-M' has been cleaned up.
2015-01-09 14:59:01.187    File "C:\Users\Harry\Downloads\MediaMonkey Gold\MediaMonkey.Gold.v3.2.5.1306.Multilingual\UST\Keygen.exe" belongs to malware 'CXmal/KeyGen-M'.
2015-01-09 14:59:01.187    File "C:\Users\Harry\Downloads\MediaMonkey Gold\MediaMonkey.Gold.v3.2.5.1306.Multilingual\UST\Keygen.exe" has been cleaned up.
2015-01-09 14:59:01.187    Removal successful
2015-01-09 14:59:01.481    Installed boot task components.

2015-01-09 14:59:01.501    Contents of SafeClean bin directory:
2015-01-09 14:59:01.502    {
2015-01-09 14:59:01.502        RecordID   : "0000000000000001",
2015-01-09 14:59:01.502        ItemType   : "1",
2015-01-09 14:59:01.502        Location   : "C:\Program Files (x86)\R.G. Gamblers\Outlast\Binaries\Win32\",
2015-01-09 14:59:01.502        FileName   : "steam_api.dll",
2015-01-09 14:59:01.502        ThreatName : "Mal/VMProtBad-A",
2015-01-09 14:59:01.502        Checksum   : "89fd425f80bfbb5fe671309789e697d72d9d4cbdd50a329a5974b8b5cb1bdc07",
2015-01-09 14:59:01.502        TimeStamp  : "Fri Jan 09 09:58:46 2015"
2015-01-09 14:59:01.502    }
2015-01-09 14:59:01.502    {
2015-01-09 14:59:01.502        RecordID   : "0000000000000002",
2015-01-09 14:59:01.502        ItemType   : "1",
2015-01-09 14:59:01.502        Location   : "C:\Users\Aksh\AppData\Local\1948c0c4\",
2015-01-09 14:59:01.502        FileName   : "@",
2015-01-09 14:59:01.502        ThreatName : "Mal/ZAccConf-A",
2015-01-09 14:59:01.502        Checksum   : "c8926338dc57916264a32374f87ad2d73d1e98f7cde5fd543a2a8006c2b0e1bf",
2015-01-09 14:59:01.502        TimeStamp  : "Fri Jan 09 09:58:52 2015"
2015-01-09 14:59:01.502    }
2015-01-09 14:59:01.502    {
2015-01-09 14:59:01.502        RecordID   : "0000000000000003",
2015-01-09 14:59:01.502        ItemType   : "1",
2015-01-09 14:59:01.502        Location   : "C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security  2012\",
2015-01-09 14:59:01.502        FileName   : "System Security  2012.lnk",
2015-01-09 14:59:01.503        ThreatName : "CXmal/BadLnk-A",
2015-01-09 14:59:01.503        Checksum   : "ad58c780881556f0636f4ad558331e0795bf3915c033546ff5bf99955f922378",
2015-01-09 14:59:01.503        TimeStamp  : "Fri Jan 09 09:58:54 2015"
2015-01-09 14:59:01.503    }
2015-01-09 14:59:01.503    {
2015-01-09 14:59:01.503        RecordID   : "0000000000000004",
2015-01-09 14:59:01.503        ItemType   : "1",
2015-01-09 14:59:01.503        Location   : "C:\Users\Harry\Downloads\MediaMonkey Gold\MediaMonkey.Gold.v3.2.5.1306.Multilingual\UST\",
2015-01-09 14:59:01.503        FileName   : "Keygen.exe",
2015-01-09 14:59:01.503        ThreatName : "CXmal/KeyGen-M",
2015-01-09 14:59:01.503        Checksum   : "cce87bc7c1162efea5e59a0a0c7d4159f3d22b2e2bf78fa1832d1c3a5a1961bd",
2015-01-09 14:59:01.503        TimeStamp  : "Fri Jan 09 09:58:58 2015"
2015-01-09 14:59:01.503    }
2015-01-09 14:59:01.978    The computer must be restarted in order to complete the cleanup.
2015-01-09 14:59:01.989    Error level 5
2015-01-09 14:59:01.992    Cleanup on restart pending for Mal/ZAccConf-A: DeleteFile "\\?\C:\Users\Aksh\AppData\Local\1948c0c4\@"

2015-01-09 16:59:38.679    Scan completed.
2015-01-09 16:59:38.679    

------------------------------------------------------------

2015-01-09 18:12:39.975    Sophos Virus Removal Tool version 2.5.4
2015-01-09 18:12:39.975    Copyright © 2009-2014 Sophos Limited. All rights reserved.

2015-01-09 18:12:39.975    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-09 18:12:39.975    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-01-09 18:12:39.975    Checking for updates...
2015-01-09 18:12:42.315    Update progress: proxy server not available
2015-01-09 18:13:17.992    Option all = no
2015-01-09 18:13:17.992    Option recurse = yes
2015-01-09 18:13:17.992    Option archive = no
2015-01-09 18:13:17.992    Option service = yes
2015-01-09 18:13:17.992    Option confirm = yes
2015-01-09 18:13:17.992    Option sxl = yes
2015-01-09 18:13:17.992    Option max-data-age = 35
2015-01-09 18:13:17.992    Option EnableSafeClean = yes
2015-01-09 18:13:18.070    Option vdl-logging = yes
2015-01-09 18:13:18.070    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 18:13:18.070    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 18:13:18.070    Component SVRTcli.exe version 2.5.4
2015-01-09 18:13:18.070    Component control.dll version 2.5.4
2015-01-09 18:13:18.070    Component SVRTservice.exe version 2.5.4
2015-01-09 18:13:18.070    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 18:13:18.070    Component engine\veex.dll version 3.58.3.2183
2015-01-09 18:13:18.070    Component engine\savi.dll version 8.1.5.2183
2015-01-09 18:13:18.070    Component rkdisk.dll version 1.5.30.0
2015-01-09 18:13:18.070    Version info:    Product version    2.5.4
2015-01-09 18:13:18.070    Version info:    Detection engine    3.58.3
2015-01-09 18:13:18.070    Version info:    Detection data    5.08G
2015-01-09 18:13:18.070    Version info:    Build date    11/11/2014
2015-01-09 18:13:18.070    Version info:    Data files added    546
2015-01-09 18:13:18.070    Version info:    Last successful update    1/9/2015 7:15:18 AM
2015-01-09 18:13:24.810    Downloading updates...
2015-01-09 18:13:24.810    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-09 18:13:24.810    Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-09 18:13:24.810    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-09 18:13:24.810    Update progress: [I19463] Syncing product SAVIW32 48
2015-01-09 18:13:24.810    Update progress: [I19463] Syncing product IDE509 177
2015-01-09 18:13:28.460    Update progress: [I19463] Syncing product IDE510 179
2015-01-09 18:13:28.460    Update progress: [I19463] Syncing product IDE511 170
2015-01-09 18:13:28.460    Update progress: [I19463] Syncing product IDE512 27
2015-01-09 18:13:28.538    Installing updates...
2015-01-09 18:13:29.146    Error level 1
2015-01-09 18:13:29.396    Update progress: [I19463] Syncing product IDE513 1
2015-01-09 18:13:29.427    Update successful
2015-01-09 18:13:34.372    Option all = no
2015-01-09 18:13:34.372    Option recurse = yes
2015-01-09 18:13:34.372    Option archive = no
2015-01-09 18:13:34.372    Option service = yes
2015-01-09 18:13:34.372    Option confirm = yes
2015-01-09 18:13:34.372    Option sxl = yes
2015-01-09 18:13:34.372    Option max-data-age = 35
2015-01-09 18:13:34.372    Option EnableSafeClean = yes
2015-01-09 18:13:34.404    Option vdl-logging = yes
2015-01-09 18:13:34.404    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2015-01-09 18:13:34.404    Machine ID:    7427b9c9268746f49726e95f2afb3bec
2015-01-09 18:13:34.404    Component SVRTcli.exe version 2.5.4
2015-01-09 18:13:34.404    Component control.dll version 2.5.4
2015-01-09 18:13:34.404    Component SVRTservice.exe version 2.5.4
2015-01-09 18:13:34.404    Component engine\osdp.dll version 1.44.1.2183
2015-01-09 18:13:34.404    Component engine\veex.dll version 3.58.3.2183
2015-01-09 18:13:34.404    Component engine\savi.dll version 8.1.5.2183
2015-01-09 18:13:34.419    Component rkdisk.dll version 1.5.30.0
2015-01-09 18:13:34.419    Version info:    Product version    2.5.4
2015-01-09 18:13:34.419    Version info:    Detection engine    3.58.3
2015-01-09 18:13:34.419    Version info:    Detection data    5.08G
2015-01-09 18:13:34.419    Version info:    Build date    11/11/2014
2015-01-09 18:13:34.419    Version info:    Data files added    548
2015-01-09 18:13:34.419    Version info:    Last successful update    1/9/2015 1:13:29 PM
2015-01-09 18:13:34.419    Cleanup on restart completed for Mal/ZAccConf-A: DeleteFile "\\?\C:\Users\Aksh\AppData\Local\1948c0c4\@"
2015-01-09 18:13:34.419    All cleanup on restart operations completed successfully.
 



#9 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 09 January 2015 - 01:24 PM

When I try to post the ADWARE CLEANER LOG, I get a message which reads, "You don't have permission for that action."

 

I am also unable to locate the Avast logs.



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 09 January 2015 - 06:55 PM

Upload the AdwCleaner log here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 09 January 2015 - 07:14 PM

https://www.sendspace.com/file/wwl4z8

 

Do you need the Avast logs?



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 09 January 2015 - 07:25 PM

No.

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 07:03:30
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Harry - HP
# Running from : C:\Users\Harry\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 1a34a8e0
[#] Service Deleted : CouponArificService64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\SoftCoup
Folder Deleted : C:\ProgramData\DealsFactor
Folder Deleted : C:\ProgramData\FllaSHCOupOOnn
Folder Deleted : C:\ProgramData\KinGCoupon
Folder Deleted : C:\ProgramData\RoyalCoupOOn
Folder Deleted : C:\ProgramData\SalesChecker
Folder Deleted : C:\ProgramData\Savinsshopo
Folder Deleted : C:\ProgramData\SmmaerTCompAre
Folder Deleted : C:\ProgramData\wEbsave
Folder Deleted : C:\ProgramData\74826ac90a575bf1
Folder Deleted : C:\ProgramData\8395390067066493937
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Program Files (x86)\wEbsave
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\CouponArific
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Aksh\AppData\Local\Babylon
Folder Deleted : C:\Users\Aksh\AppData\Local\torch
Folder Deleted : C:\Users\Aksh\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gary\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Harry\AppData\Local\torch
Folder Deleted : C:\Users\Harry\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Aksh\AppData\Roaming\Mozilla\Firefox\Profiles\9852hg2i.default\Extensions\iouyuxm@eyudcxz.co.uk
Folder Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bklmopjmogclclhagiccjmeingghecgb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Aksh\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Gary\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Harry\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cfjokaipmcmfpclhpahbkjjdlhkmemjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Aksh\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Gary\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
Folder Deleted : C:\Users\Harry\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbhadhaiaccaekdkkfmipgfaoeikcaeg
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\by28qcbw.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\by28qcbw.default\user.js
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plyrics.com_0.localstorage-journal
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Deleted : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
Task Deleted : WS.Booster-S-5195167130

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_
Key Deleted : HKLM\SOFTWARE\Classes\P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.P6faccd9e_14f1_4a5d_8701_1857a2b0af5b_.9
Key Deleted : HKLM\SOFTWARE\Classes\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_
Key Deleted : HKLM\SOFTWARE\Classes\P9183aeb7_2591_4342_9122_8aa31c7c57a6_.P9183aeb7_2591_4342_9122_8aa31c7c57a6_.9
Key Deleted : HKLM\SOFTWARE\Classes\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_
Key Deleted : HKLM\SOFTWARE\Classes\Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.Paf6e72fc_975c_41fe_9666_3daeeccd5b9a_.9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{152ea13d-717d-44ec-be08-6ac194d18083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6faccd9e-14f1-4a5d-8701-1857a2b0af5b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71ee2875-e455-4b09-9b02-24ec95590cf7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9183aeb7-2591-4342-9122-8aa31c7c57a6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{af6e72fc-975c-41fe-9666-3daeeccd5b9a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f28d588b-70d2-45a4-b897-27631002768f}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{152ea13d-717d-44ec-be08-6ac194d18083}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6faccd9e-14f1-4a5d-8701-1857a2b0af5b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71ee2875-e455-4b09-9b02-24ec95590cf7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9183aeb7-2591-4342-9122-8aa31c7c57a6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{af6e72fc-975c-41fe-9666-3daeeccd5b9a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f28d588b-70d2-45a4-b897-27631002768f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{152ea13d-717d-44ec-be08-6ac194d18083}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6faccd9e-14f1-4a5d-8701-1857a2b0af5b}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{71ee2875-e455-4b09-9b02-24ec95590cf7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9183aeb7-2591-4342-9122-8aa31c7c57a6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{af6e72fc-975c-41fe-9666-3daeeccd5b9a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{f28d588b-70d2-45a4-b897-27631002768f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6faccd9e-14f1-4a5d-8701-1857a2b0af5b}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71ee2875-e455-4b09-9b02-24ec95590cf7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9183aeb7-2591-4342-9122-8aa31c7c57a6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af6e72fc-975c-41fe-9666-3daeeccd5b9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f28d588b-70d2-45a4-b897-27631002768f}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\WS.Booster
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[9852hg2i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.webisawsome.info/?pid=1272&r=2014/02/19&hid=6568575735534881033&lg=EN&cc=US&unqvl=49&l=1&q=");
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("extensions.d0Y.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.net[...]
[9852hg2i.default\prefs.js] - Line Deleted : user_pref("extensions.dgDSO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...]
[by28qcbw.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPC46A5D4A-740E-47D[...]
[by28qcbw.default\prefs.js] - Line Deleted : user_pref("extensions.f2PJzQOeV6qmerg7.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v38.0.2125.111

[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=8c08ed80000000000000e069957065c5
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=8c08ed80000000000000e069957065c5
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.webisawsome.info/?l=1&q={searchTerms}&pid=1272&r=2014/02/19&hid=6568575735534881033&lg=EN&cc=US&unqvl=49
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&q={searchTerms}&SSPV=
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&q={searchTerms}&SSPV=
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=8c08ed80000000000000e069957065c5&babsrc=SP_ss&affID=109935&q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=8c08ed80000000000000e069957065c5&babsrc=SP_ss&affID=109935&q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=58&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&q={searchTerms}&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=58&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&q={searchTerms}&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=55&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=55&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=55&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=55&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&SSPV=

-\\ Comodo Dragon v

[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=8c08ed80000000000000e069957065c5
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=8c08ed80000000000000e069957065c5
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.webisawsome.info/?l=1&q={searchTerms}&pid=1272&r=2014/02/19&hid=6568575735534881033&lg=EN&cc=US&unqvl=49
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&q={searchTerms}&SSPV=
[C:\Users\Aksh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP84D1CD34-CB0C-459E-A850-35BC059C175B&q={searchTerms}&SSPV=
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=8c08ed80000000000000e069957065c5&babsrc=SP_ss&affID=109935&q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=8c08ed80000000000000e069957065c5&babsrc=SP_ss&affID=109935&q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=58&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&q={searchTerms}&SSPV=
[C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MF6B602D6-50FF-4DDB-8708-2DA82A3EED71&SearchSource=58&CUI=&UM=6&UP=SPC46A5D4A-740E-47D1-B37D-A53912332144&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [26450 octets] - [09/01/2015 07:01:29]
AdwCleaner[S0].txt - [29021 octets] - [09/01/2015 07:03:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29082 octets] ##########
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 09 January 2015 - 07:26 PM

How is computer doing?

 

p22002970.gif Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

 

p22002970.gif Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.
Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 StarkTheWolf

StarkTheWolf
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 15 January 2015 - 07:27 AM

The computer seems virus-free other than some sort of Chrome extension. Avast has detected it upon startup, but has failed to remove it. I also get intermittent "threat detected" pop-ups from Avast, which are all along these lines:

 

rCBieDJ.png



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:43 AM

Posted 15 January 2015 - 11:16 AM

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif
Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
 

  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users