Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Virus (?) Malware Issue Resolved!


  • This topic is locked This topic is locked
29 replies to this topic

#1 dcanoli

dcanoli

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 26 January 2015 - 06:02 PM

Okay, this problem has been going on for forever.
 
I have run EVERYTHING possible and nothing is showing up; however, I keep getting hijacked (meaning, when I click on certain links, my browser is hijacked to a spam website [like PCKeeper, etc.]).
 
It is getting increasingly frustrating as no one can solve the problem.
 
Also, when I am surfing some sites, I get annoying "shopping" windows that are "embedded" into the page(s).  I don't know how to get rid of this annoying problem.  Like I said, nothing is showing up in the software programs.
 
Any help or ideas????
 
Thank you!

Edit: Topic moved from Windows 8 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 26 January 2015 - 06:04 PM

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
 
Step 5: Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

[/*]

Step 6: Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 
Step 7: Report
 
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.



#3 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 27 January 2015 - 03:37 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by dcano_000 (administrator) on 27-01-2015 at 15:32:24
Running from "C:\Users\dcano_000\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.
a
========================= Hosts content: =================================


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com

There are 15474 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Moms
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 20-68-9D-FB-DA-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 20-68-9D-FB-DA-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 20-68-9D-FB-DA-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::645a:ecd5:747c:f6f7%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.203(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 17, 2015 1:18:37 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 28, 2015 2:03:47 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 220227741
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-30-92-A5-00-25-AB-26-80-D4
   DNS Servers . . . . . . . . . . . : 81.218.119.15
                                       199.203.35.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-25-AB-26-80-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  81.218.119.15

Name:    google.com
Addresses:  2a00:1450:4001:804::1008
      173.194.112.160
      173.194.112.162
      173.194.112.167
      173.194.112.168
      173.194.112.166
      173.194.112.163
      173.194.112.165
      173.194.112.164
      173.194.112.169
      173.194.112.174
      173.194.112.161


Pinging google.com [173.194.78.139] with 32 bytes of data:
Reply from 173.194.78.139: bytes=32 time=118ms TTL=45
Reply from 173.194.78.139: bytes=32 time=120ms TTL=45

Ping statistics for 173.194.78.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 118ms, Maximum = 120ms, Average = 119ms
Server:  UnKnown
Address:  81.218.119.15

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=76ms TTL=53
Reply from 206.190.36.45: bytes=32 time=75ms TTL=53

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 76ms, Average = 75ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...20 68 9d fb da 4e ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...20 68 9d fb da 4e ......Microsoft Wi-Fi Direct Virtual Adapter
  4...20 68 9d fb da 4e ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  3...00 25 ab 26 80 d4 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.203     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.203    281
    192.168.1.203  255.255.255.255         On-link     192.168.1.203    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.203    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.203    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.203    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  4    281 fe80::/64                On-link
  4    281 fe80::645a:ecd5:747c:f6f7/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25161047

Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25161047

Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25159797

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25159797

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15308922

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15308922

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 03:25:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15305547


System errors:
=============
Error: (01/27/2015 02:22:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/27/2015 02:21:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/27/2015 11:02:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/27/2015 10:35:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:33:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:33:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:33:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:33:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:33:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (01/26/2015 05:32:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}


Microsoft Office Sessions:
=========================
Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25161047

Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25161047

Error: (01/27/2015 10:34:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25159797

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25159797

Error: (01/27/2015 10:34:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15308922

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15308922

Error: (01/27/2015 03:25:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 03:25:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15305547


CodeIntegrity Errors:
===================================
  Date: 2014-07-22 14:24:10.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:09.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:09.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:08.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:07.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:07.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:06.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-22 14:24:06.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.



=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Premium C310 All-in-One Driver Software 14.0 Rel. 7 (HKLM\...\{131D8ED6-4864-4554-9BAB-09B47C232522}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iCare Data Recovery Standard (HKLM-x32\...\{F110DF75-A7A2-4641-A569-8D15F7AC7087}_is1) (Version: 6.0 - iCare Recovery)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.1.0.0 - Kroll Ontrack Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
WD Print Share (HKLM-x32\...\{6F4D365D-0440-4C01-B539-70D56EBED6AF}) (Version: 2.25 - WD Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3980.48 MB
Available physical RAM: 1698.55 MB
Total Pagefile: 7377.33 MB
Available Pagefile: 3383.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.09 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:667.08 GB) NTFS

========================= Users: ========================================

User accounts for \\MOMS

Administrator            dcano_000                Guest                    
joshm_000                webst_000                


**** End of log ****
 



#4 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 27 January 2015 - 03:43 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by dcano_000 on Tue 01/27/2015 at 15:38:43.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\dcano_000\AppData\Roaming\mozilla\firefox\profiles\xeg7j064.default-1419253661310\prefs.js

user_pref("browser.search.defaultenginename", "Swagbucks.com");
user_pref("extensions.ui.lastCategory", "addons://search/swagbucks");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/27/2015 at 15:42:15.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 27 January 2015 - 04:12 PM

# AdwCleaner v4.109 - Report created 27/01/2015 at 15:52:19
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : dcano_000 - MOMS
# Running from : C:\Users\dcano_000\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\webst_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [1339 octets] - [17/11/2014 18:55:00]
AdwCleaner[R10].txt - [1980 octets] - [27/01/2015 15:45:17]
AdwCleaner[R1].txt - [1399 octets] - [19/11/2014 05:19:51]
AdwCleaner[R2].txt - [953 octets] - [19/11/2014 05:44:25]
AdwCleaner[R3].txt - [1012 octets] - [19/11/2014 14:25:03]
AdwCleaner[R4].txt - [1537 octets] - [23/11/2014 04:16:49]
AdwCleaner[R5].txt - [1769 octets] - [07/12/2014 10:26:34]
AdwCleaner[R6].txt - [1693 octets] - [24/12/2014 00:51:22]
AdwCleaner[R7].txt - [1435 octets] - [28/12/2014 10:25:14]
AdwCleaner[R8].txt - [1558 octets] - [28/12/2014 16:47:55]
AdwCleaner[R9].txt - [2582 octets] - [11/01/2015 13:09:53]
AdwCleaner[S0].txt - [1326 octets] - [19/11/2014 05:24:38]
AdwCleaner[S1].txt - [1522 octets] - [23/11/2014 04:22:30]
AdwCleaner[S2].txt - [1840 octets] - [07/12/2014 10:35:18]
AdwCleaner[S3].txt - [1769 octets] - [24/12/2014 00:54:18]
AdwCleaner[S4].txt - [1496 octets] - [28/12/2014 14:57:48]
AdwCleaner[S5].txt - [2659 octets] - [11/01/2015 13:46:38]
AdwCleaner[S6].txt - [1905 octets] - [27/01/2015 15:52:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1965 octets] ##########
 



#6 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 27 January 2015 - 07:24 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_01_27_16_12_37
OS: Windows 8 - 64 Bit
Account Name: dcano_000
U0L0S112

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - Folder - C:\Users\dcano_000\Appdata\Local\Installer\Installiwebar_20430
Deleted - Folder - C:\Users\dcano_000\Appdata\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_cltmng.exe_bc78319b643178ca38cd3a9ae41d126e687c516_8f3372e6_1239e10c
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:groupingserverurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:searchserverurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:server
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:usageurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:socialdomains
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:privacypageurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:displaytrusteseal
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:clientlogurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:uninstallurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar:appsdetectionurlpattern
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ABTestUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppRegisterUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppsMetaData:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppsSettings:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppTrackingFirstTime:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppTrackingUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\AppUninstallUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\BrowserToolbarsInfo:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ClientErrorLog:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ClientLog:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\DynamicDialogs:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\GottenAppsContextMenu:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\HostingUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\LocationService:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\NewClientErrorLog:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\OtherAppsContextMenu:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\RecoveryService:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\SearchInNewTabBlank:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\SearchSettings:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\SharedAppsContextMenu:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\SPStubConditionalDownload:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarAppComponentUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarAppUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarComponentUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarContextMenu:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarGrouping:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarHiddenLogin:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarHiddenSettings:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarHiddenSettingsForSB:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarInstallationUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarLogin:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarSettings:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarSettingsForPublisher:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarSettingsForSB:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarSettingsPublisherForSB:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarSetupAPI:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarTranslation:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarUninstall:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\ToolbarUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\UninstallDialog:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\UninstallDialogUsage:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\WebAppSettings:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\WebAppSettingsNC:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\conduit_CT2260173\WebAppValidation:serviceurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\1225024485:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\1666492494:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\2331044554:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\2795450241:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\2994746231:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\3181423020:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\3549354658:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository\MetaData\3992998873:dbname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings:searchfromaddressurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings:apitrusteddomains
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings:socialdomains
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\FeatureProtector\BrowserSearch:urlfromservice
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\FeatureProtector\HomePage:urlfromservice
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\MyStuff:addstufflink
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\Search\Settings:contextmenusearchurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\SearchInNewTab:abouttabsdataurlconduit
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\SearchInNewTab:abouttabsusageurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\Update:moduleurl
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\Upgrade:moduleurl
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6117050C-6821-441A-95BC-FA1EE1B5CF7F}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AC17A61-D6D9-4599-8693-B65D4FEAB87E}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ADFF329-463-45AB-80F7-C17E648061F0}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ADFF329-463-45AB-80F7-C17E648061F0}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{980FC1A2-5080-4FEE-BE4E-A04420599D84}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A143E8DB-6C73-4961-913D-A5278AA86F14}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1ED6864-AF0D-49C7-BFED-BC132B89670}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A2D86E-B97B-4942-B0FE-36243FE5791}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A2D86E-B97B-4942-B0FE-36243FE5791}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C62A1083-E39E-46B8-B579-BEDA786A347C}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA2B8AA-6359-4A44-86DF-949EEF4C5}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D63B85CC-1526-4F83-9E61-80E66CA780EA}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F312A62C-A530-4B89-986C-604388AA80B8}:appname
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Login:users.conduit.com last login tb version:6.10.3.27
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\ExternalComponent:http://contextmenu.toolbar.conduit-services.com/?name=toolbar&locale=en
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\ExternalComponent:http://contextmenu.toolbar.conduit-services.com/?name=sharedapps&locale=en
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\ExternalComponent:http://contextmenu.toolbar.conduit-services.com/?name=gottenapps&locale=en
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\ExternalComponent:http://contextmenu.toolbar.conduit-services.com/?name=otherapps&locale=en
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\FeatureProtector\BrowserSearch:conduitenabled
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\FeatureProtector\HomePage:conduitenabled
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\MyStuff:conduitenable
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\SearchInNewTab:abouttabsdataurlconduit
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Settings\SearchInNewTab:abouttabsenabledbyconduit
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository:conduit_CT2260173
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository:conduit_CT2260173_CT2260173
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Swag_Bucks\toolbar\Repository:conduit_CT2260173_en
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished
 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 27 January 2015 - 09:44 PM

Ok, continue on with the other two scans. :)



#8 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 28 January 2015 - 04:52 PM

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 8 Update 25  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.296  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome (39.0.2171.99)
 Google Chrome (40.0.2214.93)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast avastui.exe  
 AVAST Software Avast AvastEmUpdate.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#9 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 28 January 2015 - 04:54 PM

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.28.01
  rootkit: v2015.01.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17498
dcano_000 :: MOMS [administrator]

1/27/2015 7:25:59 PM
mbar-log-2015-01-27 (19-25-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 461273
Time elapsed: 25 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17498

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 4173832192, free: 1891270656

Downloaded database version: v2015.01.28.01
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/27/2015 19:25:48
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\DDCDrv.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\SysWOW64\Drivers\WDUDSMBus.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\vmuacflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\WINDOWS\system32\DRIVERS\asdnet.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.01.28.01
  rootkit: v2015.01.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000c2f3a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000c2f3ab20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000c2f3a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000c1effe50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000c1f00060, DeviceName: \Device\0000002a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C8E8AE5A

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1352338851
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 4f6163e-52bd-4fb0-b227-b6aa50699758
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1352338851
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 4f6163e-52bd-4fb0-b227-b6aa50699758
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a80715eb-6302-4645-b118-3ae8bd586c9
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                                     

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID ab408be6-2ec3-42d8-ac5f-7dd42d5f6a
    FirstLBA 2050048  Last LBA 2582527
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID b03b170b-82f4-4bb8-958a-d2deeadbda1
    FirstLBA 2582528  Last LBA 3606527
    Attributes 1
    Partition Name                                     

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c46ce2cf-7866-4081-a7a8-fdee6d609845
    FirstLBA 3606528  Last LBA 3868671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8b71a200-51d-4af3-bfd8-6e6f9ad8e73d
    FirstLBA 3868672  Last LBA 1901606911
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3752102e-1335-41c8-9758-2155d46e4fc3
    FirstLBA 1901606912  Last LBA 1902323711
    Attributes 1
    Partition Name                                     

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2d28685f-534c-4208-ae19-e2aa72964920
    FirstLBA 1902323712  Last LBA 1953523711
    Attributes 1
    Partition Name                                     

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 28 January 2015 - 06:45 PM

Can you please remove :

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

You can reinstall after this.

 

 

 

 

Step 1: 9-Lab Scan

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Step 2: Eset Scan

 

Disable your antivirus prior to running this scan.

 

 

 esetonlinebtn.png

 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#11 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 29 January 2015 - 06:18 PM

Going thru your last post, but I'm still getting hijacked.  For example, this just opened:

 

http://peozz.download.softwareshape.country/?sov=62551901&hid=fllnhrhjjhlphfn&kw=DIRECT&email=email&redid=797&gsid=68&id=XNSX.1%3A%3APEERFLY-r797-t68



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 29 January 2015 - 06:26 PM

Continue the other scans. :)



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 29 January 2015 - 06:27 PM

I would un install spybot prior to running the last two scans. You may reinstall later if you wish.



#14 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 29 January 2015 - 07:37 PM

9-lab Removal Tool 1.0.0.25 BETA
9-lab.com

Database version: 95.28119

Windows 8.1 (Version 6.3, Build 0, 64-bit Edition)
Internet Explorer 9.11.9600.17498
dcano_000 :: MOMS not implemented yet

1/29/2015 6:11:14 PM
9lab-log-2015-01-29 (18-11-14).txt

Scan type:
Objects scanned: 46126
Time Elapsed: 41 m 12 s

Registry Keys detected: 37
Virtool.RPL.Gen.sm [\software\classes\anigifppg2.anigifppg2]
Virtool.RPL.Gen.sm [\software\classes\anigifppg2.anigifppg2]
Virtool.RPL.Gen.sm [\software\classes\anigifppg.anigifppg]
Virtool.RPL.Gen.sm [\software\classes\anigifppg.anigifppg]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mirarsearch.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mirarsearch.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\getmirar.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\getmirar.com]
Risk.RPL.Gen.vb [\software\wow6432node\file type helper]
Risk.RPL.Gen.vb [\software\wow6432node\file type helper]
Risk.RPL.Gen.vb [\software\file type helper]
Virtool.RPL.Gen.vb [\software\classes\typelib\{82351433-9094-11d1-a24b-00a0c932c7df}]
Virtool.RPL.Gen.vb [\software\classes\typelib\{82351433-9094-11d1-a24b-00a0c932c7df}]
Virtool.RPL.Gen.sm [\software\classes\mime\database\content type\application/x-vnd.google.oneclickctrl.10]
Virtool.RPL.Gen.sm [\software\classes\mime\database\content type\application/x-vnd.google.oneclickctrl.10]
Virtool.RPL.Gen.sm [\software\classes\interface\{ed0b64d4-bf27-4521-ad27-190f49bf5ea7}]
Virtool.RPL.Gen.sm [\software\classes\interface\{e3f3e8f9-f747-4dd6-ba6b-82a6ce1e0860}]
Virtool.RPL.Gen.sm [\software\classes\interface\{dd1f043f-abc8-4643-8b95-d2c5b22bb019}]
Virtool.RPL.Gen.sm [\software\classes\interface\{d14d64bc-a0e4-42e3-bb72-fb41ea43c198}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a8f7d0a5-7074-40b8-9bdc-1174bdd0a132}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a78edafb-926f-4d93-ab13-8232d7378eb1}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a6d54287-7939-466a-8579-92546d946c8c}]
Virtool.RPL.Gen.sm [\software\classes\interface\{9b9a45f4-18fc-484a-baca-076d78273d8e}]
Virtool.RPL.Gen.sm [\software\classes\interface\{9b4f7cfe-987d-410e-a8e4-20182e0b3c24}]
Virtool.RPL.Gen.sm [\software\classes\interface\{823ae2eb-e62c-4847-b192-c99b91b92416}]
Virtool.RPL.Gen.sm [\software\classes\interface\{8120d9d6-785c-4413-9c0c-df2028c56fad}]
Virtool.RPL.Gen.sm [\software\classes\interface\{59d188fa-757a-424e-8c93-f58ffd896bd7}]
Virtool.RPL.Gen.sm [\software\classes\interface\{555d7146-94a8-4c94-ae76-c39cdc7f7705}]
Virtool.RPL.Gen.sm [\software\classes\interface\{4517d94c-19ba-46fa-be66-2a30ceac4a85}]
Virtool.RPL.Gen.sm [\software\classes\interface\{3cc60715-d6c5-429d-830e-43fa3f86c61d}]
Virtool.RPL.Gen.sm [\software\classes\interface\{3a807417-b46d-4d37-8c9a-19ac6de204f9}]
Virtool.RPL.Gen.sm [\software\classes\interface\{224fe662-1e6d-4bc0-aebb-9e2fb4057be9}]
Virtool.RPL.Gen.sm [\software\classes\interface\{212e6d43-6062-492a-b8cc-144669ff11ed}]
Virtool.RPL.Gen.sm [\software\classes\interface\{0c40f472-7407-4467-8914-1dea7c326972}]
Virtool.RPL.Gen.sm [\software\classes\interface\{07f41522-af7d-4f26-b394-094f059fdb8a}]
Virtool.RPL.Gen.sm [\software\classes\interface\{0522d9a4-4d57-437d-978d-e5b3b6c9005d}]
Virtool.RPL.Gen.vb [\software\classes\interface\{023e9ec8-b147-40eb-b0b3-df90618fb371}]


Files detected: 2
Virtool.RPL.Gen.sm [\software\classes\anigifppg2.anigifppg2]
Virtool.RPL.Gen.sm [\software\classes\anigifppg2.anigifppg2]
Virtool.RPL.Gen.sm [\software\classes\anigifppg.anigifppg]
Virtool.RPL.Gen.sm [\software\classes\anigifppg.anigifppg]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mirarsearch.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mirarsearch.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\getmirar.com]
Virtool.RPL.Gen.bot [\software\microsoft\windows\currentversion\internet settings\zonemap\domains\getmirar.com]
Risk.RPL.Gen.vb [\software\wow6432node\file type helper]
Risk.RPL.Gen.vb [\software\wow6432node\file type helper]
Risk.RPL.Gen.vb [\software\file type helper]
Virtool.RPL.Gen.vb [\software\classes\typelib\{82351433-9094-11d1-a24b-00a0c932c7df}]
Virtool.RPL.Gen.vb [\software\classes\typelib\{82351433-9094-11d1-a24b-00a0c932c7df}]
Virtool.RPL.Gen.sm [\software\classes\mime\database\content type\application/x-vnd.google.oneclickctrl.10]
Virtool.RPL.Gen.sm [\software\classes\mime\database\content type\application/x-vnd.google.oneclickctrl.10]
Virtool.RPL.Gen.sm [\software\classes\interface\{ed0b64d4-bf27-4521-ad27-190f49bf5ea7}]
Virtool.RPL.Gen.sm [\software\classes\interface\{e3f3e8f9-f747-4dd6-ba6b-82a6ce1e0860}]
Virtool.RPL.Gen.sm [\software\classes\interface\{dd1f043f-abc8-4643-8b95-d2c5b22bb019}]
Virtool.RPL.Gen.sm [\software\classes\interface\{d14d64bc-a0e4-42e3-bb72-fb41ea43c198}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a8f7d0a5-7074-40b8-9bdc-1174bdd0a132}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a78edafb-926f-4d93-ab13-8232d7378eb1}]
Virtool.RPL.Gen.sm [\software\classes\interface\{a6d54287-7939-466a-8579-92546d946c8c}]
Virtool.RPL.Gen.sm [\software\classes\interface\{9b9a45f4-18fc-484a-baca-076d78273d8e}]
Virtool.RPL.Gen.sm [\software\classes\interface\{9b4f7cfe-987d-410e-a8e4-20182e0b3c24}]
Virtool.RPL.Gen.sm [\software\classes\interface\{823ae2eb-e62c-4847-b192-c99b91b92416}]
Virtool.RPL.Gen.sm [\software\classes\interface\{8120d9d6-785c-4413-9c0c-df2028c56fad}]
Virtool.RPL.Gen.sm [\software\classes\interface\{59d188fa-757a-424e-8c93-f58ffd896bd7}]
Virtool.RPL.Gen.sm [\software\classes\interface\{555d7146-94a8-4c94-ae76-c39cdc7f7705}]
Virtool.RPL.Gen.sm [\software\classes\interface\{4517d94c-19ba-46fa-be66-2a30ceac4a85}]
Virtool.RPL.Gen.sm [\software\classes\interface\{3cc60715-d6c5-429d-830e-43fa3f86c61d}]
Virtool.RPL.Gen.sm [\software\classes\interface\{3a807417-b46d-4d37-8c9a-19ac6de204f9}]
Virtool.RPL.Gen.sm [\software\classes\interface\{224fe662-1e6d-4bc0-aebb-9e2fb4057be9}]
Virtool.RPL.Gen.sm [\software\classes\interface\{212e6d43-6062-492a-b8cc-144669ff11ed}]
Virtool.RPL.Gen.sm [\software\classes\interface\{0c40f472-7407-4467-8914-1dea7c326972}]
Virtool.RPL.Gen.sm [\software\classes\interface\{07f41522-af7d-4f26-b394-094f059fdb8a}]
Virtool.RPL.Gen.sm [\software\classes\interface\{0522d9a4-4d57-437d-978d-e5b3b6c9005d}]
Virtool.RPL.Gen.vb [\software\classes\interface\{023e9ec8-b147-40eb-b0b3-df90618fb371}]
Malware.Win32.Gen.sm!s2 [C:\Users\dcano_000\Downloads\MiniToolBox.exe]
Malware.Win32.Gen.sm!s1 [C:\Users\dcano_000\Downloads\TFC.exe]

 



#15 dcanoli

dcanoli
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 30 January 2015 - 03:48 PM

C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Users\dcano_000\AppData\Roaming\CH    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
C:\Users\dcano_000\AppData\Roaming\RGFSL    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
C:\Users\dcano_000\AppData\Roaming\WGRTAXT    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
C:\Users\dcano_000\AppData\Roaming\XLYOD    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
C:\Users\dcano_000\Downloads\ccsetup502.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\dcano_000\Downloads\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\webst_000\Downloads\SoftwareUpdater(1).exe    Win32/Conduit.SearchProtect.W potentially unwanted application    deleted - quarantined
C:\Users\webst_000\Downloads\SoftwareUpdater.exe    Win32/Conduit.SearchProtect.W potentially unwanted application    deleted - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users