Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Simda infection - can't get rid of it


  • This topic is locked This topic is locked
15 replies to this topic

#1 red66bug

red66bug

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 11 February 2015 - 01:03 AM

Microsoft Security Essentials keeps finding it and deleting it.  It keeps coming back.  I've run eset and mbam as well with the same results.  Thanks for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Camarena (administrator) on CAMARENA-PC on 10-02-2015 21:57:26
Running from C:\Users\Camarena\Desktop
Loaded Profiles: Camarena &  (Available profiles: Camarena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Sage Software, Inc.) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Initialize Project) C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA820.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [28672 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe [331776 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-23] (Microsoft Corporation)
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Camarena\AppData\Local\Google\Desktop\Install\{12d4745f-f511-0a05-eeff-863635c77297}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{12d4745f-f511-0a05-eeff-863635c77297}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [iports] => "C:\Program Files (x86)\Open Deployment\iports.exe"
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [Afworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Camarena\AppData\Local\Oswics\AdobeLinguistic.dll
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [YfPack] => regsvr32.exe C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll <===== ATTENTION
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\MountPoints2: {4b68adc3-b6ea-11e3-9910-5404a6f24e14} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\MountPoints2: {9cccf03a-6f84-11e4-9f9a-5404a6f24e14} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update**.d<*>] => "C:\Users\Camarena\AppData\Local\Google\Desktop\Install\{12d4745f-f511-0a05-eeff-863635c77297}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{12d4745f-f511-0a05-eeff-863635c77297}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iports] => "C:\Program Files (x86)\Open Deployment\iports.exe"
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Afworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Camarena\AppData\Local\Oswics\AdobeLinguistic.dll
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YfPack] => regsvr32.exe C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll <===== ATTENTION
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b68adc3-b6ea-11e3-9910-5404a6f24e14} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9cccf03a-6f84-11e4-9f9a-5404a6f24e14} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> DefaultScope {2719B499-FD5F-4B7A-863D-33E7D3A7CAEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> {1837F8EB-8F91-4767-B759-0C4A583F07C2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> {2719B499-FD5F-4B7A-863D-33E7D3A7CAEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2719B499-FD5F-4B7A-863D-33E7D3A7CAEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1837F8EB-8F91-4767-B759-0C4A583F07C2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2719B499-FD5F-4B7A-863D-33E7D3A7CAEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.sdcda.org/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2E95DBA9-66F3-449D-B332-32E3DDDC6189}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @nsroblox.roblox.com/launcher -> C:\Users\Camarena\AppData\Local\Roblox\Versions\version-f77fe2742c314291\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Camarena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Camarena\AppData\Local\Roblox\Versions\version-f77fe2742c314291\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Camarena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: DownloadHelper - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-14]
FF Extension: Apple Outlook DAV Config - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{FF91F1D2-04EA-E8B6-417B-0A08A240896E} [2015-01-24]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-12-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?s=F1Jzamodk011242,10ceec9f-ae28-4439-954d-cdea316050db,
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-11-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Brushed) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-02-19]
CHR Extension: (Adblock for Youtube™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-09]
CHR Extension: (Black Menu for Google™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2014-12-09]
CHR Extension: (Google Play Music) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-12]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-11-22]
CHR Extension: (AdBlock) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-15]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-02-19]
CHR Extension: (Google Play Music) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-02-19]
CHR Extension: (Hangouts) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-10-31]
CHR Extension: (Google Mail Checker) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Adblock Pro) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-02-19]
CHR Extension: (Google Quick Scroll) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-02-19]
CHR Extension: (Click&Clean App) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-02-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 DMService; C:\Windows\Downloaded Program Files\DM.0\DMService.exe [620760 2013-11-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-22] (Macrovision Europe Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170712 2013-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 afhllqlv; C:\Windows\system32\drivers\afhllqlv.sys [55104 2015-02-10] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [292056 2009-03-23] (Trident Multimedia Technologies Co.,Ltd) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 21:39 - 2015-02-10 21:41 - 00040135 _____ () C:\Users\Camarena\Desktop\Addition.txt
2015-02-10 21:37 - 2015-02-10 22:00 - 00030322 _____ () C:\Users\Camarena\Desktop\FRST.txt
2015-02-10 21:37 - 2015-02-10 21:57 - 00000000 ____D () C:\FRST
2015-02-10 21:36 - 2015-02-10 21:36 - 02132992 _____ (Farbar) C:\Users\Camarena\Desktop\FRST64.exe
2015-02-10 20:15 - 2015-02-10 20:15 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afhllqlv.sys
2015-02-09 20:38 - 2015-02-09 20:38 - 00000000 ____D () C:\Users\Camarena\Documents\ProcAlyzer Dumps
2015-02-09 15:46 - 2015-02-09 15:46 - 00000000 _____ () C:\autoexec.bat
2015-02-09 15:45 - 2015-02-09 15:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Camarena\Desktop\SpyHunter-Installer.exe
2015-02-09 15:45 - 2015-02-09 15:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-09 01:26 - 2015-02-09 01:26 - 00019167 _____ () C:\Users\Camarena\Desktop\eset list.txt
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-08 21:40 - 2015-02-08 21:40 - 02347384 _____ (ESET) C:\Users\Camarena\Desktop\esetsmartinstaller_enu.exe
2015-02-08 21:40 - 2015-02-08 21:40 - 00210176 _____ (ESET) C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe
2015-02-08 21:40 - 2015-02-08 21:40 - 00003272 _____ () C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe_20150208.214011.3832.log
2015-02-08 21:38 - 2015-02-08 21:38 - 00003272 _____ () C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe_20150208.213800.7136.log
2015-02-08 20:16 - 2015-02-08 20:41 - 956574129 _____ () C:\Users\Camarena\Desktop\Yesvideo_Title_1.mp4
2015-02-08 20:14 - 2015-02-08 20:15 - 00000000 ____D () C:\Users\Camarena\Desktop\MP4
2015-02-08 10:09 - 2015-02-08 10:09 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-08 10:09 - 2015-02-08 10:09 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-08 10:09 - 2015-02-08 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-08 10:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-08 10:06 - 2015-02-08 10:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Camarena\Desktop\spybot-2.4.exe
2015-02-08 09:21 - 2015-02-08 09:21 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-08 09:21 - 2015-02-08 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-08 09:20 - 2015-02-08 09:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-08 09:20 - 2015-02-08 09:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-08 09:20 - 2015-02-08 09:20 - 00000000 ____D () C:\Program Files\iPod
2015-02-08 09:10 - 2015-02-08 09:10 - 37987520 _____ (Microsoft Corporation) C:\Users\Camarena\Desktop\Windows-KB890830-x64-V5.20.exe
2015-02-04 23:18 - 2015-02-04 23:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-04 22:52 - 2015-02-04 22:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-24 13:27 - 2015-01-24 13:27 - 35436992 _____ () C:\Users\Camarena\Desktop\Separate But Not Equal Video - Civil Rights Movement - HISTORY.com.flv
2015-01-24 13:27 - 2015-01-24 13:27 - 34078759 _____ () C:\Users\Camarena\Desktop\Separate But Not Equal Video - Civil Rights Movement - HISTORY.com.mp4
2015-01-24 13:22 - 2015-01-24 13:23 - 00000000 ____D () C:\Users\Camarena\AppData\Local\YfPack
2015-01-24 13:21 - 2015-01-27 11:07 - 00000000 ____D () C:\Users\Camarena\AppData\Local\Oswics
2015-01-24 13:04 - 2015-01-24 13:04 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-24 12:58 - 2015-01-24 12:58 - 00000032 _____ () C:\Windows\GetFLV.ini
2015-01-24 12:52 - 2015-02-03 18:40 - 00000000 ____D () C:\Program Files (x86)\GetFLV
2015-01-24 12:30 - 2015-01-24 12:30 - 15215313 _____ () C:\Users\Camarena\Desktop\History_Specials_King_Leads_the_March_on_Washington.mp4
2015-01-24 12:00 - 2015-02-08 20:43 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\AnvSoft
2015-01-24 11:52 - 2015-01-24 11:52 - 01379109 _____ () C:\Users\Camarena\Desktop\Separate_But_Not_Equal_Video_-_Civil_Rights_Movement_-_HISTO-1.f4f
2015-01-24 11:20 - 2015-01-24 11:20 - 17175082 _____ () C:\Users\Camarena\Desktop\Rosa_Parks_-_Mini_Bio.mp4
2015-01-24 11:18 - 2015-01-24 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 10:59 - 2015-01-24 10:59 - 13768780 _____ () C:\Users\Camarena\Desktop\Civil_Rights_Act_of_1964.mp4
2015-01-24 10:58 - 2015-01-24 10:58 - 25946080 _____ () C:\Users\Camarena\Desktop\Civil_Rights_Act_1964-1.mp4
2015-01-24 10:50 - 2015-01-24 10:51 - 79828780 _____ () C:\Users\Camarena\Desktop\Civil_Rights_Act_1964.mp4
2015-01-24 10:44 - 2015-01-24 10:44 - 01379110 _____ () C:\Users\Camarena\Desktop\Separate_But_Not_Equal_Video_-_Civil_Rights_Movement_-_HISTO.f4f
2015-01-24 09:34 - 2015-02-05 06:30 - 00000000 ____D () C:\Users\Camarena\Desktop\Zeke's stuff
2015-01-19 18:51 - 2015-01-19 18:51 - 565633927 _____ () C:\Windows\MEMORY.DMP
2015-01-19 18:51 - 2015-01-19 18:51 - 00275208 _____ () C:\Windows\Minidump\011915-49779-01.dmp
2015-01-19 18:51 - 2015-01-19 18:51 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 18:08 - 2015-02-10 21:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 18:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 18:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 18:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 17:38 - 2015-01-19 18:01 - 00000000 ____D () C:\AdwCleaner
2015-01-19 15:04 - 2015-01-19 15:04 - 00003156 _____ () C:\Windows\System32\Tasks\{92E0B5B8-AE98-4AA6-A262-1BA59CCB6655}
2015-01-19 15:02 - 2015-01-19 15:06 - 00000000 ____D () C:\Users\Camarena\Desktop\backups
2015-01-19 12:04 - 2015-01-19 12:04 - 00613057 _____ (CMI Limited) C:\Users\Camarena\AppData\Local\nshB8C5.tmp
2015-01-19 10:13 - 2015-01-19 10:13 - 00000000 ____D () C:\Users\Camarena\Documents\TagsRevisited
2015-01-19 10:12 - 2015-01-19 19:41 - 00000000 ____D () C:\Users\Camarena\AppData\Local\9272
2015-01-19 10:12 - 2015-01-19 10:12 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Safer Networking
2015-01-19 10:10 - 2015-02-08 10:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-19 10:02 - 2015-01-19 17:21 - 00001409 _____ () C:\ProgramData\tempimage.bmp
2015-01-19 09:49 - 2015-01-19 09:52 - 00000000 ____D () C:\Users\Camarena\AppData\Local\23BE9D34-1B52-DB45-A3C0-C63B2F87847D
2015-01-19 09:45 - 2015-01-19 09:45 - 00003524 _____ () C:\Windows\System32\Tasks\PastaLeads
2015-01-19 09:38 - 2015-01-19 09:38 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-18 10:43 - 2015-01-31 21:19 - 00000000 ____D () C:\Users\Camarena\Desktop\books
2015-01-14 16:02 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:02 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:02 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:02 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:02 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:02 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:02 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:02 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:02 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:02 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:02 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:02 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:02 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:22 - 2015-01-13 20:22 - 10710654 _____ () C:\Users\Camarena\Desktop\img112.tif
2015-01-13 20:22 - 2015-01-13 20:22 - 10710654 _____ () C:\Users\Camarena\Desktop\img111.tif
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 21:58 - 2013-11-22 19:29 - 01835309 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 21:52 - 2013-11-22 20:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 21:52 - 2013-11-22 20:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 21:34 - 2009-07-13 20:51 - 11299913 _____ () C:\Windows\setupact.log
2015-02-10 21:08 - 2013-12-18 22:35 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000UA.job
2015-02-10 15:08 - 2013-12-18 22:35 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000Core.job
2015-02-10 07:20 - 2014-10-20 20:09 - 00004998 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Camarena-PC-Camarena Camarena-PC
2015-02-10 07:06 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 07:06 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 07:04 - 2013-11-23 14:44 - 00001994 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-10 06:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 09:57 - 2013-11-25 13:51 - 00000000 ____D () C:\Users\Camarena\Documents\Outlook Files
2015-02-09 09:57 - 2013-11-22 20:53 - 00000000 ____D () C:\Users\Camarena\Outlook
2015-02-09 01:30 - 2013-11-22 19:31 - 00374096 _____ () C:\Windows\PFRO.log
2015-02-08 20:15 - 2014-10-27 21:25 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\dvdcss
2015-02-08 14:10 - 2013-11-24 13:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-08 10:16 - 2013-11-24 13:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-08 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2015-02-08 09:21 - 2014-10-19 07:26 - 00000000 ____D () C:\Program Files\iTunes
2015-02-08 09:20 - 2013-11-22 22:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-05 21:47 - 2013-11-22 20:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 21:47 - 2013-11-22 20:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 19:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-05 15:03 - 2013-12-18 22:35 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000UA
2015-02-05 15:03 - 2013-12-18 22:35 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000Core
2015-02-05 06:30 - 2013-11-24 20:21 - 00000000 ____D () C:\Users\Camarena\Documents\Zeke's Reports
2015-02-04 23:47 - 2013-11-22 21:14 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Adobe
2015-02-04 23:03 - 2014-06-30 11:43 - 00000000 ____D () C:\Users\Camarena\AppData\Local\Adobe
2015-02-04 22:51 - 2013-11-22 21:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-04 22:51 - 2013-11-22 21:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-04 15:34 - 2009-07-13 20:45 - 02370272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-03 19:13 - 2013-11-22 20:28 - 00114472 _____ () C:\Users\Camarena\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-03 07:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-02 20:27 - 2013-11-22 19:21 - 00000000 ____D () C:\Users\Camarena
2015-02-02 20:13 - 2015-01-07 19:23 - 00000000 ____D () C:\Users\Camarena\Desktop\Camarena, Melissa - Outlook Web App_files
2015-02-02 20:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-01-31 12:53 - 2014-10-26 10:46 - 00000000 ____D () C:\Users\Camarena\Desktop\IMRA
2015-01-25 12:30 - 2013-11-22 21:17 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-25 11:18 - 2013-12-06 22:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 13:29 - 2013-11-23 14:50 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Azureus
2015-01-24 13:04 - 2009-07-13 18:34 - 00001509 __RSH () C:\Windows\system32\Drivers\etc\hosts.20150208-100849.backup
2015-01-24 13:01 - 2013-12-06 22:47 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\vlc
2015-01-24 11:59 - 2013-12-01 15:34 - 00000000 ____D () C:\Users\Camarena\Desktop\PortableAppz
2015-01-24 09:34 - 2013-12-04 19:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 09:33 - 2014-11-09 19:54 - 00000000 ____D () C:\Users\Camarena\Desktop\Library stuff
2015-01-24 09:33 - 2014-08-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 09:30 - 2014-08-10 20:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 22:49 - 2014-01-13 23:17 - 01156226 _____ () C:\Users\Camarena\ClientLog.log
2015-01-19 19:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2015-01-19 18:01 - 2013-12-01 15:52 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2015-01-19 12:03 - 2014-02-19 16:25 - 00000000 ____D () C:\ProgramData\GreatSoft
2015-01-19 09:44 - 2013-12-06 22:22 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 09:44 - 2013-11-22 19:43 - 00001417 _____ () C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 09:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-15 00:17 - 2013-11-23 00:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:47 - 2009-07-13 21:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-13 07:07 - 2013-11-22 20:45 - 00000000 ____D () C:\Program Files\CrashPlan
2015-01-11 21:11 - 2014-01-28 23:15 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
==================== Files in the root of some directories =======
 
2013-11-23 14:44 - 2013-11-23 14:44 - 0000000 ____H () C:\Users\Camarena\AppData\Roaming\ActUpdate.log
2014-03-24 21:05 - 2014-03-24 21:05 - 0000093 _____ () C:\Users\Camarena\AppData\Roaming\ARCompanion.log
2013-11-23 14:43 - 2013-11-23 14:43 - 0030568 _____ () C:\Users\Camarena\AppData\Roaming\NGEN_AppLog_Install.txt
2013-03-21 17:12 - 2013-03-21 17:12 - 16582855 _____ (PortableXapps®) C:\Users\Camarena\AppData\Roaming\xPDFConverterPortable_1.0.3.0522.paf.exe
2013-12-01 17:45 - 2014-08-27 21:02 - 0006144 _____ () C:\Users\Camarena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 12:04 - 2015-01-19 12:04 - 0613057 _____ (CMI Limited) C:\Users\Camarena\AppData\Local\nshB8C5.tmp
2013-11-23 14:44 - 2013-11-23 15:04 - 0000088 __RSH () C:\ProgramData\1FB0F6B551.sys
2013-11-23 14:44 - 2015-02-10 07:04 - 0001994 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-02-25 21:50 - 2014-03-09 21:00 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-19 10:02 - 2015-01-19 17:21 - 0001409 _____ () C:\ProgramData\tempimage.bmp
ZeroAccess:
C:\Users\Camarena\AppData\Local\Google\Desktop\Install
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 11 February 2015 - 02:45 AM

:welcome:

Hello red66bug,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 11 February 2015 - 09:40 AM

Security Check Log:

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
Malwarebytes Anti-Rootkit log:
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17633
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.214000 GHz
Memory total: 4292993024, free: 1230405632
 
Downloaded database version: v2015.02.11.04
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/11/2015 05:51:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.02.11.04
  rootkit: v2015.02.03.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048bb590, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80048b9310, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80048bc060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 4294760448
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 3000592982016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80048ce060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048cea50, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048ce060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800398b210, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80048d4680, DeviceName: \Device\Ide\IdeDeviceP3T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8670866
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800493a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800493a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800493a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800488d9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80048c2060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C0149E2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80073db790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80073d6690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80073db790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073d7550, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80073d8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80073d8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80073d8060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073db060, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa80073d9060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80073d9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80073d9060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073de060, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80073ec060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80073ecb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80073ec060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073dd060, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa80073ed060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80073edb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80073ed060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073d6060, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\$Recycle.Bin\S-1-5-21-3509093666-3302446129-1051107081-1000\$R310B2D.exe --> [Trojan.Dorkbot.ED]
Infected: C:\$Recycle.Bin\S-1-5-21-3509093666-3302446129-1051107081-1000\$R61WQPQ.exe --> [Trojan.Agent.0BGen2]
Infected: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^❤ --> [Trojan.Zaccess]
Infected: C:\Users\Camarena\AppData\Local\Google\Desktop\Install\{12d4745f-f511-0a05-eeff-863635c77297} --> [Trojan.0Access]
Scan finished
 
 
ADWcleaner report:
 

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 06:26:26
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Camarena - CAMARENA-PC
# Running from : C:\Users\Camarena\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
*************************
 
AdwCleaner[R0].txt - [11329 bytes] - [19/01/2015 17:38:35]
AdwCleaner[R1].txt - [1685 bytes] - [11/02/2015 06:26:26]
AdwCleaner[S0].txt - [13691 bytes] - [19/01/2015 18:01:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1804 bytes] ##########
 
 
Thank you for your help!


#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 11 February 2015 - 10:15 AM

Hello red66bug,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 11 February 2015 - 09:32 PM

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.11.09
  rootkit: v2015.02.03.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Camarena :: CAMARENA-PC [administrator]
 
2/11/2015 4:58:02 PM
mbar-log-2015-02-11 (16-58-02).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 399886
Time elapsed: 20 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ (Trojan.Zaccess) -> Data:  -> Delete on reboot. [8baabd60d2b82a0cfa6f699929d71be5]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Camarena\AppData\Local\Google\Desktop\Install\{12d4745f-f511-0a05-eeff-863635c77297} (Trojan.0Access) -> Delete on reboot. [122306174e3c91a5ce976d95c739a55b]
 
Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3509093666-3302446129-1051107081-1000\$R310B2D.exe (Trojan.Dorkbot.ED) -> Delete on reboot. [67ce23fa97f39f971301f88e8e73ed13]
C:\$Recycle.Bin\S-1-5-21-3509093666-3302446129-1051107081-1000\$R61WQPQ.exe (Trojan.Agent.0BGen2) -> Delete on reboot. [49ec2fee6e1cf73fc4e18a814cb69967]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
ComboFix 15-02-09.01 - Camarena 02/11/2015  18:03:00.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1422 [GMT -8:00]
Running from: c:\users\Camarena\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1FB0F6B551.sys
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\O_1Qm4OZ1q.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\k4Crfr.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\I7yTJt.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpbmgahgcloenkmekhdbaoojpkdip\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Camarena\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\background.html
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\content.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\lsdb.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\manifest.json
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\O_1Qm4OZ1q.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\background.html
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\content.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\icon48.png
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\k4Crfr.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\lsdb.js
c:\users\Camarena\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\manifest.json
c:\users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Camarena\AppData\Local\nshB8C5.tmp
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\O_1Qm4OZ1q.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\k4Crfr.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhebechojcablldmdlmebjcmioahdomn\1.0\O_1Qm4OZ1q.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\k4Crfr.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdmkfdoaaknkjofpfcegnkceejocehgh\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gponajbpomilcmbmfoipobkikeopjjhp\145\Uj5ziLW.js
c:\windows\Downloaded Program Files\DM.0
c:\windows\Downloaded Program Files\DM.0\DMService.exe
c:\windows\Downloaded Program Files\DM.0\WhlMgr.dll
c:\windows\msdownld.tmp
c:\windows\TEMP\jna2508847053136800885.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DMService
-------\Service_DMService
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-12 to 2015-02-12  )))))))))))))))))))))))))))))))
.
.
2015-02-12 02:18 . 2015-02-12 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-11 13:51 . 2015-02-12 02:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-11 10:20 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9193B7B-8CDF-4C4B-BB5A-592890BF4630}\mpengine.dll
2015-02-11 06:09 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 06:09 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 06:07 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 05:37 . 2015-02-11 06:03 -------- d-----w- C:\FRST
2015-02-11 05:06 . 2014-09-17 00:41 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F32C58B-C21F-45B3-97D0-7CD63493C2AE}\gapaengine.dll
2015-02-11 05:06 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-09 23:45 . 2015-02-09 23:45 -------- d-----w- c:\program files\Enigma Software Group
2015-02-09 05:41 . 2015-02-09 05:41 -------- d-----w- c:\program files (x86)\ESET
2015-02-08 18:09 . 2013-09-20 18:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-02-08 17:20 . 2015-02-08 17:21 -------- d-----w- c:\program files (x86)\iTunes
2015-02-08 17:20 . 2015-02-08 17:20 -------- d-----w- c:\program files\iPod
2015-02-08 17:20 . 2015-02-08 17:21 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-24 21:22 . 2015-01-24 21:23 -------- d-----w- c:\users\Camarena\AppData\Local\YfPack
2015-01-24 21:21 . 2015-01-27 19:07 -------- d-----w- c:\users\Camarena\AppData\Local\Oswics
2015-01-24 21:04 . 2015-01-24 21:04 2264064 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2015-01-24 20:52 . 2015-02-04 02:40 -------- d-----w- c:\program files (x86)\GetFLV
2015-01-24 20:00 . 2015-02-09 04:43 -------- d-----w- c:\users\Camarena\AppData\Roaming\AnvSoft
2015-01-24 17:31 . 2015-01-24 17:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-01-20 02:08 . 2015-02-12 00:57 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-20 02:08 . 2015-02-12 00:56 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-20 02:08 . 2015-01-20 02:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-20 02:08 . 2015-01-20 02:08 -------- d-----w- c:\programdata\Malwarebytes
2015-01-20 02:08 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-20 02:08 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-20 01:38 . 2015-02-11 14:28 -------- d-----w- C:\AdwCleaner
2015-01-19 18:12 . 2015-01-19 18:12 -------- d-----w- c:\users\Camarena\AppData\Roaming\Safer Networking
2015-01-19 18:12 . 2015-01-20 03:41 -------- d-----w- c:\users\Camarena\AppData\Local\9272
2015-01-19 18:10 . 2015-02-08 18:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2015-01-19 17:49 . 2015-01-19 17:52 -------- d-----w- c:\users\Camarena\AppData\Local\23BE9D34-1B52-DB45-A3C0-C63B2F87847D
2015-01-19 17:38 . 2015-01-19 17:38 -------- d-----w- c:\programdata\SearchModulePlus
2015-01-18 10:55 . 2015-01-18 10:55 820072 ----a-w- c:\program files\Common Files\System\SysMenu64.dll
2015-01-18 10:55 . 2015-01-18 10:55 649064 ----a-w- c:\program files\Common Files\System\SysMenu.dll
2015-01-15 00:02 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-15 00:02 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-15 00:02 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-15 00:02 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-15 00:02 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-15 00:02 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 03:17 . 2015-01-14 03:17 18479800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 01:43 . 2013-11-23 22:44 1994 --sha-w- c:\programdata\KGyGaAvL.sys
2015-02-11 11:17 . 2013-11-23 08:57 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-24 17:30 . 2014-08-11 04:39 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-31 11:14 . 2013-11-23 04:33 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-11-19 12:31 . 2014-11-19 12:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-19 02:06 . 2014-11-19 02:06 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Afworks"="c:\users\Camarena\AppData\Local\Oswics\AdobeLinguistic.dll" [2015-01-24 1295360]
"YfPack"="c:\users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll" [2015-01-24 1290240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-21 60712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-08-24 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2009-08-24 331776]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-27 195240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2013-4-8 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TridVid;Trident Analog Video;c:\windows\system32\DRIVERS\TridVid.sys;c:\windows\SYSNATIVE\DRIVERS\TridVid.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 05:53 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23 04:57]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23 04:57]
.
2015-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000Core.job
- c:\users\Camarena\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19 06:35]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000UA.job
- c:\users\Camarena\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19 06:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2015-01-24 21:04 2779648 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E95DBA9-66F3-449D-B332-32E3DDDC6189}: NameServer = 8.8.8.8,8.8.8.8
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 1970-05-29 10:18; {FF91F1D2-04EA-E8B6-417B-0A08A240896E}; - 
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe Acrobat Synchronizer - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
Wow6432Node-HKCU-Run-iports - c:\program files (x86)\Open Deployment\iports.exe
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="XBrowserHTM.LVYT73GPW5TDSIZBIOW6SZR6AY"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="XBrowserHTM.LVYT73GPW5TDSIZBIOW6SZR6AY"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="XBrowserHTM.LVYT73GPW5TDSIZBIOW6SZR6AY"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="XBrowserHTM.LVYT73GPW5TDSIZBIOW6SZR6AY"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3509093666-3302446129-1051107081-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2015-02-11  18:27:52 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-12 02:27
.
Pre-Run: 1,717,945,647,104 bytes free
Post-Run: 1,717,235,949,568 bytes free
.
- - End Of File - - 651F4C5F45DD5B55063B5D4807534037
A36C5E4F47E84449FF07ED3517B43A31
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by Camarena (administrator) on 11-02-2015 at 18:29:28
Running from "C:\Users\Camarena\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 14 February 2015 - 04:34 AM

Hello red66bug,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 14 February 2015 - 12:48 PM

Seems to be running better.

 

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 09:27:05
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Camarena - CAMARENA-PC
# Running from : C:\Users\Camarena\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [11329 bytes] - [19/01/2015 17:38:35]
AdwCleaner[R1].txt - [1883 bytes] - [11/02/2015 06:26:26]
AdwCleaner[R2].txt - [1942 bytes] - [14/02/2015 09:16:44]
AdwCleaner[S0].txt - [13691 bytes] - [19/01/2015 18:01:01]
AdwCleaner[S1].txt - [1883 bytes] - [14/02/2015 09:27:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1942  bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Camarena on Sat 02/14/2015 at  9:34:49.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Camarena\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Camarena\appdata\local\thinstall"
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{0B7D55E3-CADF-4477-B408-C822AABB215F}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{2DAE0721-C5B7-4C58-8EEB-D32FA0F9791C}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{2FB786CB-AABF-42C1-BB1C-98B9B30B072C}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{365107BF-2BD6-4AFD-A914-0F6E21F15161}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{3D644232-D1A9-4186-9B91-8D55F72AB4A0}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{6382BE05-0B94-4D54-BD50-A98CF0C0BC36}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{7BADA698-6FD8-448B-8F9B-363E61CF79A3}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{94ECB94C-D743-4A5A-8FF2-C1AEEFD9B9B4}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{C84E8843-91C2-4A82-B5F0-152CA95ECF5A}
Successfully deleted: [Empty Folder] C:\Users\Camarena\appdata\local\{F5D3E238-2B3B-4988-AD06-64F37234B63B}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Camarena\AppData\Roaming\mozilla\firefox\profiles\cf77glcl.default\prefs.js
 
user_pref("extensions.0iv1uXjtNr.url", "hxxp://downloadusaweb.info/sync2/?q=hfZ9ofV9CShEAen0qTs7tMqLDe49CNU0llrMCMlNhd9FqdaGrTaErds8rdsMBzqUojw9rdsGrdaFrHCGqSh7hfs0pihPBMn0rTs
Emptied folder: C:\Users\Camarena\AppData\Roaming\mozilla\firefox\profiles\cf77glcl.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/14/2015 at  9:38:13.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Camarena (administrator) on CAMARENA-PC on 14-02-2015 09:41:58
Running from C:\Users\Camarena\Desktop
Loaded Profiles: Camarena (Available profiles: Camarena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Sage Software, Inc.) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [28672 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe [331776 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [Afworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Camarena\AppData\Local\Oswics\AdobeLinguistic.dll
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [YfPack] => regsvr32.exe C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> {1837F8EB-8F91-4767-B759-0C4A583F07C2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> {2719B499-FD5F-4B7A-863D-33E7D3A7CAEB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3509093666-3302446129-1051107081-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.sdcda.org/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2E95DBA9-66F3-449D-B332-32E3DDDC6189}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @nsroblox.roblox.com/launcher -> C:\Users\Camarena\AppData\Local\Roblox\Versions\version-f77fe2742c314291\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Camarena\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3509093666-3302446129-1051107081-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Camarena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: DownloadHelper - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-14]
FF Extension: Apple Outlook DAV Config - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{FF91F1D2-04EA-E8B6-417B-0A08A240896E} [2015-01-24]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Camarena\AppData\Roaming\Mozilla\Firefox\Profiles\cf77glcl.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-12-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?s=F1Jzamodk011242,10ceec9f-ae28-4439-954d-cdea316050db,
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-11-22]
CHR Extension: (Google Docs) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Adblock for Youtube™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-09]
CHR Extension: (Google Search) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Black Menu for Google™) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2014-12-09]
CHR Extension: (Google Play Music) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-12]
CHR Extension: (Google Sheets) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-11-22]
CHR Extension: (AdBlock) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-15]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-02-19]
CHR Extension: (Google Play Music) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-02-19]
CHR Extension: (Hangouts) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-10-31]
CHR Extension: (Google Mail Checker) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Adblock Pro) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-02-19]
CHR Extension: (Google Quick Scroll) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-02-19]
CHR Extension: (Click&Clean App) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-19]
CHR Extension: (Gmail) - C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-02-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-22] (Macrovision Europe Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170712 2013-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [292056 2009-03-23] (Trident Multimedia Technologies Co.,Ltd) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 09:41 - 2015-02-14 09:41 - 00000000 ____D () C:\Users\Camarena\Desktop\FRST-OlderVersion
2015-02-14 09:38 - 2015-02-14 09:38 - 00002378 _____ () C:\Users\Camarena\Desktop\JRT.txt
2015-02-14 09:17 - 2015-02-14 09:18 - 01388274 _____ (Thisisu) C:\Users\Camarena\Desktop\JRT.exe
2015-02-13 20:27 - 2015-02-13 20:27 - 18550904 _____ () C:\Users\Camarena\Desktop\img114.tif
2015-02-12 05:34 - 2015-02-12 05:34 - 00000008 __RSH () C:\ProgramData\1FB0F6B551.sys
2015-02-11 18:29 - 2015-02-11 18:29 - 00002711 _____ () C:\Users\Camarena\Desktop\FSS.txt
2015-02-11 18:27 - 2015-02-11 18:27 - 00056837 _____ () C:\ComboFix.txt
2015-02-11 18:00 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-11 18:00 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-11 18:00 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-11 18:00 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-11 18:00 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-11 18:00 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-11 18:00 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-11 18:00 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-11 17:47 - 2015-02-11 18:27 - 00000000 ____D () C:\Qoobox
2015-02-11 17:45 - 2015-02-11 18:25 - 00000000 ____D () C:\Windows\erdnt
2015-02-11 16:57 - 2015-02-11 16:57 - 05611930 ____R (Swearware) C:\Users\Camarena\Desktop\ComboFix.exe
2015-02-11 16:57 - 2015-02-11 16:57 - 00415232 _____ (Farbar) C:\Users\Camarena\Desktop\FSS.exe
2015-02-11 16:48 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 16:48 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 16:48 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 16:48 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 05:51 - 2015-02-11 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-11 05:50 - 2015-02-11 17:27 - 00000000 ____D () C:\Users\Camarena\Desktop\mbar
2015-02-11 05:42 - 2015-02-11 05:42 - 02112512 _____ () C:\Users\Camarena\Desktop\AdwCleaner.exe
2015-02-11 05:41 - 2015-02-11 05:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Camarena\Desktop\mbar-1.08.3.1004.exe
2015-02-11 05:41 - 2015-02-11 05:41 - 00852594 _____ () C:\Users\Camarena\Desktop\SecurityCheck.exe
2015-02-10 22:11 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 22:11 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 22:11 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 22:11 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 22:11 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 22:11 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 22:11 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 22:11 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 22:11 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 22:11 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 22:11 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 22:11 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 22:11 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 22:11 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 22:11 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 22:11 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 22:11 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 22:11 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 22:11 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 22:11 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 22:11 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 22:11 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 22:11 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 22:10 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 22:10 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 22:10 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 22:10 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 22:10 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 22:10 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 22:10 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 22:10 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 22:10 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 22:10 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 22:10 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 22:10 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 22:10 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 22:10 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 22:10 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 22:10 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 22:10 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 22:10 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 22:10 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 22:10 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 22:10 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 22:10 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 22:10 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 22:10 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 22:10 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 22:10 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 22:10 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 22:10 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 22:10 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 22:10 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 22:10 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 22:10 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 22:10 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 22:10 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 22:10 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 22:10 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 22:10 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 22:10 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 22:10 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 22:10 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 22:10 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 22:10 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 22:10 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 22:10 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 22:10 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 22:10 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 22:10 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 22:10 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 22:10 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 22:10 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 22:10 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 22:10 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 22:10 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 22:10 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 22:10 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 22:10 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 22:10 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 22:10 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 22:10 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 22:10 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 22:10 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 22:10 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 22:10 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 22:10 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 22:10 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 22:10 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 22:10 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 22:10 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 22:10 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 22:10 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 22:09 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 22:09 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 22:07 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:39 - 2015-02-10 22:03 - 00040134 _____ () C:\Users\Camarena\Desktop\Addition.txt
2015-02-10 21:37 - 2015-02-14 09:42 - 00024471 _____ () C:\Users\Camarena\Desktop\FRST.txt
2015-02-10 21:37 - 2015-02-14 09:42 - 00000000 ____D () C:\FRST
2015-02-10 21:36 - 2015-02-14 09:41 - 02134528 _____ (Farbar) C:\Users\Camarena\Desktop\FRST64.exe
2015-02-09 15:46 - 2015-02-09 15:46 - 00000000 _____ () C:\autoexec.bat
2015-02-09 15:45 - 2015-02-09 15:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Camarena\Desktop\SpyHunter-Installer.exe
2015-02-09 15:45 - 2015-02-09 15:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-09 01:26 - 2015-02-09 01:26 - 00019167 _____ () C:\Users\Camarena\Desktop\eset list.txt
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-08 21:40 - 2015-02-08 21:40 - 02347384 _____ (ESET) C:\Users\Camarena\Desktop\esetsmartinstaller_enu.exe
2015-02-08 21:40 - 2015-02-08 21:40 - 00210176 _____ (ESET) C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe
2015-02-08 21:40 - 2015-02-08 21:40 - 00003272 _____ () C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe_20150208.214011.3832.log
2015-02-08 21:38 - 2015-02-08 21:38 - 00003272 _____ () C:\Users\Camarena\Desktop\ESETSimdaCleaner.exe_20150208.213800.7136.log
2015-02-08 20:16 - 2015-02-08 20:41 - 956574129 _____ () C:\Users\Camarena\Desktop\Yesvideo_Title_1.mp4
2015-02-08 10:09 - 2015-02-08 10:09 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-08 10:09 - 2015-02-08 10:09 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-08 10:09 - 2015-02-08 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-08 10:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-08 10:06 - 2015-02-08 10:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Camarena\Desktop\spybot-2.4.exe
2015-02-08 09:21 - 2015-02-08 09:21 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-08 09:21 - 2015-02-08 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-08 09:20 - 2015-02-08 09:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-08 09:20 - 2015-02-08 09:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-08 09:20 - 2015-02-08 09:20 - 00000000 ____D () C:\Program Files\iPod
2015-02-04 23:18 - 2015-02-04 23:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-04 22:52 - 2015-02-04 22:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-24 13:22 - 2015-01-24 13:23 - 00000000 ____D () C:\Users\Camarena\AppData\Local\YfPack
2015-01-24 13:21 - 2015-01-27 11:07 - 00000000 ____D () C:\Users\Camarena\AppData\Local\Oswics
2015-01-24 13:04 - 2015-01-24 13:04 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-24 12:58 - 2015-01-24 12:58 - 00000032 _____ () C:\Windows\GetFLV.ini
2015-01-24 12:52 - 2015-02-03 18:40 - 00000000 ____D () C:\Program Files (x86)\GetFLV
2015-01-24 12:00 - 2015-02-08 20:43 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\AnvSoft
2015-01-24 11:18 - 2015-01-24 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 09:34 - 2015-02-05 06:30 - 00000000 ____D () C:\Users\Camarena\Desktop\Zeke's stuff
2015-01-19 18:51 - 2015-01-19 18:51 - 565633927 _____ () C:\Windows\MEMORY.DMP
2015-01-19 18:51 - 2015-01-19 18:51 - 00275208 _____ () C:\Windows\Minidump\011915-49779-01.dmp
2015-01-19 18:51 - 2015-01-19 18:51 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 18:08 - 2015-02-11 16:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 18:08 - 2015-02-11 16:56 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 18:08 - 2015-01-19 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 18:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 18:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 17:38 - 2015-02-14 09:27 - 00000000 ____D () C:\AdwCleaner
2015-01-19 15:04 - 2015-01-19 15:04 - 00003156 _____ () C:\Windows\System32\Tasks\{92E0B5B8-AE98-4AA6-A262-1BA59CCB6655}
2015-01-19 15:02 - 2015-01-19 15:06 - 00000000 ____D () C:\Users\Camarena\Desktop\backups
2015-01-19 10:13 - 2015-01-19 10:13 - 00000000 ____D () C:\Users\Camarena\Documents\TagsRevisited
2015-01-19 10:12 - 2015-01-19 19:41 - 00000000 ____D () C:\Users\Camarena\AppData\Local\9272
2015-01-19 10:12 - 2015-01-19 10:12 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Safer Networking
2015-01-19 10:10 - 2015-02-08 10:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-19 10:02 - 2015-01-19 17:21 - 00001409 _____ () C:\ProgramData\tempimage.bmp
2015-01-19 09:49 - 2015-02-14 09:18 - 00000000 ____D () C:\Users\Camarena\AppData\Local\23BE9D34-1B52-DB45-A3C0-C63B2F87847D
2015-01-19 09:45 - 2015-01-19 09:45 - 00003524 _____ () C:\Windows\System32\Tasks\PastaLeads
2015-01-19 09:38 - 2015-01-19 09:38 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-18 10:43 - 2015-02-14 09:26 - 00000000 ____D () C:\Users\Camarena\Desktop\books
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 09:39 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 09:39 - 2009-07-13 20:45 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 09:34 - 2014-10-20 20:09 - 00004998 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Camarena-PC-Camarena Camarena-PC
2015-02-14 09:33 - 2013-11-23 14:44 - 00001994 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-14 09:31 - 2013-11-22 20:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 09:30 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 09:30 - 2009-07-13 20:51 - 11465021 _____ () C:\Windows\setupact.log
2015-02-14 09:27 - 2013-11-22 19:29 - 01682727 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 09:14 - 2013-11-25 13:51 - 00000000 ____D () C:\Users\Camarena\Documents\Outlook Files
2015-02-14 09:14 - 2013-11-22 20:53 - 00000000 ____D () C:\Users\Camarena\Outlook
2015-02-14 09:08 - 2013-12-18 22:35 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000UA.job
2015-02-14 08:52 - 2013-11-22 20:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 15:08 - 2013-12-18 22:35 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000Core.job
2015-02-12 04:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 03:08 - 2013-12-07 16:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:04 - 2013-11-22 20:28 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:04 - 2013-11-22 20:28 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:03 - 2013-11-22 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 03:02 - 2013-11-22 20:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 21:20 - 2014-11-09 19:54 - 00000000 ____D () C:\Users\Camarena\Desktop\Library stuff
2015-02-11 20:00 - 2013-11-24 20:21 - 00000000 ____D () C:\Users\Camarena\Documents\Zeke's Reports
2015-02-11 19:05 - 2014-08-04 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 19:05 - 2013-11-23 14:41 - 00864680 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 18:27 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2015-02-11 18:21 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 18:20 - 2013-11-22 19:31 - 00383062 _____ () C:\Windows\PFRO.log
2015-02-11 18:19 - 2009-07-13 18:34 - 18612224 _____ () C:\Windows\system32\config\system.bak
2015-02-11 18:19 - 2009-07-13 18:34 - 119537664 _____ () C:\Windows\system32\config\software.bak
2015-02-11 18:19 - 2009-07-13 18:34 - 04980736 _____ () C:\Windows\system32\config\default.bak
2015-02-11 18:19 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-11 18:19 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-11 04:45 - 2009-07-13 20:45 - 02370272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 04:38 - 2014-12-13 12:02 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 04:38 - 2014-05-01 17:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 04:13 - 2013-11-22 22:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 04:13 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 03:59 - 2013-11-23 00:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:17 - 2013-11-23 00:57 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 20:15 - 2014-10-27 21:25 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\dvdcss
2015-02-08 14:10 - 2013-11-24 13:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-08 10:16 - 2013-11-24 13:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-08 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2015-02-08 09:21 - 2014-10-19 07:26 - 00000000 ____D () C:\Program Files\iTunes
2015-02-08 09:20 - 2013-11-22 22:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-05 21:47 - 2013-11-22 20:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 21:47 - 2013-11-22 20:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 19:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-05 15:03 - 2013-12-18 22:35 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000UA
2015-02-05 15:03 - 2013-12-18 22:35 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3509093666-3302446129-1051107081-1000Core
2015-02-04 23:47 - 2013-11-22 21:14 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Adobe
2015-02-04 23:03 - 2014-06-30 11:43 - 00000000 ____D () C:\Users\Camarena\AppData\Local\Adobe
2015-02-04 22:51 - 2013-11-22 21:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-04 22:51 - 2013-11-22 21:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-03 19:13 - 2013-11-22 20:28 - 00114472 _____ () C:\Users\Camarena\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-03 07:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-02 20:27 - 2013-11-22 19:21 - 00000000 ____D () C:\Users\Camarena
2015-02-02 20:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-01-31 12:53 - 2014-10-26 10:46 - 00000000 ____D () C:\Users\Camarena\Desktop\IMRA
2015-01-25 12:30 - 2013-11-22 21:17 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-25 11:18 - 2013-12-06 22:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 13:29 - 2013-11-23 14:50 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Azureus
2015-01-24 13:04 - 2009-07-13 18:34 - 00001509 __RSH () C:\Windows\system32\Drivers\etc\hosts.20150208-100849.backup
2015-01-24 13:01 - 2013-12-06 22:47 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\vlc
2015-01-24 11:59 - 2013-12-01 15:34 - 00000000 ____D () C:\Users\Camarena\Desktop\PortableAppz
2015-01-24 09:34 - 2013-12-04 19:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 09:33 - 2014-08-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 09:30 - 2014-08-10 20:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 09:30 - 2014-08-10 20:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 22:49 - 2014-01-13 23:17 - 01156226 _____ () C:\Users\Camarena\ClientLog.log
2015-01-19 19:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2015-01-19 18:01 - 2013-12-01 15:52 - 00000000 ____D () C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft WSE 3.0
2015-01-19 12:03 - 2014-02-19 16:25 - 00000000 ____D () C:\ProgramData\GreatSoft
2015-01-19 09:44 - 2013-12-06 22:22 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 09:44 - 2013-11-22 19:43 - 00001417 _____ () C:\Users\Camarena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-19 09:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
 
==================== Files in the root of some directories =======
 
2013-11-23 14:44 - 2013-11-23 14:44 - 0000000 ____H () C:\Users\Camarena\AppData\Roaming\ActUpdate.log
2014-03-24 21:05 - 2014-03-24 21:05 - 0000093 _____ () C:\Users\Camarena\AppData\Roaming\ARCompanion.log
2013-11-23 14:43 - 2013-11-23 14:43 - 0030568 _____ () C:\Users\Camarena\AppData\Roaming\NGEN_AppLog_Install.txt
2013-03-21 17:12 - 2013-03-21 17:12 - 16582855 _____ (PortableXapps®) C:\Users\Camarena\AppData\Roaming\xPDFConverterPortable_1.0.3.0522.paf.exe
2013-12-01 17:45 - 2014-08-27 21:02 - 0006144 _____ () C:\Users\Camarena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 05:34 - 2015-02-12 05:34 - 0000008 __RSH () C:\ProgramData\1FB0F6B551.sys
2013-11-23 14:44 - 2015-02-14 09:33 - 0001994 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-02-25 21:50 - 2014-03-09 21:00 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-19 10:02 - 2015-01-19 17:21 - 0001409 _____ () C:\ProgramData\tempimage.bmp
ZeroAccess:
C:\Users\Camarena\AppData\Local\Google\Desktop\Install
 
Some content of TEMP:
====================
C:\Users\Camarena\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Camarena\AppData\Local\Temp\Quarantine.exe
C:\Users\Camarena\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 00:14
 
==================== End Of Log ============================
 
Thank you again for your help.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 14 February 2015 - 01:12 PM

Hello red66bug,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [YfPack] => regsvr32.exe C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Camarena\AppData\Local\Google\Desktop\Install
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 14 February 2015 - 02:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by Camarena at 2015-02-14 10:55:13 Run:1
Running from C:\Users\Camarena\Desktop
Loaded Profiles: Camarena (Available profiles: Camarena)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
EmptyTemp:
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\...\Run: [YfPack] => regsvr32.exe C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Camarena\AppData\Local\Google\Desktop\Install
end
*****************
 
HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YfPack => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-3509093666-3302446129-1051107081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.
C:\Users\Camarena\AppData\Local\Google\Desktop\Install => Moved successfully.
EmptyTemp: => Removed 1.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:56:47 ====


#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 14 February 2015 - 02:09 PM

Hello red66bug,


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u25-windows-i586.exe or Windows x64: jre-8u25-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 15 February 2015 - 09:56 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/14/2015
Scan Time: 11:56:09 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.15.01
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Camarena
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427216
Time Elapsed: 19 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD2EB.exe, 5432, Delete-on-Reboot, [6a530f0f7812cb6b039bbcca3fc209f7]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD2EB.exe, Delete-on-Reboot, [6a530f0f7812cb6b039bbcca3fc209f7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESETSCAN:
 
 
C:\AdwCleaner\Quarantine\C\Users\Camarena\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/Adware.AdService.H application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Sony\Vegas Pro 9.0\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.HU potentially unsafe application
C:\Program Files (x86)\GetFLV\keygen.exe a variant of Win32/Packed.VMProtect.ABD trojan
C:\Program Files (x86)\GetFLV\LOADER\keygen.exe a variant of Win32/Packed.VMProtect.ABD trojan
C:\ProgramData\InstallMate\{F5935355-42F8-41BF-A354-0ADA2E7071A3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdBlockAndSurf3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\VuuPC4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\VuuPC5.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Camarena\AppData\Local\nshB8C5.tmp.vir Win32/VOPackage.BC potentially unwanted application
C:\Users\All Users\InstallMate\{F5935355-42F8-41BF-A354-0ADA2E7071A3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\AdBlockAndSurf3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\VuuPC4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\VuuPC5.zip Win32/Bagle.gen.zip worm
C:\Users\Camarena\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/InstalleRex.M potentially unwanted application
C:\Users\Camarena\AppData\Local\Oswics\AdobeLinguistic.dll a variant of Win32/Boaxxe.CO.gen trojan
C:\Users\Camarena\AppData\Local\YfPack\CNBP_156.DLL a variant of Win32/Boaxxe.CO.gen trojan
C:\Users\Camarena\AppData\Local\YfPack\mc_enc_amr.dll a variant of Win32/Boaxxe.CO.gen trojan
C:\Users\Camarena\AppData\Roaming\Adobe\Flash Player\File Cache\rss.exe a variant of Win32/BitCoinMiner.AK potentially unsafe application
C:\Users\Camarena\Desktop\PortableAppz\Voice Changer\Voice Changer 7.0 Diamond.exe a variant of Win32/Server-Web.HFS.A potentially unsafe application
D:\Downloads\7ZipSetup.exe NSIS/TrojanDownloader.Adload.O trojan
D:\Downloads\epson14500.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\Downloads\New Pack NewBlueFX II\NewBlueFX\NewBlue Keygen Audio 2011\NewBlue Keygen Audio 2011.exe a variant of Win32/Keygen.AR potentially unsafe application
D:\Downloads\New Pack NewBlueFX II\NewBlueFX\NewBlue Keygen Video 2011\NewBlue Keygen Video 2011.exe a variant of Win32/Keygen.AR potentially unsafe application
D:\Downloads\Pinnacle Studio Plus v9.3 ActivationKeys Crack\keygen.exe a variant of Win32/Keygen.AZ potentially unsafe application
D:\Downloads\Sony Vegas Pro 9 Activation by tano1221\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.HU potentially unsafe application
Operating memory a variant of Win32/Boaxxe.CO.gen trojan
 


#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 15 February 2015 - 11:11 AM

Hello red66bug,

ESET found a lot of keygens.

We do not approve of nor support illegal software. Cracked software is not only unethical, it's a good way to get your machine infected. Malware and virus authors love to spread their infections via cracks. I recommend you cease this activity and get rid of any cracked software.

Don't download/run keygens or cracks. Most are infected by some kind of malware.
At the least you get adware popups and junk links to junk sites. At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.

Crack sites are just as bad.
Simply visiting the site out of curiosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.

I do not remove those, because the related software may show errors or stops working, if we delete the keygens.

For that reason, it is impossible to clean your pc complete, unless you uninstall all cracked apps and keygens.
C:\Program Files\Sony\Vegas Pro 9.0\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.HU potentially unsafe application
C:\Program Files (x86)\GetFLV\keygen.exe a variant of Win32/Packed.VMProtect.ABD trojan
C:\Program Files (x86)\GetFLV\LOADER\keygen.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Downloads\New Pack NewBlueFX II\NewBlueFX\NewBlue Keygen Audio 2011\NewBlue Keygen Audio 2011.exe a variant of Win32/Keygen.AR potentially unsafe application
D:\Downloads\New Pack NewBlueFX II\NewBlueFX\NewBlue Keygen Video 2011\NewBlue Keygen Video 2011.exe a variant of Win32/Keygen.AR potentially unsafe application
D:\Downloads\Pinnacle Studio Plus v9.3 ActivationKeys Crack\keygen.exe a variant of Win32/Keygen.AZ potentially unsafe application
D:\Downloads\Sony Vegas Pro 9 Activation by tano1221\Sony Products Multikeygen v1.8.exe a variant of Win32/Keygen.HU potentially unsafe application

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
C:\Users\Camarena\AppData\Local\YfPack
D:\Downloads\epson14500.exe
D:\Downloads\7ZipSetup.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


Edited by Jo*, 15 February 2015 - 11:13 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 15 February 2015 - 09:23 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Camarena at 2015-02-15 17:12:43 Run:2
Running from C:\Users\Camarena\Desktop
Loaded Profiles: Camarena (Available profiles: Camarena)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
EmptyTemp:
C:\Users\Camarena\AppData\Local\YfPack
D:\Downloads\epson14500.exe
D:\Downloads\7ZipSetup.exe
end
*****************
 
C:\Users\Camarena\AppData\Local\YfPack => Moved successfully.
D:\Downloads\epson14500.exe => Moved successfully.
D:\Downloads\7ZipSetup.exe => Moved successfully.
EmptyTemp: => Removed 380.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:13:02 ====
 
I deleted those keygens as well.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:25 AM

Posted 16 February 2015 - 03:14 AM

Hello red66bug,

Your remaining issues are related to keygens, if you need still help, please start a new topic.
 

***


Clean up:

We used Combofix.
Deactivate your antivirus software once more.
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    CF-Uninstall.png
Enable your antivirus software.


***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
EmptyTemp:
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP is no longer supported from MS.
    This is a security risk anyway.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 red66bug

red66bug
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 16 February 2015 - 02:58 PM

Thank you for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users