Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop is infected with Desktop Temperature Monitor


  • This topic is locked This topic is locked
23 replies to this topic

#1 DanK3509

DanK3509

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 15 February 2015 - 06:21 PM

I cannot go onto the internet without getting popups and being redirected, the popups say they are provided by Desktop Temperature Monitor and i have tried to delete it multiple times. I ran Combofix and that did not work so now I am going to you guys for help.I have attached the Addition scan and here are my FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Dan K (administrator) on DAN on 15-02-2015 18:08:19
Running from C:\Users\Test\Downloads
Loaded Profiles: UpdatusUser & Dank7663 & Dan K & Guest (Available profiles: UpdatusUser & Dank7663 & Dan K & Guest)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
() C:\Program Files (x86)\VLC media player\VLCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Test\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [VLCService] => C:\Program Files (x86)\VLC media player\VLCSvc.exe [240640 2014-09-28] ()
HKLM-x32\...\Run: [Ad Muncher] => C:\Users\Test\Downloads\AdMunch.exe [595144 2014-10-11] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-700946862-2396066443-3623411621-1004\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fast Connect.lnk
ShortcutTarget: Fast Connect.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe (No File)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Test\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe (No File)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Test\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-700946862-2396066443-3623411621-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-700946862-2396066443-3623411621-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-700946862-2396066443-3623411621-501\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-700946862-2396066443-3623411621-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
URLSearchHook: [S-1-5-21-700946862-2396066443-3623411621-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8E7D92A4-643B-406F-B6C6-3C287765307B} URL = 
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {C585BE2F-C5C0-4450-98D2-C55B97067E5E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {6DBE36D1-B345-473E-A97D-891BC09ADD83} URL = http://search.whiteskyservices.com/?wstoken=7041B42E-A6C2-4A03-B791-EC566CDFEABC&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {8E7D92A4-643B-406F-B6C6-3C287765307B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12311220432431198&UM=2
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12311220432431198&UM=2
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.1210.3\NativeBHO.dll (WhiteSky)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog9 01 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 02 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 03 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 04 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 05 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 17 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\euy7jeny.default-1423281060784
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.5\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-15]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-18]
CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
CHR Extension: (Groovorio New Tab) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-10-04]
CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-06]
CHR Extension: (uTorrentControl_v6) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-11-28]
CHR Extension: (Google Search) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-11]
CHR Extension: (Website Logon) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-01-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-10-18]
CHR Extension: (Google Wallet) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S4 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Dank7663\AppData\Local\Temp\7zS3D23\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AntiLog32; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-31] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132408 2013-01-21] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD02010.005\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-29] (Symantec Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-26] (REALiX™)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.001\ENG64.SYS [129752 2015-01-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.001\EX64.SYS [2137304 2015-01-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [84720 2013-05-19] (Dataram, Inc.)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 18:08 - 2015-02-15 18:08 - 00032074 _____ () C:\Users\Test\Downloads\FRST.txt
2015-02-15 18:08 - 2015-02-15 18:08 - 00000000 ____D () C:\FRST
2015-02-15 18:07 - 2015-02-15 18:07 - 02085888 _____ (Farbar) C:\Users\Test\Downloads\frst64.exe
2015-02-15 18:07 - 2015-02-15 18:07 - 02085888 _____ (Farbar) C:\Users\Test\Downloads\FRST64 (1).exe
2015-02-15 13:31 - 2015-02-15 13:31 - 00029650 _____ () C:\ComboFix.txt
2015-02-15 13:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 13:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 13:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 13:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 13:15 - 2015-02-15 13:15 - 104860848 ____C () C:\RAMDisk.img
2015-02-15 13:12 - 2015-02-15 13:12 - 00000000 ____D () C:\Windows\pss
2015-02-15 12:47 - 2015-02-03 14:29 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-15 12:47 - 2015-02-03 14:29 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 12:44 - 2015-02-15 13:38 - 00010486 _____ () C:\Windows\PFRO.log
2015-02-15 12:44 - 2015-02-15 12:44 - 104860848 ____C () C:\RAMDisk.img.bak
2015-02-15 12:40 - 2015-02-15 12:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 12:40 - 2015-02-15 12:40 - 00000000 _____ () C:\Windows\setupact.log
2015-02-15 12:36 - 2015-02-15 13:31 - 00000000 ____D () C:\Qoobox
2015-02-15 12:35 - 2015-02-15 13:29 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 12:34 - 2015-02-15 12:34 - 05611771 ____R (Swearware) C:\Users\Test\Downloads\ComboFix.exe
2015-02-14 21:31 - 2015-02-15 12:46 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDan K.job
2015-02-14 21:31 - 2015-02-14 21:31 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDan K
2015-02-14 21:26 - 2015-02-15 17:32 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 21:26 - 2015-02-15 16:54 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 23:14 - 2015-02-06 23:17 - 00000000 ____D () C:\Users\Test\AppData\Local\Popcorn-Time
2015-02-06 23:13 - 2015-02-06 23:13 - 00002208 _____ () C:\Users\Test\Desktop\Popcorn Time.lnk
2015-02-06 23:13 - 2015-02-06 23:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-02-06 23:13 - 2015-02-06 23:13 - 00000000 ____D () C:\Users\Test\AppData\Local\Popcorn Time
2015-02-06 23:11 - 2015-02-06 23:12 - 23236288 _____ (Popcorn Official) C:\Users\Test\Downloads\Popcorn-Time-0.3.7.1-Setup.exe
2015-01-31 13:10 - 2015-01-31 13:11 - 00304264 _____ () C:\Windows\Minidump\013115-57718-01.dmp
2015-01-30 13:11 - 2015-01-30 13:14 - 00000000 ____D () C:\AdwCleaner
2015-01-30 13:10 - 2015-01-30 13:10 - 02194432 _____ () C:\Users\Test\Downloads\AdwCleaner.exe
2015-01-27 23:33 - 2015-01-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-27 23:23 - 2015-01-27 23:24 - 05165056 _____ () C:\Users\Test\Downloads\HPSupportSolutionsFramework-11.51.0048.msi
2015-01-27 23:00 - 2015-01-27 23:01 - 00305832 _____ () C:\Windows\Minidump\012715-68437-01.dmp
2015-01-27 23:00 - 2015-01-27 23:00 - 00000000 _____ () C:\asc_rdflag
2015-01-25 23:25 - 2015-01-27 23:54 - 00000000 ____D () C:\Users\Test\AppData\Roaming\hpqlog
2015-01-25 20:43 - 2015-01-25 20:43 - 00131083 _____ () C:\Users\Test\Downloads\[kickass.so]cheerleaders.xxx.2008.digital.playground.720p.web.dl.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 18:05 - 2013-10-16 21:41 - 00000000 ____D () C:\Users\Test\AppData\Roaming\ID Vault
2015-02-15 18:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 17:25 - 2013-03-18 16:16 - 01925550 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 17:22 - 2013-06-14 19:55 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-02-15 17:16 - 2014-11-21 17:09 - 00000000 ___HD () C:\$Windows.~BT
2015-02-15 17:13 - 2013-04-15 20:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 17:10 - 2014-10-01 20:19 - 00000000 ____D () C:\Users\Test\AppData\Local\DesktopTemperature
2015-02-15 17:09 - 2013-11-28 13:23 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-02-15 16:52 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 13:28 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 13:15 - 2012-07-26 00:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-15 13:09 - 2014-05-26 00:07 - 00000000 ____D () C:\Users\Test\AppData\Local\CrashDumps
2015-02-15 13:09 - 2013-10-17 00:18 - 00282624 ___SH () C:\Users\Test\Desktop\Thumbs.db
2015-02-15 12:51 - 2012-07-26 02:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:47 - 2013-12-20 23:14 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-15 12:47 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-15 12:42 - 2013-11-28 13:21 - 00000000 ____D () C:\Users\Test\AppData\Roaming\uTorrent
2015-02-14 21:34 - 2013-10-13 12:21 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 21:31 - 2013-10-16 21:38 - 00000000 ____D () C:\Users\Test
2015-02-14 21:27 - 2013-03-19 20:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-14 21:26 - 2013-10-13 12:21 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 21:26 - 2013-10-13 12:21 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-14 21:05 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 20:52 - 2014-10-11 19:55 - 00002177 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2015-02-08 00:25 - 2013-10-18 17:35 - 00000000 ____D () C:\Users\Test\AppData\Roaming\vlc
2015-02-06 23:13 - 2014-11-12 19:13 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-06 23:13 - 2013-04-15 20:36 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 22:51 - 2014-12-26 11:14 - 00000000 ____D () C:\Users\Test\Desktop\Old Firefox Data
2015-02-03 20:36 - 2013-03-19 20:05 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-31 13:10 - 2014-04-26 03:28 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 00:17 - 2014-10-19 08:42 - 00321432 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 23:54 - 2012-10-31 20:41 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-27 23:54 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup
2015-01-27 23:53 - 2013-03-08 22:51 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-01-27 23:52 - 2013-03-08 23:09 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2015-01-27 23:52 - 2013-03-08 23:08 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-01-27 23:49 - 2013-03-08 22:35 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-27 23:27 - 2013-10-16 21:41 - 00000000 ____D () C:\Users\Test\AppData\Local\Hewlett-Packard
2015-01-27 23:24 - 2013-09-10 12:32 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-26 21:06 - 2014-01-26 08:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\IObit
2015-01-26 09:38 - 2014-01-26 08:20 - 00000000 ____D () C:\Users\Guest
2015-01-26 09:38 - 2013-03-18 16:16 - 00000000 ____D () C:\Users\Dank7663
2015-01-25 23:13 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2015-01-25 20:24 - 2014-10-11 19:55 - 00000250 _____ () C:\Windows\Tasks\ASC7_SkipUac_Dan K.job
 
==================== Files in the root of some directories =======
 
2013-03-18 16:20 - 2013-03-18 16:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 14:32
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 15 February 2015 - 06:46 PM

Hello DanK3509 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 15 February 2015 - 07:43 PM

Do you want to delete the Popups and Desktop Temperature Monitor softwares ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 15 February 2015 - 07:58 PM

Hi DanK3509,

IObit Uninstaller
Advanced SystemCare 7
IObit Malware Fighter
Driver Booster

Uninstall/remove all entries related to 10Bit or Advanced System Care, that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
-----------------------------------------------------------------
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

My suggestion:

 

IObit Uninstaller
Advanced SystemCare 7
IObit Malware Fighter
Driver Booster

uTorrentControl_v6 Toolbar
PC Speed Clean
µTorrent

Desktop Temperature  or Desktop Temperature Monitor

Mozilla Firefox 23.0.1

-------------------------------------------------------------------------------

 

Let me know and information when you get that done.

and;
Do you want to delete the Popups and Desktop Temperature Monitor softwares ?
 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 DanK3509

DanK3509
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2015 - 12:05 PM

Yes I want Popups and Desktop Temperature Monitor software completely removed from my computer. I have deleted IObit Uninstaller, IObit Malware Fighter, u TorrentCOntrol_v6 Toolbar, and Mozilla Firefox 23.0.1. I could not find Driver Booster or PC Speed Clean in the programs list. I have already deleted Desktop Temperature/ Desktop Temperature Monitor from the programs list a few weeks ago and obviously it didn't solve the problem.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 16 February 2015 - 01:08 PM

Hi DanK3509,
 
Okay,thanks.
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt  11.97KB  0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Regards.

Attached Files


Edited by olgun52, 25 February 2017 - 04:38 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 DanK3509

DanK3509
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2015 - 04:59 PM

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Dan K at 2015-02-16 14:25:09 Run:1
Running from C:\Users\Test\Downloads
Loaded Profiles: UpdatusUser & Dank7663 & Dan K & Guest (Available profiles: UpdatusUser & Dank7663 & Dan K & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Task: {17B8B862-F545-40C8-9C10-9422CB02112C} - System32\Tasks\Driver Booster SkipUAC (Dan K) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {57307727-9C71-4176-A856-860DEBEEB148} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {6B9A4E34-23B1-4973-8E13-4D14C0E1B387} - \RocketTab No Task File <==== ATTENTION
Task: {730A3F8B-7A50-4383-B68F-99A75A2AC215} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {785D4D16-E4C0-48C8-ADF5-596EF8F39097} - System32\Tasks\PCSpeedClean_Popup => C:\Program Files (x86)\PC Speed Clean\Splash.exe
Task: {8C362ADA-41FF-4951-BFB7-9D8F13A5EBE5} - \Driver Support-RTMRules No Task File <==== ATTENTION
Task: {8FA00E51-B29E-424B-AA63-BA89877D9039} - \Driver Support-RTMScanRunOnce No Task File <==== ATTENTION
Task: {97D3FE28-99D4-475A-98DD-67952AA5F7F5} - System32\Tasks\PCSpeedClean_Start => C:\Program Files (x86)\PC Speed Clean\PCSpeedClean.exe
Task: {9AC00D36-270C-4F95-ADDA-9ED0498875BD} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {C5CF8CE0-BC37-47C8-BF98-2A11E708B243} - \Driver Support-RTMUpdater No Task File <==== ATTENTION
Task: {CA12C9E0-6A93-4C9C-A385-497CB65735AE} - System32\Tasks\ASC7_SkipUac_Dan K => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {E73C9559-BD78-49C3-9FBF-64A196737BE5} - \Driver Support-RTMScan No Task File <==== ATTENTION
Task: C:\Windows\Tasks\ASC7_SkipUac_Dan K.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDan K.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Users\Test\Downloads\FRST64 (1).exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-700946862-2396066443-3623411621-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {C585BE2F-C5C0-4450-98D2-C55B97067E5E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {6DBE36D1-B345-473E-A97D-891BC09ADD83} URL = http://search.whiteskyservices.com/?wstoken=7041B42E-A6C2-4A03-B791-EC566CDFEABC&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {8E7D92A4-643B-406F-B6C6-3C287765307B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12311220432431198&UM=2
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12311220432431198&UM=2
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Program Files (x86)\uTorrentControl_v6\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-1010 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Toolbar: HKU\S-1-5-21-700946862-2396066443-3623411621-501 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
FF ProfilePath: C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\euy7jeny.default-1423281060784
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (uTorrentControl_v6) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-11-28]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]
S1 AntiLog32; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\Conduit
2015-01-25 20:24 - 2014-10-11 19:55 - 00000250 _____ () C:\Windows\Tasks\ASC7_SkipUac_Dan K.job
Winsock: Catalog9 01 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 02 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 03 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 04 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 05 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
Winsock: Catalog9 17 C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll [1046288] ()
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\StartupFolder: => "Desktop Temperature Monitor.lnk"
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\Run: => "uTorrent"
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe (No File)
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Test\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
ShortcutTarget: Desktop Temperature Monitor.lnk -> C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe (No File)
2014-03-03 20:55 - 2014-03-03 20:55 - 01046288 _____ () C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
2014-10-11 19:55 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-10-11 19:55 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-10-11 19:55 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-10-11 19:55 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\Run: => "Driver Support"   
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17B8B862-F545-40C8-9C10-9422CB02112C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17B8B862-F545-40C8-9C10-9422CB02112C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Dan K) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Dan K)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57307727-9C71-4176-A856-860DEBEEB148}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57307727-9C71-4176-A856-860DEBEEB148}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B9A4E34-23B1-4973-8E13-4D14C0E1B387}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B9A4E34-23B1-4973-8E13-4D14C0E1B387}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730A3F8B-7A50-4383-B68F-99A75A2AC215} => Key not found. 
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{785D4D16-E4C0-48C8-ADF5-596EF8F39097}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{785D4D16-E4C0-48C8-ADF5-596EF8F39097}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCSpeedClean_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedClean_Popup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C362ADA-41FF-4951-BFB7-9D8F13A5EBE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C362ADA-41FF-4951-BFB7-9D8F13A5EBE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FA00E51-B29E-424B-AA63-BA89877D9039}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FA00E51-B29E-424B-AA63-BA89877D9039}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScanRunOnce" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97D3FE28-99D4-475A-98DD-67952AA5F7F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D3FE28-99D4-475A-98DD-67952AA5F7F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCSpeedClean_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSpeedClean_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AC00D36-270C-4F95-ADDA-9ED0498875BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC00D36-270C-4F95-ADDA-9ED0498875BD}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_PerformanceMonitor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_PerformanceMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5CF8CE0-BC37-47C8-BF98-2A11E708B243}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5CF8CE0-BC37-47C8-BF98-2A11E708B243}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA12C9E0-6A93-4C9C-A385-497CB65735AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA12C9E0-6A93-4C9C-A385-497CB65735AE}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_SkipUac_Dan K => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Dan K" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E73C9559-BD78-49C3-9FBF-64A196737BE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E73C9559-BD78-49C3-9FBF-64A196737BE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan" => Key deleted successfully.
C:\Windows\Tasks\ASC7_SkipUac_Dan K.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForDan K.job => Moved successfully.
C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job not found.
C:\Users\Test\Downloads\FRST64 (1).exe => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Error setting Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD}" => Key deleted successfully.
HKCR\CLSID\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C585BE2F-C5C0-4450-98D2-C55B97067E5E}" => Key deleted successfully.
HKCR\CLSID\{C585BE2F-C5C0-4450-98D2-C55B97067E5E} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD}" => Key deleted successfully.
HKCR\CLSID\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6DBE36D1-B345-473E-A97D-891BC09ADD83}" => Key deleted successfully.
HKCR\CLSID\{6DBE36D1-B345-473E-A97D-891BC09ADD83} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E7D92A4-643B-406F-B6C6-3C287765307B}" => Key deleted successfully.
HKCR\CLSID\{8E7D92A4-643B-406F-B6C6-3C287765307B} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD}" => Key deleted successfully.
HKCR\CLSID\{26B70011-EDBA-42B0-946D-D3C8C3B3D4DD} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
"HKU\S-1-5-21-700946862-2396066443-3623411621-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96f454ea-9d38-474f-b504-56193e00c1a5} => Key not found. 
HKCR\Wow6432Node\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96f454ea-9d38-474f-b504-56193e00c1a5} => Value not found.
HKCR\Wow6432Node\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => Key not found. 
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96F454EA-9D38-474F-B504-56193E00C1A5} => Value not found.
HKCR\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} => Key not found. 
HKU\S-1-5-21-700946862-2396066443-3623411621-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{96F454EA-9D38-474F-B504-56193E00C1A5} => value deleted successfully.
HKCR\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} => Key not found. 
C:\Users\Test\Downloads\FRST64 (1).exe => Should not be moved.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm" => Key deleted successfully.
"HKU\S-1-5-21-700946862-2396066443-3623411621-1010\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully.
C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp" => Key deleted successfully.
"C:\Users\Test\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob" => Key deleted successfully.
AntiLog32 => Service deleted successfully.
catchme => Service deleted successfully.
C:\Program Files (x86)\Conduit => Moved successfully.
"C:\Windows\Tasks\ASC7_SkipUac_Dan K.job" => File/Directory not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000005 => Deleted successfully.
Winsock: Catalog entry 000000000017 => Deleted successfully.
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\StartupFolder: => "Desktop Temperature Monitor.lnk" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\Run: => "uTorrent" => Value not found.
C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk => Moved successfully.
C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe not found.
C:\Users\Test\AppData\Roaming\VERIZON\UA_ar\UA.exe => Moved successfully.
C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk not found.
C:\Users\Test\AppData\Local\DesktopTemperature\DesktopTemperature.exe not found.
C:\Users\Test\AppData\Local\DesktopTemperature\DTWxSvc.dll => Moved successfully.
UrlFilter => Service not found.
FileMonitor => Service not found.
LiveUpdateSvc => Service deleted successfully.
AdvancedSystemCareService7 => Service deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found. 
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found. 
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => Value not found.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl => Moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll => Moved successfully.
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-700946862-2396066443-3623411621-1010\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-700946862-2396066443-3623411621-1010\...\StartupApproved\Run: => "Driver Support" => Value not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {3D2A207C-D0BD-454A-BED5-D091C3F53D79}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 161.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:25:31 ====
 
ADWCleaner:
 
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 16:38:54
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8  (x64)
# Username : Dan K - DAN
# Running from : C:\Users\Test\Downloads\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Users\Test\AppData\Local\Conduit
Folder Deleted : C:\Users\Test\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Test\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Test\AppData\Local\System_Alerts_LLC
Folder Deleted : C:\Users\Test\AppData\Local\DesktopTemperature
Folder Deleted : C:\Users\Test\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
Folder Deleted : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\DesktopTemperature.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\DesktopTemperature
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\Conduit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [7759 bytes] - [30/01/2015 13:14:00]
AdwCleaner[R1].txt - [3194 bytes] - [16/02/2015 14:37:57]
AdwCleaner[S0].txt - [3029 bytes] - [16/02/2015 16:38:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3088  bytes] ##########
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by Dan K on Mon 02/16/2015 at 16:50:12.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\DRIVER BOOSTER 2.TMP-9B1293D1.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Test\appdata\local\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 16:52:45.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 16 February 2015 - 06:06 PM

Hi DanK3509,

Thanks for the logs.

 

Step1:
 

Firefox cache cleaning:

https://support.mozilla.org/en-US/kb/how-clear-firefox-cache

 

Next >>

 

if required:

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
Mozilla Firefox 23.0.1
Mozilla Firefox 34.0.5

 

Firefox install:

https://www.mozilla.org/tr/firefox/new/

 

Step2:

 

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 DanK3509

DanK3509
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 February 2015 - 09:59 AM

Firefox is no longer on my laptop should I just skip to Step 2?



#10 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 18 February 2015 - 02:54 PM

If you do step 1, 2. Perform the steps.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 DanK3509

DanK3509
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 19 February 2015 - 01:01 PM

ComboFix 15-02-16.01 - Dan K 02/19/2015  12:14:40.2.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8081.5865 [GMT -5:00]
Running from: c:\users\Test\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-19 to 2015-02-19  )))))))))))))))))))))))))))))))
.
.
2015-02-19 17:21 . 2015-02-19 17:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\Test\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\Dank7663\AppData\Local\temp
2015-02-19 17:21 . 2015-02-19 17:21 -------- d-----w- c:\users\Dan K\AppData\Local\temp
2015-02-15 23:08 . 2015-02-16 19:25 -------- d-----w- C:\FRST
2015-02-15 17:47 . 2015-02-03 19:29 106440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-15 17:47 . 2015-02-03 19:29 714184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-07 04:14 . 2015-02-19 17:04 -------- d-----w- c:\users\Test\AppData\Local\Popcorn-Time
2015-02-07 04:13 . 2015-02-16 19:34 -------- d-----w- c:\users\Test\AppData\Local\Popcorn Time
2015-01-30 18:11 . 2015-02-16 21:38 -------- d-----w- C:\AdwCleaner
2015-01-28 04:41 . 2015-01-28 04:41 -------- d-----w- c:\users\Test\AppData\Local\ElevatedDiagnostics
2015-01-26 04:25 . 2015-01-28 04:54 -------- d-----w- c:\users\Test\AppData\Roaming\hpqlog
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 04:13 . 2014-11-13 00:13 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-26 00:37 . 2015-01-26 00:37 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2015-01-14 01:43 . 2013-03-20 01:03 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-26 16:31 . 2014-12-26 16:31 733184 ----a-w- c:\windows\system32\win32spl.dll
2014-12-26 16:31 . 2014-12-26 16:31 417280 ----a-w- c:\windows\system32\services.exe
2014-12-26 16:31 . 2014-12-26 16:31 1024512 ----a-w- c:\windows\system32\localspl.dll
2014-12-26 16:31 . 2012-07-26 07:24 2207744 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2014-12-26 16:31 . 2014-12-26 16:31 499008 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2014-12-26 16:14 . 2014-12-26 16:14 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-19 06:48 . 2015-01-14 01:28 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 04:35 . 2015-01-14 01:27 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 07:35 . 2015-01-14 01:27 6973248 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-12-11 06:51 . 2015-01-14 01:28 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-09 07:12 . 2014-12-17 00:05 590816 ----a-w- c:\windows\system32\AutoUpdate.exe
2014-12-09 07:12 . 2014-12-17 00:05 467408 ----a-w- c:\windows\system32\NotificationUI.exe
2014-12-07 22:20 . 2014-12-07 22:20 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-12-06 07:53 . 2015-01-14 01:27 26112 ----a-w- c:\windows\system32\WerFaultSecure.exe
2014-12-06 07:53 . 2015-01-14 01:27 458240 ----a-w- c:\windows\system32\wer.dll
2014-12-06 07:52 . 2015-01-14 01:28 72192 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 07:52 . 2015-01-14 01:28 357376 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 07:52 . 2015-01-14 01:28 384000 ----a-w- c:\windows\system32\ncsi.dll
2014-12-06 07:51 . 2015-01-14 01:27 370688 ----a-w- c:\windows\system32\Faultrep.dll
2014-12-06 07:51 . 2015-01-14 01:27 267264 ----a-w- c:\windows\system32\EncDump.dll
2014-12-06 07:50 . 2015-01-14 01:27 783872 ----a-w- c:\windows\system32\audiosrv.dll
2014-12-06 06:10 . 2015-01-14 01:27 23552 ----a-w- c:\windows\SysWow64\WerFaultSecure.exe
2014-12-06 06:10 . 2015-01-14 01:27 355840 ----a-w- c:\windows\SysWow64\wer.dll
2014-12-06 06:09 . 2015-01-14 01:28 55296 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 06:09 . 2015-01-14 01:27 332800 ----a-w- c:\windows\SysWow64\Faultrep.dll
2014-12-05 01:41 . 2014-12-10 00:41 740864 ----a-w- c:\windows\system32\invagent.dll
2014-12-05 01:41 . 2014-12-10 00:41 396288 ----a-w- c:\windows\system32\devinv.dll
2014-12-05 01:41 . 2014-12-10 00:41 830464 ----a-w- c:\windows\system32\appraiser.dll
2014-12-05 01:40 . 2014-12-10 00:41 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-03 01:48 . 2014-12-10 00:41 412672 ----a-w- c:\windows\system32\generaltel.dll
2014-12-03 01:48 . 2014-12-10 00:41 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-03 01:48 . 2014-12-10 00:41 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-11-27 02:40 . 2015-01-14 01:28 600576 ----a-w- c:\windows\system32\vbscript.dll
2014-11-27 01:28 . 2015-01-14 01:28 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-23 23:37 . 2014-11-23 23:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-22 01:03 . 2014-11-22 01:03 673792 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2014-11-22 01:03 . 2014-11-22 01:03 623616 ----a-w- c:\windows\system32\dnsapi.dll
2014-11-22 01:03 . 2014-11-22 01:03 513536 ----a-w- c:\windows\SysWow64\mfmpeg2srcsnk.dll
2014-11-22 01:03 . 2014-11-22 01:03 212992 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-11-22 01:03 . 2014-11-22 01:03 19764736 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-08 581024]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"VLCService"="c:\program files (x86)\VLC media player\VLCSvc.exe" [2014-09-28 240640]
"Ad Muncher"="c:\users\Test\Downloads\AdMunch.exe" [2014-10-12 595144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-12-10 2276656]
Fast Connect.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-12-10 2276656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ  
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
R4 Intel® Bluetooth Radio Management;Intel® Bluetooth Radio Management;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1506000.020\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SymELAM.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.005\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD02010.005\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150218.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150218.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RAMDiskVE;RAMDiskVE;c:\windows\System32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-15 02:32 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 04:13]
.
2015-02-19 c:\windows\Tasks\HPCeeScheduleForDan K.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-25 441152]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-18 1664000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-03-06 7763256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Test\AppData\Roaming\VERIZON\UA_ar\UA.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe
.
**************************************************************************
.
Completion time: 2015-02-19  12:33:51 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-19 17:33
ComboFix2.txt  2015-02-15 18:31
.
Pre-Run: 243,742,154,752 bytes free
Post-Run: 243,169,337,344 bytes free
.
- - End Of File - - DE246B672CD9DB1C3B7EF511F77CC29C


#12 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 19 February 2015 - 02:09 PM

Hi DanK3509,

Please do the following,
 
Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:
Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Good work.


Edited by olgun52, 19 February 2015 - 02:09 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 22 February 2015 - 08:17 AM

Hello DanK3509,
 
3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 DanK3509

DanK3509
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 23 February 2015 - 02:47 PM

I am going to continue I've just been really busy recently, I did the malwarebytes i just need to do the Eset scan.



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 23 February 2015 - 04:33 PM

Welcome Back! Thank you.

I wait to see Eset and malwarebytes logs.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users