Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Malware and Trojans!! Am I still infected? Help Please!!


  • This topic is locked This topic is locked
1 reply to this topic

#1 Magoo45

Magoo45

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeast US
  • Local time:06:52 PM

Posted 25 February 2015 - 11:12 AM

I started a thread 2 days ago, but it's useless now. I've changed so much since then, and I think I'm not allowed to edit that thread anymore I think I've gotten rid of the browser modifier, and then trojans started popping up. I've been running scans from MBAM, AVG, and Microst Malicious Removal for 2 days. I think I am still infected!! Can you please help me? What do I do?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2015
Ran by OWNER (administrator) on USER-PC on 25-02-2015 10:03:37
Running from C:\Users\OWNER\Desktop
Loaded Profiles: OWNER (Available profiles: OWNER & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
( ) C:\Windows\System32\dlbtcoms.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BingBar.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BingApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [%PROVIDERID%] => "bin\sprtcmd.exe" /P %PROVIDERID%
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\MountPoints2: {0a8120c3-9e68-11e4-8968-00265a7123aa} - J:\LaunchU3.exe -a
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\MountPoints2: {303bf314-2225-11e3-94b3-00265a7123aa} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\MountPoints2: {86313735-7c0e-11e1-b4d3-00265a7123aa} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\...\MountPoints2: {e72e2c58-3fc2-11e2-996e-00265a7123aa} - J:\ToolLauncher-Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3785711851-3304734716-2895360941-1001] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} URL = http://www.queryexplorer.com/?prt=QUERYEXPLORER193&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3785711851-3304734716-2895360941-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3785711851-3304734716-2895360941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\kre4y21a.default-1396974928892
FF DefaultSearchEngine: Norton Safe Search
FF SelectedSearchEngine: Norton Safe Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 dlbt_device; C:\Windows\system32\dlbtcoms.exe [538096 2007-06-06] ( )
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2002-10-14] (Lexmark International, Inc.)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-18] (Microsoft Corporation)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\Windows\System32\DRIVERS\dlkfet5b.sys [43008 2007-05-16] (D-Link                              ) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASDIFSV; \??\C:\Users\OWNER\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S3 SASENUM; \??\C:\Users\OWNER\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [X]
S1 SASKUTIL; \??\C:\Users\OWNER\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 10:03 - 2015-02-25 10:04 - 00014542 _____ () C:\Users\OWNER\Desktop\FRST.txt
2015-02-25 10:03 - 2015-02-25 10:03 - 00000000 ____D () C:\FRST
2015-02-25 10:02 - 2015-02-25 10:02 - 00009166 _____ () C:\Users\OWNER\Desktop\locked unscanned files.csv
2015-02-25 09:14 - 2015-02-25 09:14 - 00000104 _____ () C:\Users\OWNER\Desktop\Recycle Bin.lnk
2015-02-25 02:01 - 2015-02-25 02:01 - 00000919 _____ () C:\Users\OWNER\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 02:01 - 2015-02-25 02:01 - 00000862 _____ () C:\Users\OWNER\Desktop\AVG 2015.lnk
2015-02-24 17:40 - 2015-02-24 17:40 - 01126912 _____ (Farbar) C:\Users\OWNER\Desktop\FRST.exe
2015-02-24 15:37 - 2015-02-24 15:37 - 00000000 _____ () C:\null
2015-02-24 02:51 - 2015-02-24 03:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-23 15:03 - 2015-02-24 16:20 - 00000180 _____ () C:\Windows\system32\avgrep.txt
2015-02-23 05:30 - 2015-02-25 08:09 - 00000000 ____D () C:\Windows\pss
2015-02-23 05:26 - 2015-02-23 05:26 - 00000000 ____D () C:\Users\OWNER\AppData\Local\VirtualStore
2015-02-23 01:19 - 2015-02-24 18:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-22 15:19 - 2015-02-22 15:19 - 00000000 ____D () C:\Windows\Panther
2015-02-22 12:39 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-02-22 12:37 - 2015-02-22 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-22 12:37 - 2015-02-22 12:37 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-02-22 12:37 - 2015-02-22 12:37 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-02-22 12:37 - 2015-02-22 12:37 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-02-22 12:36 - 2015-02-22 12:36 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-02-22 12:34 - 2015-02-22 12:36 - 00002027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-02-22 12:31 - 2015-02-22 12:31 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-22 12:30 - 2015-02-22 12:40 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-21 23:27 - 2015-02-21 23:17 - 00146432 _____ (Oracle Corporation) C:\Windows\system32\javacpl.cpl
2015-02-21 21:43 - 2015-02-21 21:43 - 00000000 ____D () C:\Users\OWNER\AppData\Local\Windows Live
2015-02-21 21:43 - 2015-02-21 21:43 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2015-02-21 21:43 - 2009-08-04 02:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-02-21 21:31 - 2015-02-21 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-21 21:28 - 2015-02-21 21:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-21 19:44 - 2006-09-18 15:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150221-194452.backup
2015-02-21 16:36 - 2015-02-24 08:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-02-21 16:36 - 2015-02-23 12:21 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-15 10:15 - 2015-01-22 21:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 10:15 - 2015-01-22 20:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-14 14:24 - 2015-01-08 18:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 14:24 - 2014-11-25 20:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 14:23 - 2015-01-12 19:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-14 14:22 - 2015-01-14 22:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 14:22 - 2014-12-07 19:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-14 12:40 - 2007-11-14 15:18 - 00000553 _____ () C:\Windows\USetup.iss
2015-02-14 12:39 - 2015-02-14 12:39 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2015-02-14 12:39 - 2015-02-14 12:39 - 00315392 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2015-02-14 12:39 - 2015-02-14 12:39 - 00000000 ____D () C:\Program Files\Realtek
2015-02-14 12:39 - 2008-01-25 04:46 - 02158592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-02-14 12:39 - 2007-11-07 17:31 - 01191936 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlUpd.exe
2015-02-14 12:39 - 2007-07-26 17:09 - 00520192 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-02-14 12:39 - 2007-07-16 12:09 - 00064512 _____ (Creative Technology Ltd.) C:\Windows\system32\DaisyWrp.dll
2015-02-14 12:39 - 2007-07-16 12:09 - 00044032 _____ (Creative Technology Ltd) C:\Windows\system32\ppChain.dll
2015-02-14 12:39 - 2007-07-06 11:04 - 00532480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-14 12:39 - 2007-07-06 10:27 - 00017408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2015-02-14 12:39 - 2007-07-04 11:27 - 00524288 _____ (Creative Technology Ltd.) C:\Windows\system32\CTAPO32.dll
2015-02-14 12:39 - 2007-04-13 08:08 - 00135168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-14 12:36 - 2015-01-13 19:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 12:36 - 2015-01-13 19:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-14 12:36 - 2015-01-13 19:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 12:36 - 2015-01-13 19:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 12:36 - 2015-01-13 19:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 12:36 - 2015-01-13 19:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 12:36 - 2015-01-13 19:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 12:36 - 2015-01-13 19:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 12:36 - 2015-01-13 19:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 12:36 - 2015-01-13 19:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-14 12:36 - 2015-01-13 19:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 12:36 - 2015-01-13 19:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 12:36 - 2015-01-13 19:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-14 12:36 - 2015-01-13 19:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-14 12:36 - 2015-01-13 19:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 09:57 - 2014-04-08 11:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 09:26 - 2015-01-16 18:01 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-25 09:02 - 2007-09-18 06:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-25 09:02 - 2007-09-18 06:01 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-02-25 09:02 - 2007-09-18 05:43 - 01273058 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 08:43 - 2014-12-08 14:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 08:37 - 2014-12-08 14:39 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 08:11 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 08:11 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 08:11 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 02:43 - 2006-11-02 07:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 02:17 - 2012-04-01 09:29 - 00000000 ____D () C:\Users\OWNER\AppData\Local\SupportSoft
2015-02-25 02:17 - 2010-04-01 14:58 - 00000000 ____D () C:\Program Files\Common Files\supportsoft
2015-02-25 01:45 - 2012-03-28 09:42 - 00030720 _____ () C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-25 01:36 - 2006-11-02 06:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-25 01:35 - 2010-03-17 12:49 - 00000000 ____D () C:\Temp
2015-02-25 01:35 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2015-02-24 20:16 - 2007-09-18 06:04 - 00000000 ____D () C:\Program Files\Roxio
2015-02-24 19:05 - 2012-12-16 15:47 - 00000000 ____D () C:\Users\OWNER\AppData\Roaming\HpUpdate
2015-02-24 18:55 - 2014-02-02 15:02 - 00000000 ____D () C:\Users\OWNER\Desktop\New Folder (2)
2015-02-24 17:25 - 2013-04-13 10:52 - 00000000 ____D () C:\Users\OWNER\AppData\Local\CrashDumps
2015-02-24 03:45 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-23 22:12 - 2011-01-07 08:15 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 07:45 - 2007-09-18 06:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-23 07:45 - 2007-09-18 06:15 - 00000000 ____D () C:\Program Files\Adobe
2015-02-23 01:19 - 2006-11-02 05:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-22 15:12 - 2012-03-28 09:25 - 00000154 _____ () C:\Windows\wininit.ini
2015-02-22 12:45 - 2012-03-28 08:55 - 00000000 ____D () C:\Users\OWNER
2015-02-22 12:43 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2015-02-22 12:31 - 2006-11-02 05:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-21 23:30 - 2014-04-08 10:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-21 23:27 - 2007-09-18 05:59 - 00000000 ____D () C:\Program Files\Java
2015-02-21 23:27 - 2007-09-18 05:59 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-21 23:17 - 2014-12-25 10:29 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-21 23:17 - 2014-12-25 10:29 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-21 23:17 - 2014-12-25 10:29 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-21 23:17 - 2014-12-25 10:29 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-21 21:39 - 2014-04-08 11:10 - 00002451 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-21 21:02 - 2007-09-18 05:43 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-18 17:27 - 2015-01-16 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-16 15:07 - 2015-01-17 17:38 - 00000000 ____D () C:\Users\OWNER\AppData\Roaming\U3
2015-02-16 14:53 - 2012-12-16 15:49 - 00009556 _____ () C:\Users\OWNER\AppData\Roaming\wklnhst.dat
2015-02-14 16:14 - 2007-09-18 06:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-14 16:13 - 2012-03-28 08:57 - 00000000 ____D () C:\Users\OWNER\AppData\Roaming\Adobe
2015-02-14 14:30 - 2013-07-24 07:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 14:25 - 2006-11-02 04:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-14 12:38 - 2007-09-18 13:22 - 00000000 ____D () C:\DELL
2015-02-05 17:57 - 2014-04-08 11:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 17:57 - 2014-04-08 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-10-17 16:44 - 2013-10-17 16:44 - 50053120 _____ () C:\Program Files\GUTF9BA.tmp
2013-04-13 10:52 - 2013-04-13 10:52 - 0000000 _____ () C:\Users\OWNER\AppData\Roaming\PhotoPad.dmp
2012-12-16 15:49 - 2015-02-16 14:53 - 0009556 _____ () C:\Users\OWNER\AppData\Roaming\wklnhst.dat
2012-03-28 09:42 - 2015-02-25 01:45 - 0030720 _____ () C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-16 15:44 - 2012-12-16 15:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-26 16:02 - 2011-05-26 16:02 - 1079491 _____ () C:\ProgramData\SPL5659.tmp
2011-05-27 08:29 - 2011-05-27 08:29 - 1079491 _____ () C:\ProgramData\SPL7EA1.tmp
2011-05-25 12:48 - 2011-05-25 12:48 - 1079491 _____ () C:\ProgramData\SPL94BF.tmp
2011-05-24 13:36 - 2011-05-24 13:36 - 1079491 _____ () C:\ProgramData\SPLA6AA.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-25 08:17

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2015
Ran by OWNER at 2015-02-25 10:05:02
Running from C:\Users\OWNER\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{BBA8F374-46CC-4C97-A630-30DB52BB93F9}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version:  - NCH Software)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2015-02-21 19:44 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 
www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 
www.008k.com
127.0.0.1 008k.com
127.0.0.1 
www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 
www.032439.com
127.0.0.1 032439.com
127.0.0.1 
www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 
www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 
www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 
www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 
www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 
www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 
www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0778390D-6E6C-445D-9EB7-D21DB5A6BD80} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {27A369E4-4526-488F-AF0C-F97265654DD1} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {4B90F6FC-6FC0-44B1-9155-7E8A16C16B04} - System32\Tasks\{32367532-AC76-4F93-BC36-85339CC4AC08} => pcalua.exe -a "C:\Program Files\NCH Software\Doxillion\uninst.exe"
Task: {69746727-19B3-40EE-A4E4-1E3DBB339754} - System32\Tasks\{6CFC25C1-C11E-406C-9605-8168669F37CD} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {7C015333-B446-43BA-8C65-BE1DBD123217} - System32\Tasks\{0B4BB5B1-D5D3-4276-B73B-CE32E73A7215} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {8043A931-2DDC-4AF8-B930-82B36CA3882A} - System32\Tasks\NCH Software\DoxillionSevenDays => C:\Program Files\NCH Software\Doxillion\Doxillion.exe
Task: {C3EDC58E-CE0A-466C-AE5A-F2F3A09BABC9} - System32\Tasks\NCH Software\DoxillionReminder => C:\Program Files\NCH Software\Doxillion\Doxillion.exe
Task: {CEBE6A5D-932F-4922-951B-382E40344E4F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {DE94E9CA-9E99-45E6-8FD3-FB5020A53BA6} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {F330C815-9539-4579-86AE-8F291D74B04F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-20 18:23 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2012-12-20 18:23 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2012-12-20 18:23 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
2012-12-20 18:23 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3785711851-3304734716-2895360941-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DSBrokerService => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3

==================== Accounts: =============================

Administrator (S-1-5-21-3785711851-3304734716-2895360941-500 - Administrator - Disabled)
Guest (S-1-5-21-3785711851-3304734716-2895360941-501 - Limited - Enabled) => C:\Users\Guest
OWNER (S-1-5-21-3785711851-3304734716-2895360941-1001 - Administrator - Enabled) => C:\Users\OWNER

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
Description: D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: D-Link
Service: FETNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 09:45:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/25/2015 02:17:41 AM) (Source: MsiInstaller) (EventID: 11316) (User: User-PC)
Description: Product: Dell Support Center -- Error 1316.The specified account already exists.

Error: (02/25/2015 02:17:19 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell Support Center.; Hr = 0x80070422).

Error: (02/25/2015 02:17:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell Support Center.; Hr = 0x80070422).

Error: (02/24/2015 09:21:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: User-PC)
Description: Product: Dell Support Center -- Error 1316.The specified account already exists.

Error: (02/24/2015 09:20:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell Support Center.; Hr = 0x80070422).

Error: (02/24/2015 09:20:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell Support Center.; Hr = 0x80070422).

Error: (02/24/2015 09:04:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed SketchUp 8; Hr = 0x80070422).

Error: (02/24/2015 09:04:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed SketchUp 8; Hr = 0x80070422).

Error: (02/24/2015 08:14:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Internet Service Offers Launcher.; Hr = 0x80070422).

System errors:
=============
Error: (02/25/2015 10:05:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (02/25/2015 10:05:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Microsoft Office Sessions:
=========================
Error: (02/25/2015 09:45:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\DELL\drivers\R180772\Vista64\RAVCpl64.exe

Error: (02/25/2015 02:17:41 AM) (Source: MsiInstaller) (EventID: 11316) (User: User-PC)
Description: Product: Dell Support Center -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)

Error: (02/25/2015 02:17:19 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Dell Support Center.0x80070422

Error: (02/25/2015 02:17:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Dell Support Center.0x80070422

Error: (02/24/2015 09:21:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: User-PC)
Description: Product: Dell Support Center -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)

Error: (02/24/2015 09:20:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Dell Support Center.0x80070422

Error: (02/24/2015 09:20:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Dell Support Center.0x80070422

Error: (02/24/2015 09:04:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SketchUp 80x80070422

Error: (02/24/2015 09:04:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SketchUp 80x80070422

Error: (02/24/2015 08:14:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Internet Service Offers Launcher.0x80070422

CodeIntegrity Errors:
===================================
  Date: 2015-02-25 10:04:51.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:51.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:51.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:50.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:09.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:09.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:08.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:08.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:07.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-25 10:04:06.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 85%
Total physical RAM: 957.76 MB
Available physical RAM: 142.62 MB
Total Pagefile: 10922.32 MB
Available Pagefile: 9739.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:104.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1144C95E)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 


Edited by Magoo45, 25 February 2015 - 11:35 AM.


BC AdBot (Login to Remove)

 


m

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,679 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 28 February 2015 - 06:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users