Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected rootkit malware; lost fresh restore point; AVG returned when deleted.


  • This topic is locked This topic is locked
88 replies to this topic

#1 JohnSmithers1

JohnSmithers1

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 March 2015 - 01:54 PM

1. I followed the following steps last Friday:

 

Ccleaner

(in safe mode)

RKill

TDSSKiller

Malware bytes

RogueKiller

Junk Removal tool.

 

I then created a new restore point and deleted the rest.

 

I then used the AVG uninstall tool to remove this from my system.

 

2. All well but then yesterday I was asked by AVG to block a potential threat from a rogue email. Once I did then familiar symptoms returned (fan at high level and higher than normal memory use (from ~50% to 74-85%). I shut the computer down last night.

 

3. This morning I started it up again in the hope of resetting the restore point; but it had been deleted and replaced with a new one created at the time I shut the computer down the night before.

 

3. Today I redid all of step 1 again, but added a GMER and Farbar scan (in normal mode).

 

I have so far added both Farbar reports and the RogueKiller report. My GMER scan is too big.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 March 2015 - 01:56 PM

I should have said that this computer was bought due to a persistent challenge in my previous computer. I had of course forgot to keep both separated; they were attached at some point last week through USB. The other (older) computer is going through the same cleaning treatment I describe above. I thought best to deal with one of these for now, unless you think otherwise.

 

As a development, the other computer i refer to here has twice crashed GMER in windows normal mode, though it worked the first time in safe mode.

 

Patiently yours


Edited by JohnSmithers1, 06 March 2015 - 06:47 AM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 10 March 2015 - 01:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569182 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 11 March 2015 - 05:14 AM

Still looking for help. No change on issues. I am still not updating anything. I have a fresh scan but cannot locate an update button.



#5 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 12 March 2015 - 02:09 PM

Loss of battery power forced a reboot. Whirring fan is back and I've lost my restore point. :-(

 

Not looking good. :mellow:



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 15 March 2015 - 01:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 17 March 2015 - 03:07 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:30 PM

Posted 17 March 2015 - 06:16 PM

Greetings JohnSmithers1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would like to see a current FRST report. Please delete the program from your computer then do the following.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:30 PM

Posted 20 March 2015 - 08:47 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#10 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 20 March 2015 - 09:46 AM

My apologies. I never saw the email response until just now. I have read previous threads and appreciate how you all do this through the goodness of your heart. I will be extremely patient for this.

 

I should say that for teh next couple of days I am on the road and reception (internet) may be patchy. Please advise if I should only concentrate on fixing the computer or whether it is fine to run programs intermittently.

 

*******************

FRST

*******************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by new (administrator) on NEW-PC on 20-03-2015 14:42:40
Running from C:\Users\new\Desktop
Loaded Profiles: new (Available profiles: new)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\bin\nssm_x64.exe
() C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\manager\bin\nssm_x64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files\Java\jdk1.8.0_25\bin\java.exe
(Oracle Corporation) C:\Program Files\Java\jdk1.8.0_25\bin\java.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\new\AppData\Local\DesignBuilder\JobServer\DBJobServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(National Energy Services Ltd) C:\Program Files (x86)\National Energy Services Ltd\Nes one Uploadr Installer\NesOneUploadr.exe
(TeamViewer GmbH) C:\Users\new\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\new\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\new\AppData\Local\Temp\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(TeamViewer GmbH) C:\Users\new\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(DesignBuilder Software Ltd) C:\Users\new\AppData\Roaming\DesignBuilder\DesignBuilder.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\new\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DirectrecConfig.exe (OLYMPUS IMAGING CORP.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2352717689-74545041-1853139198-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2352717689-74545041-1853139198-1000 -> DefaultScope {B630F8D0-BC10-4D4C-9D91-E203709B2688} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2352717689-74545041-1853139198-1000 -> {1F523F38-6FA5-47F2-8E83-23ACE5876D4C} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=667671&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2352717689-74545041-1853139198-1000 -> {B630F8D0-BC10-4D4C-9D91-E203709B2688} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-13] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\yrb4ihck.default
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2352717689-74545041-1853139198-1000: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin HKU\S-1-5-21-2352717689-74545041-1853139198-1000: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll [2013-10-10] (eMusic.com)
FF Extension: ColorZilla - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\yrb4ihck.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-03-03]
FF Extension: Firebug - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\yrb4ihck.default\Extensions\firebug@software.joehewitt.com.xpi [2015-03-03]
FF Extension: Web Developer - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\yrb4ihck.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-03-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DBJobServer; C:\Users\new\AppData\Local\DesignBuilder\JobServer\DBJobServer.exe [552448 2014-01-07] () [File not signed]
R2 DM1Service; C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-10] (OLYMPUS IMAGING CORP.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174080 2012-02-12] (OLYMPUS IMAGING CORP.) [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WowzaStreamingEngine410; C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\bin\nssm_x64.exe [169984 2014-09-08] () [File not signed]
R2 WowzaStreamingEngineManager410; C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\manager\bin\nssm_x64.exe [169984 2014-09-08] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
S3 ta2m2avs; C:\Windows\System32\Drivers\ta2m2avs.sys [359120 2013-10-02] (Native Instruments GmbH)
S3 ta2m2usb_svc; C:\Windows\System32\Drivers\ta2m2usb.sys [74960 2013-10-02] (Native Instruments GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-05] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 14:42 - 2015-03-20 14:43 - 00016015 _____ () C:\Users\new\Desktop\FRST.txt
2015-03-20 14:40 - 2015-03-20 14:40 - 02095616 _____ (Farbar) C:\Users\new\Desktop\FRST64(1).exe
2015-03-20 12:46 - 2015-03-20 12:46 - 00000000 ____D () C:\Users\new\AppData\Roaming\TeamViewer
2015-03-20 12:45 - 2015-03-20 12:45 - 05318272 _____ (TeamViewer) C:\Users\new\Downloads\TeamViewerQS_en.exe
2015-03-20 09:58 - 2015-03-20 09:59 - 00000000 ____D () C:\Users\new\AppData\Roaming\DesignBuilder
2015-03-20 09:58 - 2015-03-20 09:58 - 00000000 ____D () C:\Users\new\AppData\Roaming\InstallShield Installation Information
2015-03-20 09:58 - 2008-07-24 11:46 - 00002544 _____ () C:\Windows\SysWOW64\pdf2image.lib
2015-03-20 09:58 - 2000-03-07 01:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2015-03-20 09:58 - 1999-04-23 23:22 - 00001312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsrc16.dll
2015-03-20 09:58 - 1996-08-24 12:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Rsrc32.dll
2015-03-20 09:57 - 2015-03-20 09:57 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DesignBuilder
2015-03-20 08:40 - 2015-03-20 08:40 - 02255519 _____ () C:\Users\new\Downloads\Supporting Documentation - Commercial Energy Assessor September 2014.zip
2015-03-20 08:32 - 2015-03-20 08:32 - 00002993 _____ () C:\Users\new\Desktop\NES one Uploadr.lnk
2015-03-20 08:32 - 2015-03-20 08:32 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NES
2015-03-20 08:32 - 2015-03-20 08:32 - 00000000 ____D () C:\Program Files (x86)\National Energy Services Ltd
2015-03-20 08:31 - 2015-03-20 08:31 - 00480248 _____ () C:\Users\new\Downloads\NesOneUploadrInstaller.zip
2015-03-20 07:50 - 2015-03-20 07:50 - 00498130 _____ () C:\Users\new\Downloads\CEA
2015-03-20 07:49 - 2015-03-20 07:49 - 03151075 _____ () C:\Users\new\Downloads\Sample
2015-03-20 07:49 - 2015-03-20 07:49 - 00221046 _____ () C:\Users\new\Downloads\How
2015-03-14 18:40 - 2015-03-14 18:40 - 00000623 _____ () C:\Users\new\Desktop\JRT.txt
2015-03-14 18:33 - 2015-03-14 18:33 - 01388333 _____ (Thisisu) C:\Users\new\Downloads\JRT.exe
2015-03-14 17:08 - 2015-03-20 13:19 - 00027639 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 17:04 - 2015-03-20 09:51 - 00001256 _____ () C:\Windows\setupact.log
2015-03-14 17:04 - 2015-03-14 17:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 02:33 - 2015-03-06 02:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 17:44 - 2015-03-20 14:42 - 00000000 ____D () C:\FRST
2015-03-05 17:43 - 2015-03-05 17:43 - 02092544 _____ (Farbar) C:\Users\new\Downloads\FRST64.exe
2015-03-05 13:29 - 2015-03-05 13:29 - 00380416 _____ () C:\Users\new\Downloads\zbkbj5sb.exe
2015-03-05 11:57 - 2015-03-05 11:58 - 15568472 _____ () C:\Users\new\Downloads\RogueKiller.exe
2015-03-05 11:56 - 2015-03-05 11:56 - 10674930 _____ () C:\Users\new\Downloads\RogueKillerX64.exe
2015-03-05 11:49 - 2015-03-17 21:13 - 00000000 ____D () C:\Users\new\Documents\Tech
2015-03-05 11:48 - 2015-03-05 11:48 - 00000464 _____ () C:\Users\Local Disk © - Shortcut.lnk
2015-03-05 09:19 - 2015-03-05 09:19 - 00380416 _____ () C:\Users\new\Downloads\bssjgcd5.exe
2015-03-04 15:37 - 2015-03-04 15:38 - 00000000 ____D () C:\Users\new\Downloads\JAVS_1.4.3
2015-03-04 15:36 - 2015-03-04 15:36 - 01993161 _____ () C:\Users\new\Downloads\JAVS_1.4.3.rar
2015-03-04 14:05 - 2015-03-04 14:05 - 06208736 _____ (Tim Kosse) C:\Users\new\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-04 12:30 - 2015-03-04 12:30 - 00000000 ____D () C:\Users\new\Downloads\phpshield.loaders.windows
2015-03-04 12:26 - 2015-03-04 12:27 - 00172561 _____ () C:\Users\new\Desktop\phpshield.loaders.windows.zip
2015-03-03 21:49 - 2015-03-03 21:49 - 00000000 ____D () C:\Users\new\Desktop\Template
2015-03-03 15:46 - 2015-03-03 15:46 - 08548654 _____ () C:\Users\new\Downloads\johndyer-mediaelement-2.16.4-0-gceeb1a7.zip
2015-03-03 00:11 - 2015-03-03 00:11 - 00249668 _____ () C:\Users\new\Downloads\clcontct.zip
2015-03-03 00:10 - 2015-03-03 00:10 - 00105209 _____ () C:\Users\new\Downloads\CaseProjectManager.zip
2015-03-02 18:17 - 2015-03-02 18:17 - 02125114 _____ () C:\Users\new\Desktop\201503021817.zip
2015-03-02 10:25 - 2015-03-02 10:14 - 02008601 _____ () C:\Users\new\Desktop\201503021025HybOn.zip
2015-03-02 00:25 - 2015-03-02 00:24 - 01471800 _____ () C:\Users\new\Desktop\201503020015.zip
2015-03-02 00:16 - 2015-03-02 00:16 - 01941497 _____ () C:\Users\new\Desktop\201503012350Report.zip
2015-03-01 21:35 - 2015-03-14 17:10 - 00002628 _____ () C:\Users\new\Desktop\Rkill.txt
2015-02-28 11:39 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-28 11:31 - 2015-02-28 11:31 - 00000000 ____D () C:\Windows\CheckSur
2015-02-28 11:29 - 2015-02-28 11:33 - 00000000 ____D () C:\Program Files\UltraDefrag
2015-02-28 11:29 - 2015-02-28 11:29 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2015-02-28 11:26 - 2015-02-28 11:26 - 00695443 _____ (UltraDefrag Development Team) C:\Users\new\Downloads\ultradefrag-6.0.4.bin.amd64.exe
2015-02-27 17:20 - 2015-03-20 14:23 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
2015-02-27 14:33 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-27 14:33 - 2014-05-08 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-02-27 14:32 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-27 14:32 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-27 13:21 - 2015-03-05 11:58 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-27 13:21 - 2015-02-27 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-27 13:00 - 2015-02-27 13:00 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-27 12:55 - 2015-02-27 12:56 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\new\Downloads\rkill.exe
2015-02-27 12:51 - 2015-02-27 12:51 - 05325696 _____ (Piriform Ltd) C:\Users\new\Downloads\ccsetup503.exe
2015-02-26 15:51 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-26 15:51 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-26 15:51 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-26 15:51 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-26 15:51 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-26 15:51 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-26 15:51 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-26 15:51 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-26 15:51 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-26 15:51 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-26 15:51 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-26 15:51 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-26 15:51 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-26 15:51 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-26 15:51 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-26 15:50 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-26 15:50 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-26 15:50 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-26 15:50 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-02-26 11:33 - 2015-03-14 17:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 11:33 - 2015-02-26 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 11:33 - 2015-02-26 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 11:33 - 2015-02-26 11:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 11:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 11:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 11:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 11:31 - 2015-02-26 11:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\new\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-26 11:25 - 2015-02-26 11:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-26 11:21 - 2015-02-26 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\new\Downloads\revosetup.exe
2015-02-26 08:34 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 08:34 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 21:15 - 2015-02-25 21:15 - 00000000 ____D () C:\Windows\pss
2015-02-25 21:13 - 2015-02-25 21:13 - 00347816 _____ (Microsoft Corporation) C:\Users\new\Downloads\MicrosoftFixit.Performance.Run.exe
2015-02-25 18:40 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 18:40 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 18:40 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 18:40 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 11:38 - 2015-02-25 11:39 - 06372800 _____ (Tim Kosse) C:\Users\new\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-25 11:29 - 2015-02-25 11:29 - 00279421 _____ () C:\Users\new\Downloads\com_allvideoshare_2.3.0.zip
2015-02-24 23:48 - 2015-02-25 00:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-24 23:48 - 2015-02-24 23:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-24 23:48 - 2015-02-24 23:48 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-24 23:48 - 2015-02-24 23:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-24 23:48 - 2015-02-24 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-24 23:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-24 23:45 - 2015-02-24 23:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\new\Downloads\spybot-2.4.exe
2015-02-24 22:47 - 2015-02-24 22:47 - 11429204 _____ () C:\Users\new\Desktop\Krafty Kuts Feel Like Jumpin.m4a
2015-02-24 22:39 - 2015-02-24 22:41 - 37434543 _____ () C:\Users\new\Desktop\Krafty Kuts - Children Of The Night.mp4
2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-19 09:05 - 2015-02-19 09:05 - 08128620 _____ () C:\Users\new\Desktop\The Hook Operator   'Pyromaniac Jack'.m4a
2015-02-18 22:14 - 2015-02-18 22:14 - 05365504 _____ (eMusic, Inc.) C:\Users\new\Downloads\emusic_setup_standalone.exe
2015-02-18 22:14 - 2015-02-18 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMusic Download Manager
2015-02-18 22:14 - 2015-02-18 22:14 - 00000000 ____D () C:\Program Files (x86)\eMusic Download Manager
2015-02-18 17:37 - 2015-03-14 16:57 - 00000000 ____D () C:\Users\new\Desktop\Tech

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 14:28 - 2014-10-09 08:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 14:25 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\new\AppData\Local\DesignBuilder
2015-03-20 14:25 - 2014-10-08 19:05 - 00000000 ____D () C:\ProgramData\DesignBuilder
2015-03-20 11:34 - 2014-10-09 00:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-20 10:59 - 2014-10-08 19:05 - 00000000 ____D () C:\Users\new\Documents\DesignBuilder Data
2015-03-20 09:59 - 2009-07-14 04:45 - 00029152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 09:59 - 2009-07-14 04:45 - 00029152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 09:57 - 2014-10-08 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignBuilder
2015-03-20 09:51 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 09:48 - 2014-10-08 19:00 - 00000000 ____D () C:\Program Files (x86)\DesignBuilder
2015-03-19 17:40 - 2009-07-14 05:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 18:33 - 2014-10-08 14:44 - 00000000 ____D () C:\Users\new\Documents\MainDataStick
2015-03-16 17:34 - 2014-11-18 22:57 - 00000000 ___RD () C:\Users\new\Dropbox
2015-03-16 17:34 - 2014-11-18 22:51 - 00000000 ____D () C:\Users\new\AppData\Roaming\Dropbox
2015-03-16 13:33 - 2014-10-07 21:18 - 00000000 ____D () C:\Users\new\AppData\Roaming\ViberPC
2015-03-16 13:32 - 2014-10-07 21:17 - 00000000 ____D () C:\Users\new\AppData\Local\Viber
2015-03-14 16:43 - 2015-01-20 03:40 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 16:30 - 2014-11-18 22:57 - 00001009 _____ () C:\Users\new\Desktop\Dropbox.lnk
2015-03-14 16:30 - 2014-11-18 22:56 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-13 15:46 - 2014-10-08 21:32 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-12 14:36 - 2014-12-24 12:56 - 00000000 ____D () C:\Users\new\Desktop\Tor Browser
2015-03-11 15:39 - 2014-10-23 08:11 - 00000000 ____D () C:\Users\new\Documents\Workprogramme
2015-03-10 00:23 - 2014-11-17 03:18 - 00000000 ____D () C:\Program Files\TrueCrypt
2015-03-07 10:07 - 2015-01-07 04:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-04 23:03 - 2014-10-13 23:04 - 00000000 ____D () C:\Users\new\AppData\Roaming\FileZilla
2015-03-04 14:07 - 2014-10-13 23:04 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-04 14:07 - 2014-10-13 23:04 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-03-03 18:57 - 2014-11-13 23:46 - 00000000 ____D () C:\Users\new\.freemind
2015-03-03 13:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-03-03 00:07 - 2014-09-27 20:59 - 00000000 ____D () C:\Users\new\AppData\Local\VirtualStore
2015-03-01 14:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-27 13:40 - 2014-10-18 12:33 - 00000000 ____D () C:\Users\new\AppData\Roaming\uTorrent
2015-02-27 13:38 - 2014-09-28 05:20 - 00000000 ____D () C:\Windows\Panther
2015-02-26 16:13 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-26 16:09 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-26 15:49 - 2014-10-27 01:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-26 09:40 - 2009-07-14 05:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-26 08:51 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 08:32 - 2014-12-25 10:38 - 00000000 ____D () C:\Users\new\AppData\Roaming\Skype
2015-02-25 14:57 - 2014-10-09 12:09 - 00000000 ____D () C:\Users\new\AppData\Local\Windows Live
2015-02-25 10:17 - 2014-10-09 00:46 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-25 10:17 - 2014-10-09 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2014-10-10 13:11 - 2014-10-10 13:11 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 02:15

==================== End Of Log ============================

 

**************************

Addition

**************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by new at 2015-03-20 14:44:08
Running from C:\Users\new\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2352717689-74545041-1853139198-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Fireworks CS5 (HKLM-x32\...\{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Brother MFL-Pro Suite DCP-J552DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cross DJ LE 2.0.2 (HKLM-x32\...\MixVibes Cross DJ LE 2.0.2) (Version: 2.0.2 - MixVibes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignBuilder (HKU\S-1-5-21-2352717689-74545041-1853139198-1000\...\{9C306D70-8A6C-11D5-8CDF-00D0B78FC575}) (Version: 4.2.0.054 - )
DJI Phantom 2 Vision Assistant version 3.2 (HKLM-x32\...\{C607E958-CE1D-478F-B0EB-8A55D2C95563}_is1) (Version: 3.2 - DJI)
Dropbox (HKU\S-1-5-21-2352717689-74545041-1853139198-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eMusic Download Manager 4.1.4 (HKLM-x32\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.4 - emusic.com)
FileZilla Client 3.10.2 (HKU\S-1-5-21-2352717689-74545041-1853139198-1000\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
InSync (HKLM-x32\...\{7E2CADA4-6B19-4D9A-9C9A-E9FA3B1B5EDD}) (Version: 5.1.56.0 - Emdat)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKV Player 2.1.17 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{916D6512-97A8-470D-AEC8-53A1654E74BF}) (Version: 6.2.3 - Oracle Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Nes one Uploadr Installer (HKLM-x32\...\{A06BDBC4-75EB-4F6D-9855-C6237AFC6471}) (Version: 1.0.0 - National Energy Services Ltd)
Olympus DSS Player (HKLM-x32\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Viber (HKU\S-1-5-21-2352717689-74545041-1853139198-1000\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wowza Streaming Engine 4.1.0 (HKLM-x32\...\{2EFCC870-83B9-46F1-BDF8-1FA3F18CF271}) (Version: 4.1.0 - Wowza Media Systems)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
Yodot Zip Repair (HKLM-x32\...\{2A08164E-8A35-4143-8269-07840A7966BD}_is1) (Version: 1.0.0.11 - Yodot Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2352717689-74545041-1853139198-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\new\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2015-03-05 12:03 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0366B5E1-588B-441A-9DD7-5B8E6B7CC1B3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {341323AC-55DD-4C4C-8BF3-341BD07720BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {3500BDD7-5A9C-4D86-8330-96E00B0DDD92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {782D0101-054F-45E8-A05E-260861FFDF6B} - System32\Tasks\AdobeAAMUpdater-1.0-new-PC-new => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {ABD12DFC-34B0-4821-AD24-D2F663F2D2DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E7F39FBC-78DA-4858-9303-C77508B55B16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F92251DD-EAAD-4DFF-81BB-B6A914881EAB} - System32\Tasks\{9B78AD1D-E990-4120-BF28-30CB7541E26E} => pcalua.exe -a C:\Users\new\Downloads\jre-8u25-windows-i586-iftw.exe -d C:\Users\new\Downloads
Task: {FF2CF3F1-0D70-4BB8-A56B-000345804222} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-17 04:35 - 2014-09-08 01:34 - 00169984 _____ () C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\bin\nssm_x64.exe
2014-11-17 04:35 - 2014-09-08 01:34 - 00169984 _____ () C:\Program Files (x86)\Wowza Media Systems\Wowza Streaming Engine 4.1.0\manager\bin\nssm_x64.exe
2015-03-02 14:43 - 2015-03-02 14:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-31 12:24 - 2013-10-31 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-07 15:44 - 2014-01-07 15:44 - 00552448 _____ () C:\Users\new\AppData\Local\DesignBuilder\JobServer\DBJobServer.exe
2014-10-17 18:09 - 2014-10-17 18:09 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2014-10-02 14:03 - 2011-01-12 16:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll
2015-03-20 09:58 - 2006-02-13 12:02 - 00663552 _____ () C:\Users\new\AppData\Roaming\DesignBuilder\Lib\tx12.dll
2015-03-20 09:58 - 2014-09-23 20:09 - 00073728 _____ () C:\Users\new\AppData\Roaming\DesignBuilder\Lib\DBLicenceManager.dll
2015-03-20 09:58 - 2014-09-23 20:09 - 00675328 _____ () C:\Users\new\AppData\Roaming\DesignBuilder\Lib\3TC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A0409AF5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2352717689-74545041-1853139198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\new\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: tvnserver => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: InSync 5 => C:\Program Files (x86)\InSync\InSync.exe
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave

==================== Accounts: =============================

Administrator (S-1-5-21-2352717689-74545041-1853139198-500 - Administrator - Disabled)
Guest (S-1-5-21-2352717689-74545041-1853139198-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2352717689-74545041-1853139198-1002 - Limited - Enabled)
new (S-1-5-21-2352717689-74545041-1853139198-1000 - Administrator - Enabled) => C:\Users\new

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 02:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dreamweaver.exe version 11.0.0.4909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 103c

Start Time: 01d0630d2169241f

Termination Time: 36

Application Path: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe

Report Id: bd959a87-cf0c-11e4-9c17-101f74ed8777

Error: (03/20/2015 02:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dreamweaver.exe version 11.0.0.4909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 340

Start Time: 01d062f736f90264

Termination Time: 110

Application Path: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe

Report Id: aa193878-cf0c-11e4-9c17-101f74ed8777

Error: (03/20/2015 02:22:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DesignBuilder.exe, version: 1.0.0.0, time stamp: 0x5421d2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x734b4f11
Faulting process id: 0x7ec
Faulting application start time: 0xDesignBuilder.exe0
Faulting application path: DesignBuilder.exe1
Faulting module path: DesignBuilder.exe2
Report Id: DesignBuilder.exe3

Error: (03/20/2015 09:46:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wlmail.exe version 16.4.3528.331 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12d4

Start Time: 01d05fd1e240f907

Termination Time: 240

Application Path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

Report Id: f5de485e-cee5-11e4-ae19-101f74ed8777

Error: (03/19/2015 06:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DesignBuilder.exe, version: 1.0.0.0, time stamp: 0x5421d2c0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e066
Faulting process id: 0x10fc
Faulting application start time: 0xDesignBuilder.exe0
Faulting application path: DesignBuilder.exe1
Faulting module path: DesignBuilder.exe2
Report Id: DesignBuilder.exe3

Error: (03/19/2015 03:47:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPScan.exe version 28.0.1315.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1298

Start Time: 01d0625b77ea77fd

Termination Time: 27

Application Path: C:\Program Files (x86)\HP\HP Photosmart 6520 series\bin\HPScan.exe

Report Id:

Error: (03/19/2015 10:52:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.1.5542, time stamp: 0x54f851c0
Faulting module name: mozalloc.dll, version: 36.0.1.5542, time stamp: 0x54f8437e
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x1bcc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/18/2015 03:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DesignBuilder.exe, version: 1.0.0.0, time stamp: 0x5421d2c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75024f11
Faulting process id: 0x1968
Faulting application start time: 0xDesignBuilder.exe0
Faulting application path: DesignBuilder.exe1
Faulting module path: DesignBuilder.exe2
Report Id: DesignBuilder.exe3

Error: (03/16/2015 05:16:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/16/2015 02:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPScan.exe version 28.0.1315.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c88

Start Time: 01d05ff9096aa6fd

Termination Time: 33

Application Path: C:\Program Files (x86)\HP\HP Photosmart 6520 series\bin\HPScan.exe

Report Id:


System errors:
=============
Error: (03/20/2015 10:11:18 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (03/19/2015 05:16:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.

Error: (03/19/2015 05:16:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.

Error: (03/19/2015 05:16:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.

Error: (03/19/2015 05:16:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.

Error: (03/18/2015 03:10:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/18/2015 10:41:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (03/18/2015 10:41:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (03/18/2015 10:41:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (03/16/2015 05:33:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.


Microsoft Office Sessions:
=========================
Error: (03/20/2015 02:24:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Dreamweaver.exe11.0.0.4909103c01d0630d2169241f36C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exebd959a87-cf0c-11e4-9c17-101f74ed8777

Error: (03/20/2015 02:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Dreamweaver.exe11.0.0.490934001d062f736f90264110C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exeaa193878-cf0c-11e4-9c17-101f74ed8777

Error: (03/20/2015 02:22:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DesignBuilder.exe1.0.0.05421d2c0unknown0.0.0.000000000c000041d734b4f117ec01d062f562602335C:\Users\new\AppData\Roaming\DesignBuilder\DesignBuilder.exeunknown964f9fe1-cf0c-11e4-9c17-101f74ed8777

Error: (03/20/2015 09:46:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wlmail.exe16.4.3528.33112d401d05fd1e240f907240C:\Program Files (x86)\Windows Live\Mail\wlmail.exef5de485e-cee5-11e4-ae19-101f74ed8777

Error: (03/19/2015 06:15:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DesignBuilder.exe1.0.0.05421d2c0ntdll.dll6.1.7601.18247521ea8e7c00000050002e06610fc01d061904a3e26fcC:\Program Files (x86)\DesignBuilder\DesignBuilder.exeC:\Windows\SysWOW64\ntdll.dlledd7aa83-ce63-11e4-ae19-101f74ed8777

Error: (03/19/2015 03:47:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPScan.exe28.0.1315.0129801d0625b77ea77fd27C:\Program Files (x86)\HP\HP Photosmart 6520 series\bin\HPScan.exe

Error: (03/19/2015 10:52:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e021bcc01d0617220551ee2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll05c58c85-ce26-11e4-ae19-101f74ed8777

Error: (03/18/2015 03:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DesignBuilder.exe1.0.0.05421d2c0unknown0.0.0.000000000c000041d75024f11196801d05fe2053292ddC:\Program Files (x86)\DesignBuilder\DesignBuilder.exeunknown6ebb174d-cd83-11e4-ae19-101f74ed8777

Error: (03/16/2015 05:16:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (03/16/2015 02:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPScan.exe28.0.1315.01c8801d05ff9096aa6fd33C:\Program Files (x86)\HP\HP Photosmart 6520 series\bin\HPScan.exe


==================== Memory info ===========================

Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 70%
Total physical RAM: 4006.36 MB
Available physical RAM: 1164.12 MB
Total Pagefile: 8010.91 MB
Available Pagefile: 4101.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:32.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C8A61BDF)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:30 PM

Posted 20 March 2015 - 11:39 AM

Greetings and welcome. There are a variety of strange entries in your log. Do you recognize these at all?
 

2015-03-05 13:29 - 2015-03-05 13:29 - 00380416 _____ () C:\Users\new\Downloads\zbkbj5sb.exe
2015-03-05 09:19 - 2015-03-05 09:19 - 00380416 _____ () C:\Users\new\Downloads\bssjgcd5.exe
2015-03-04 15:37 - 2015-03-04 15:38 - 00000000 ____D () C:\Users\new\Downloads\JAVS_1.4.3
2015-03-04 15:36 - 2015-03-04 15:36 - 01993161 _____ () C:\Users\new\Downloads\JAVS_1.4.3.rar
2015-03-03 00:11 - 2015-03-03 00:11 - 00249668 _____ () C:\Users\new\Downloads\clcontct.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#12 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 21 March 2015 - 04:04 AM

Hi

 

As I said the internet will be intermittant so apologies for the time delay.

 

I don't recognise those scripts.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:30 PM

Posted 21 March 2015 - 07:30 AM

Thanks for the information.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
2015-03-05 13:29 - 2015-03-05 13:29 - 00380416 _____ () C:\Users\new\Downloads\zbkbj5sb.exe
2015-03-05 09:19 - 2015-03-05 09:19 - 00380416 _____ () C:\Users\new\Downloads\bssjgcd5.exe
2015-03-04 15:37 - 2015-03-04 15:38 - 00000000 ____D () C:\Users\new\Downloads\JAVS_1.4.3
2015-03-04 15:36 - 2015-03-04 15:36 - 01993161 _____ () C:\Users\new\Downloads\JAVS_1.4.3.rar
2015-03-03 00:11 - 2015-03-03 00:11 - 00249668 _____ () C:\Users\new\Downloads\clcontct.zip
AlternateDataStreams: C:\ProgramData\TEMP:A0409AF5
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
uwldqpow
:regfind
uwldqpow
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#14 JohnSmithers1

JohnSmithers1
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 21 March 2015 - 01:22 PM

1. Uninstalled utorrent

 

2. Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by new at 2015-03-21 18:06:49 Run:1
Running from C:\Users\new\Desktop
Loaded Profiles: new (Available profiles: new)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
2015-03-05 13:29 - 2015-03-05 13:29 - 00380416 _____ () C:\Users\new\Downloads\zbkbj5sb.exe
2015-03-05 09:19 - 2015-03-05 09:19 - 00380416 _____ () C:\Users\new\Downloads\bssjgcd5.exe
2015-03-04 15:37 - 2015-03-04 15:38 - 00000000 ____D () C:\Users\new\Downloads\JAVS_1.4.3
2015-03-04 15:36 - 2015-03-04 15:36 - 01993161 _____ () C:\Users\new\Downloads\JAVS_1.4.3.rar
2015-03-03 00:11 - 2015-03-03 00:11 - 00249668 _____ () C:\Users\new\Downloads\clcontct.zip
AlternateDataStreams: C:\ProgramData\TEMP:A0409AF5
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
C:\Users\new\Downloads\zbkbj5sb.exe => Moved successfully.
C:\Users\new\Downloads\bssjgcd5.exe => Moved successfully.
C:\Users\new\Downloads\JAVS_1.4.3 => Moved successfully.
C:\Users\new\Downloads\JAVS_1.4.3.rar => Moved successfully.
C:\Users\new\Downloads\clcontct.zip => Moved successfully.
C:\ProgramData\TEMP => ":A0409AF5" ADS removed successfully.

==== End of Fixlog 18:06:51 ====

 

3. Systemlook

 

SystemLook 30.07.11 by jpshortstuff
Log created at 18:15 on 21/03/2015 by new
Administrator - Elevation successful

========== filefind ==========

Searching for "uwldqpow"
No files found.

========== regfind ==========

Searching for "uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UWLDQPOW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UWLDQPOW\0000]
"Service"="uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UWLDQPOW\0000]
"DeviceDesc"="uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UWLDQPOW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UWLDQPOW\0000]
"Service"="uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UWLDQPOW\0000]
"DeviceDesc"="uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UWLDQPOW]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UWLDQPOW\0000]
"Service"="uwldqpow"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UWLDQPOW\0000]
"DeviceDesc"="uwldqpow"

-= EOF =-

***********************************

 

Thanks



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:30 PM

Posted 21 March 2015 - 03:25 PM

Thank you, this is our next step.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see
  • Copy and paste the following into the white box:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UWLDQPOW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UWLDQPOW]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UWLDQPOW]

  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users