Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZOMBIE NEWS- Malware


  • This topic is locked This topic is locked
26 replies to this topic

#1 suez6

suez6

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 12 March 2015 - 09:03 AM

My antivirus detected a malware zombie news. Even after uninstalling it, my anti-virus keeps detecting files which it's unable to remove.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 12 March 2015 - 11:41 AM


 Hello suez6 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

-------------------------------------------------------------------------------------------------------------------------------

Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

Good day  :hello:

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 12 March 2015 - 01:24 PM

hi,
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 10.71.2
Run by sue at 23:46:10 on 2015-03-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.6051.1780 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\QlJTmt\hLgRxZASduw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\QlJTmt\dat\CHzYvqt.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
uRun: [Facebook Update] "C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Google Update] "C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Daily Kural] C:\Program Files (x86)\Daily Kural\Kural.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [GoogleChromeAutoLaunch_10F7407D9E7ABA30BA67FD388C333243] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify] "C:\Users\sue\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [gmsd_us_43] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\2435E4C4021435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\C4641463458464C4 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\E4544574541425022435E4C4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F4B04A72-FC4A-4369-BA15-CD6BB99B4193} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [NVHotkey] rundll32.exe C:\windows\System32\nvHotkey.dll,Start
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2015-3-11 84536]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-8-19 25960]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-8-19 55856]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-11-17 46368]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2015-3-11 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-11-11 177864]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-19 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-8-19 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2010-12-18 53920]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 hLgRxZASduw;hLgRxZASduw;C:\ProgramData\QlJTmt\hLgRxZASduw.exe [2014-12-29 2726256]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-19 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-19 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-27 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-30 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-19 2655768]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2010-12-18 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2010-12-18 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2010-12-18 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2010-12-18 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2010-12-18 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2010-12-18 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2010-12-18 275616]
R3 BthMtpEnum;Bluetooth MTP Device Enumerator;C:\windows\System32\drivers\BthMtpEnum.sys [2009-7-14 64512]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-8-19 176096]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2014-8-10 86016]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-19 406632]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 0236851423240833mcinstcleanup;McAfee Application Installer Cleanup (0236851423240833);C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog --> C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2014-8-10 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\System32\drivers\ewusbwwan.sys [2014-8-10 421376]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-1-7 1910640]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-19 250984]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-11-15 155824]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-03-12 15:42:03 -------- d-----w- C:\Users\sue\AppData\Local\ZombieNews
2015-03-12 11:00:21 -------- d-----w- C:\AdwCleaner
2015-03-11 16:27:55 64856 ----a-w- C:\windows\System32\klfphc.dll
2015-03-11 16:25:57 66616 ----a-w- C:\windows\System32\drivers\CSVirtualDiskDrv.sys
2015-03-11 16:25:54 84536 ----a-w- C:\windows\System32\drivers\CSCrySec.sys
2015-03-11 16:25:24 -------- d-----w- C:\windows\ELAMBKUP
2015-03-11 16:25:20 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2015-03-11 16:25:03 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2015-03-11 12:06:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2015-03-11 12:06:03 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2015-03-11 08:42:48 41984 ----a-w- C:\windows\System32\lpk.dll
2015-03-11 08:34:33 215552 ----a-w- C:\windows\System32\ubpm.dll
2015-03-11 08:34:33 171520 ----a-w- C:\windows\SysWow64\ubpm.dll
2015-03-11 08:33:40 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E746BD4E-E8C0-4634-BC44-7F21D1FAF56D}\mpengine.dll
2015-03-11 08:24:34 828928 ----a-w- C:\windows\SysWow64\msctf.dll
2015-03-11 08:24:34 1067520 ----a-w- C:\windows\System32\msctf.dll
2015-03-11 08:24:33 1424896 ----a-w- C:\windows\System32\WindowsCodecs.dll
2015-03-11 08:24:33 1230848 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2015-03-11 08:24:32 3204096 ----a-w- C:\windows\System32\win32k.sys
2015-03-11 08:18:03 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2015-03-11 08:18:03 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2015-03-04 01:24:59 950272 ----a-w- C:\windows\System32\perftrack.dll
2015-03-04 01:24:59 91136 ----a-w- C:\windows\System32\wdi.dll
2015-03-04 01:24:59 76800 ----a-w- C:\windows\SysWow64\wdi.dll
2015-03-04 01:24:59 29696 ----a-w- C:\windows\System32\powertracker.dll
2015-02-20 17:30:19 -------- d-----w- C:\Users\sue\AppData\Local\Halfbrick
2015-02-20 17:29:41 -------- d-----w- C:\Users\sue\AppData\Local\Intel
2015-02-20 17:28:11 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2015-02-20 12:57:15 -------- d-----w- C:\Users\sue\AppData\Roaming\EncryptStick
2015-02-18 06:28:54 -------- d-----w- C:\Users\sue\AppData\Local\WinZip
2015-02-18 04:17:58 17323192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 17:27:48 -------- d-----w- C:\Users\sue\AppData\Roaming\Kingosoft
2015-02-17 17:27:48 -------- d-----w- C:\Users\sue\AppData\Local\Kingosoft
2015-02-17 17:27:45 -------- d-----w- C:\Program Files (x86)\Kingo ROOT
2015-02-17 17:15:12 -------- d-----w- C:\Users\sue\AppData\Local\AWSToolkit
2015-02-17 17:14:22 -------- d-----w- C:\Program Files (x86)\One Click Root
2015-02-17 17:13:54 -------- d-----w- C:\Users\sue\AppData\Roaming\One Click Root
2015-02-17 16:20:57 -------- d-----w- C:\Users\sue\AppData\Roaming\HMYGSetting
2015-02-17 11:26:34 1002728 ----a-w- C:\windows\System32\WinUSBCoInstaller2.dll
2015-02-17 11:26:34 -------- d-----w- C:\Users\sue\AppData\Roaming\AdbDriverInstaller
2015-02-17 11:25:58 -------- d-----w- C:\Users\sue\AppData\Roaming\Jihosoft Android Phone Recovery
2015-02-17 10:34:46 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
2015-02-17 10:28:15 -------- d-----w- C:\Program Files (x86)\7-Data Android Recovery
2015-02-17 09:42:59 -------- d-----w- C:\Users\sue\AppData\Local\Wondershare
2015-02-17 09:42:57 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2015-02-17 09:42:46 -------- d--h--w- C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-17 09:42:46 -------- d-----w- C:\Users\sue\AppData\Roaming\Wondershare
2015-02-17 09:42:46 -------- d-----w- C:\Program Files (x86)\Wondershare
2015-02-12 06:55:44 -------- d-----w- C:\locallow
2015-02-11 04:10:31 894976 ----a-w- C:\windows\System32\appraiser.dll
2015-02-11 04:10:31 609280 ----a-w- C:\windows\System32\generaltel.dll
2015-02-11 04:10:30 762368 ----a-w- C:\windows\System32\invagent.dll
2015-02-11 04:10:30 414720 ----a-w- C:\windows\System32\devinv.dll
2015-02-11 04:10:30 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-02-11 04:10:30 192000 ----a-w- C:\windows\System32\aepic.dll
2015-02-11 04:10:30 1239720 ----a-w- C:\windows\System32\aitstatic.exe
2015-02-11 04:10:30 1098752 ----a-w- C:\windows\System32\aeinv.dll
2015-02-11 04:03:00 861696 ----a-w- C:\windows\System32\oleaut32.dll
2015-02-11 04:03:00 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2015-02-11 04:02:59 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-02-11 04:02:59 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-02-11 04:02:58 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-02-11 04:02:32 406528 ----a-w- C:\windows\System32\scesrv.dll
2015-02-11 04:02:32 308224 ----a-w- C:\windows\SysWow64\scesrv.dll
2015-02-11 03:36:13 -------- d-----w- C:\Users\sue\AppData\Local\NPE
2015-02-10 23:36:26 18449600 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M  ====================
.
2015-03-11 19:37:37 177864 ----a-w- C:\windows\System32\drivers\kneps.sys
2015-03-11 19:37:36 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
2015-03-11 19:37:34 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2015-03-06 05:56:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-02-23 22:47:24 295552 ------w- C:\windows\System32\MpSigStub.exe
2015-02-20 04:40:59 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2015-02-05 05:19:37 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 05:19:37 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-02-03 03:34:39 693176 ----a-w- C:\windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\windows\System32\drivers\cng.sys
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2014-11-27 22:38:06 32371688 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-07-05 09:26:16 476 ----a-w- C:\Program Files (x86)\none14561626.bat
.
============= FINISH: 23:47:39.98 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 10.71.2
Run by sue at 23:46:10 on 2015-03-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.6051.1780 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\QlJTmt\hLgRxZASduw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\QlJTmt\dat\CHzYvqt.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
uRun: [Facebook Update] "C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Google Update] "C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Daily Kural] C:\Program Files (x86)\Daily Kural\Kural.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [GoogleChromeAutoLaunch_10F7407D9E7ABA30BA67FD388C333243] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify] "C:\Users\sue\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [gmsd_us_43] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\2435E4C4021435 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\C4641463458464C4 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{23D6B6CB-5AB3-4BAE-BA37-A3C199CFD82A}\E4544574541425022435E4C4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F4B04A72-FC4A-4369-BA15-CD6BB99B4193} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [NVHotkey] rundll32.exe C:\windows\System32\nvHotkey.dll,Start
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - <orphaned>
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2015-3-11 84536]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-8-19 25960]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-8-19 55856]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-11-17 46368]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2015-3-11 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-11-11 177864]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-19 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2011-8-19 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2010-12-18 53920]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 hLgRxZASduw;hLgRxZASduw;C:\ProgramData\QlJTmt\hLgRxZASduw.exe [2014-12-29 2726256]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-19 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-19 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-27 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-30 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-19 2655768]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2010-12-18 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2010-12-18 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2010-12-18 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2010-12-18 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2010-12-18 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2010-12-18 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2010-12-18 275616]
R3 BthMtpEnum;Bluetooth MTP Device Enumerator;C:\windows\System32\drivers\BthMtpEnum.sys [2009-7-14 64512]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-8-19 176096]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2014-8-10 86016]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-19 406632]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 0236851423240833mcinstcleanup;McAfee Application Installer Cleanup (0236851423240833);C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog --> C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2014-8-10 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\System32\drivers\ewusbwwan.sys [2014-8-10 421376]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-1-7 1910640]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-19 250984]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-11-15 155824]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-03-12 15:42:03 -------- d-----w- C:\Users\sue\AppData\Local\ZombieNews
2015-03-12 11:00:21 -------- d-----w- C:\AdwCleaner
2015-03-11 16:27:55 64856 ----a-w- C:\windows\System32\klfphc.dll
2015-03-11 16:25:57 66616 ----a-w- C:\windows\System32\drivers\CSVirtualDiskDrv.sys
2015-03-11 16:25:54 84536 ----a-w- C:\windows\System32\drivers\CSCrySec.sys
2015-03-11 16:25:24 -------- d-----w- C:\windows\ELAMBKUP
2015-03-11 16:25:20 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2015-03-11 16:25:03 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2015-03-11 12:06:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2015-03-11 12:06:03 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2015-03-11 08:42:48 41984 ----a-w- C:\windows\System32\lpk.dll
2015-03-11 08:34:33 215552 ----a-w- C:\windows\System32\ubpm.dll
2015-03-11 08:34:33 171520 ----a-w- C:\windows\SysWow64\ubpm.dll
2015-03-11 08:33:40 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E746BD4E-E8C0-4634-BC44-7F21D1FAF56D}\mpengine.dll
2015-03-11 08:24:34 828928 ----a-w- C:\windows\SysWow64\msctf.dll
2015-03-11 08:24:34 1067520 ----a-w- C:\windows\System32\msctf.dll
2015-03-11 08:24:33 1424896 ----a-w- C:\windows\System32\WindowsCodecs.dll
2015-03-11 08:24:33 1230848 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2015-03-11 08:24:32 3204096 ----a-w- C:\windows\System32\win32k.sys
2015-03-11 08:18:03 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2015-03-11 08:18:03 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2015-03-04 01:24:59 950272 ----a-w- C:\windows\System32\perftrack.dll
2015-03-04 01:24:59 91136 ----a-w- C:\windows\System32\wdi.dll
2015-03-04 01:24:59 76800 ----a-w- C:\windows\SysWow64\wdi.dll
2015-03-04 01:24:59 29696 ----a-w- C:\windows\System32\powertracker.dll
2015-02-20 17:30:19 -------- d-----w- C:\Users\sue\AppData\Local\Halfbrick
2015-02-20 17:29:41 -------- d-----w- C:\Users\sue\AppData\Local\Intel
2015-02-20 17:28:11 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2015-02-20 12:57:15 -------- d-----w- C:\Users\sue\AppData\Roaming\EncryptStick
2015-02-18 06:28:54 -------- d-----w- C:\Users\sue\AppData\Local\WinZip
2015-02-18 04:17:58 17323192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 17:27:48 -------- d-----w- C:\Users\sue\AppData\Roaming\Kingosoft
2015-02-17 17:27:48 -------- d-----w- C:\Users\sue\AppData\Local\Kingosoft
2015-02-17 17:27:45 -------- d-----w- C:\Program Files (x86)\Kingo ROOT
2015-02-17 17:15:12 -------- d-----w- C:\Users\sue\AppData\Local\AWSToolkit
2015-02-17 17:14:22 -------- d-----w- C:\Program Files (x86)\One Click Root
2015-02-17 17:13:54 -------- d-----w- C:\Users\sue\AppData\Roaming\One Click Root
2015-02-17 16:20:57 -------- d-----w- C:\Users\sue\AppData\Roaming\HMYGSetting
2015-02-17 11:26:34 1002728 ----a-w- C:\windows\System32\WinUSBCoInstaller2.dll
2015-02-17 11:26:34 -------- d-----w- C:\Users\sue\AppData\Roaming\AdbDriverInstaller
2015-02-17 11:25:58 -------- d-----w- C:\Users\sue\AppData\Roaming\Jihosoft Android Phone Recovery
2015-02-17 10:34:46 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
2015-02-17 10:28:15 -------- d-----w- C:\Program Files (x86)\7-Data Android Recovery
2015-02-17 09:42:59 -------- d-----w- C:\Users\sue\AppData\Local\Wondershare
2015-02-17 09:42:57 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2015-02-17 09:42:46 -------- d--h--w- C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-17 09:42:46 -------- d-----w- C:\Users\sue\AppData\Roaming\Wondershare
2015-02-17 09:42:46 -------- d-----w- C:\Program Files (x86)\Wondershare
2015-02-12 06:55:44 -------- d-----w- C:\locallow
2015-02-11 04:10:31 894976 ----a-w- C:\windows\System32\appraiser.dll
2015-02-11 04:10:31 609280 ----a-w- C:\windows\System32\generaltel.dll
2015-02-11 04:10:30 762368 ----a-w- C:\windows\System32\invagent.dll
2015-02-11 04:10:30 414720 ----a-w- C:\windows\System32\devinv.dll
2015-02-11 04:10:30 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-02-11 04:10:30 192000 ----a-w- C:\windows\System32\aepic.dll
2015-02-11 04:10:30 1239720 ----a-w- C:\windows\System32\aitstatic.exe
2015-02-11 04:10:30 1098752 ----a-w- C:\windows\System32\aeinv.dll
2015-02-11 04:03:00 861696 ----a-w- C:\windows\System32\oleaut32.dll
2015-02-11 04:03:00 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2015-02-11 04:02:59 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-02-11 04:02:59 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-02-11 04:02:58 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-02-11 04:02:32 406528 ----a-w- C:\windows\System32\scesrv.dll
2015-02-11 04:02:32 308224 ----a-w- C:\windows\SysWow64\scesrv.dll
2015-02-11 03:36:13 -------- d-----w- C:\Users\sue\AppData\Local\NPE
2015-02-10 23:36:26 18449600 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M  ====================
.
2015-03-11 19:37:37 177864 ----a-w- C:\windows\System32\drivers\kneps.sys
2015-03-11 19:37:36 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
2015-03-11 19:37:34 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2015-03-06 05:56:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-02-23 22:47:24 295552 ------w- C:\windows\System32\MpSigStub.exe
2015-02-20 04:40:59 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2015-02-05 05:19:37 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 05:19:37 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-02-03 03:34:39 693176 ----a-w- C:\windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\windows\System32\drivers\cng.sys
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2014-11-27 22:38:06 32371688 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-07-05 09:26:16 476 ----a-w- C:\Program Files (x86)\none14561626.bat
.
============= FINISH: 23:47:39.98 ===============




DS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10-03-2012 17:26:30
System Uptime: 12-03-2015 23:33:40 (0 hours ago)
.
Motherboard: Dell Inc. | | 0FXK2Y
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 407 GiB total, 55.327 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 175 GiB total, 141.65 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01AF\8&159E7E92&0&30A8DB850783_C00000000
Service:
.
==== System Restore Points ===================
.
RP235: 21-01-2015 23:46:24 - Scheduled Checkpoint
RP236: 23-01-2015 09:57:20 - Installed DirectX
RP237: 23-01-2015 09:57:57 - Installed DirectX
RP238: 30-01-2015 10:48:05 - Scheduled Checkpoint
RP239: 03-02-2015 06:19:16 - Windows Update
RP240: 06-02-2015 12:55:24 - Windows Update
RP241: 06-02-2015 14:47:21 - avast! antivirus system restore point
RP242: 06-02-2015 15:50:35 - Device Driver Package Install: Avast Network Service
RP243: 06-02-2015 22:06:19 - avast! antivirus system restore point
RP244: 11-02-2015 22:04:21 - Windows Update
RP245: 12-02-2015 08:39:30 - Norton_Power_Eraser_20150212083922410
RP246: 12-02-2015 16:45:40 - Windows Update
RP247: 15-02-2015 19:19:39 - Windows Update
RP248: 17-02-2015 16:56:43 - Device Driver Package Install: Google, Inc.
RP249: 17-02-2015 22:48:20 - Removed One Click Root
RP250: 17-02-2015 23:03:03 - Device Driver Package Install: Google, Inc. Android Phone
RP251: 17-02-2015 23:03:23 - Device Driver Package Install: Sony
RP252: 17-02-2015 23:04:11 - Device Driver Package Install: Sony Network adapters
RP253: 17-02-2015 23:05:18 - Device Driver Package Install: Google, Inc. Android Phone
RP254: 18-02-2015 11:35:21 - Removed WinZip 18.5
RP255: 18-02-2015 11:58:03 - Installed WinZip 19.0
RP256: 20-02-2015 13:13:58 - Removed Visual Studio 2010 x64 Redistributables
RP257: 21-02-2015 10:40:51 - Removed Java™ 6 Update 24 (64-bit)
RP258: 03-03-2015 21:15:33 - Windows Update
RP259: 05-03-2015 18:42:43 - Windows Update
RP260: 11-03-2015 14:02:57 - Windows Update
RP261: 12-03-2015 03:01:16 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.13) MUI
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
airtel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battle.net
Bluetooth Win7 Suite (64)
CCleaner
CDBurnerXP
Compatibility Pack for the 2007 Office system
Crack the NBDE 2015-2016
Crack the NBDE 5.1.5
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
Facebook Video Calling 3.1.0.521
Google Chrome
Google Talk Plugin
Google Update Helper
Hearthstone
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
iTunes
Java 7 Update 71
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Kaspersky PURE 3.0
Kaspersky Security Scan
MBlaze
McAfee SafeKey(uninstall only)
McAfee Virtual Technician
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NVIDIA 3D Vision Driver 266.83
NVIDIA Control Panel 266.83
NVIDIA Graphics Driver 266.83
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA Optimus 1.0.17
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Origin
PlayReady PC Runtime x86
Quickset64
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956107) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956109) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
Skype 7.1
Sony PC Companion 2.10.251
Spotify
Steam
swMSM
SyncUP
The Sims 3
The Sims 3 Showtime
The Sims 3 World Adventures
Trine 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 19.0
WinZip Courier
.
==== Event Viewer Messages From Past Week ========
.
12-03-2015 23:40:02, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
12-03-2015 23:37:09, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
12-03-2015 16:32:40, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
12-03-2015 16:32:29, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12-03-2015 16:32:28, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:27, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12-03-2015 16:32:27, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12-03-2015 16:32:25, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:25, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:25, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:25, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Skype Click to Call Updater service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Skype Click to Call PNR Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The CryptoStorage control service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Atheros Bt&Wlan Coex Agent service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
12-03-2015 16:32:24, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12-03-2015 16:32:24, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12-03-2015 16:32:24, Error: Service Control Manager [7031] - The hLgRxZASduw service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12-03-2015 16:32:24, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12-03-2015 16:32:07, Error: Service Control Manager [7022] - The Intel® Management and Security Application User Notification Service service hung on starting.
12-03-2015 16:30:07, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12-03-2015 16:21:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: wpnfd_1_10_0_4
12-03-2015 15:54:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12-03-2015 15:17:48, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12-03-2015 14:14:48, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe -secured -Embedding
12-03-2015 13:02:47, Error: Schannel [36887] - The following fatal alert was received: 40.
12-03-2015 12:32:22, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12-03-2015 12:24:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
12-03-2015 12:24:20, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05-03-2015 18:39:01, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
05-03-2015 18:39:01, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
.
==== End Of File ===========================

#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 12 March 2015 - 03:44 PM

Do you use Kaspersky PURE and Norton softwares ?


Edited by olgun52, 12 March 2015 - 03:46 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 12 March 2015 - 04:39 PM

Hi suez6,

Please do the following.

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • Hi suez6,
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt
 
Step2:
 
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 13 March 2015 - 02:04 AM

Hi Yilmaz,

Yes. I'm currently using Kaspersky. I was using Norton earlier.I'm unable to attach the log files. Hence, I'm just pasting the content here,

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.13.03
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
sue :: SUE-PC [administrator]

13-03-2015 10:30:41
mbar-log-2015-03-13 (10-30-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 416414
Time elapsed: 32 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\1078601655 (Rogue.Multiple) -> No action taken. [c0475ee76d1de056666b9dbfa3607b85]

Files Detected: 1
C:\Users\sue\AppData\Roaming\die.bat (Malware.Trace.E) -> No action taken. [61a6f4513d4d38febf4d2e0a858046ba]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6345105408, free: 3207172096

Downloaded database version: v2015.03.13.03
Downloaded database version: v2015.02.25.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
     03/13/2015 10:30:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\BthMtpEnum.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.03.13.03
  rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b8b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b8bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b8b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b1e6f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005f9b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2FE55CCE

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30926848  Numsec = 853045936

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 883974144  Numsec = 366286848

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\sue\AppData\Roaming\die.bat --> [Malware.Trace.E]
Infected: C:\ProgramData\1078601655 --> [Rogue.Multiple]
Scan finished
User declined to cleanup malware.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sue [Administrator]
Started from : C:\Users\sue\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/13/2015  12:05:29

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] hLgRxZASduw.exe(700) -- C:\ProgramData\QlJTmt\hLgRxZASduw.exe[7] -> Killed [TermProc]
[Suspicious.Path] CHzYvqt.exe(2820) -- C:\ProgramData\QlJTmt\dat\CHzYvqt.exe[7] -> Killed [TermThr]
[Suspicious.Path] (SVC) hLgRxZASduw -- "C:\ProgramData\QlJTmt\hLgRxZASduw.exe"[7] -> ERROR [41c]

¤¤¤ Registry : 25 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BAPIDRV (system32\DRIVERS\BAPIDRV64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{83DD840A-2044-4F73-A519-1065F648F5D1} | DhcpNameServer : 172.9.1.161 [(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 4 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSAGetOverlappedResult :  @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend :  @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateThreadpoolIo :  @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSARecv :  @ 0x0 ()

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 2c0caeba7e010eb9f41c29e9f31de2c9
[BSP] 5cb48ffcee235311eaa03ee535d0aaf1 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

 

thanks.

 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 13 March 2015 - 08:53 AM

Please post roguekiller.Logfile.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 13 March 2015 - 10:15 AM

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sue [Administrator]
Started from : C:\Users\sue\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/13/2015  20:43:33

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] hLgRxZASduw.exe(4724) -- C:\ProgramData\QlJTmt\hLgRxZASduw.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 26 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | 360safeuninst : C:\Users\sue\AppData\Local\Temp\remove360.bat  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BAPIDRV (system32\DRIVERS\BAPIDRV64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe") -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{83DD840A-2044-4F73-A519-1065F648F5D1} | DhcpNameServer : 172.9.1.161 [(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 2c0caeba7e010eb9f41c29e9f31de2c9
[BSP] 5cb48ffcee235311eaa03ee535d0aaf1 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03132015_120529.log



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 13 March 2015 - 10:39 AM

Hi suez6,

 

Step1:

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
C:\ProgramData\QlJTmt\hLgRxZASduw.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe")
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe")
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hLgRxZASduw ("C:\ProgramData\QlJTmt\hLgRxZASduw.exe"
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

Step2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 13 March 2015 - 12:41 PM

hi,

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sue [Administrator]
Started from : C:\Users\sue\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/13/2015  21:32:23

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] hLgRxZASduw.exe(4724) -- C:\ProgramData\QlJTmt\hLgRxZASduw.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 26 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | 360safeuninst : C:\Users\sue\AppData\Local\Temp\remove360.bat  -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BAPIDRV (system32\DRIVERS\BAPIDRV64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hLgRxZASduw -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hLgRxZASduw -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\0236851423240833mcinstcleanup (C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hLgRxZASduw -> Deleted
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{83DD840A-2044-4F73-A519-1065F648F5D1} | DhcpNameServer : 172.9.1.161 [(Unknown Country?) (XX)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 2c0caeba7e010eb9f41c29e9f31de2c9
[BSP] 5cb48ffcee235311eaa03ee535d0aaf1 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03132015_120529.log - RKreport_SCN_03132015_204333.log

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 13-03-2015 22:48:38, SYSTEM, SUE-PC, Protection, Malware Protection, Starting,
Protection, 13-03-2015 22:48:38, SYSTEM, SUE-PC, Protection, Malware Protection, Started,
Protection, 13-03-2015 22:48:38, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Starting,
Protection, 13-03-2015 22:48:39, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Started,
Update, 13-03-2015 22:49:08, SYSTEM, SUE-PC, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1,
Update, 13-03-2015 22:49:09, SYSTEM, SUE-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Detection, 13-03-2015 22:51:46, SYSTEM, SUE-PC, Protection, Malware Protection, File, PUP.Optional.ZombieNews.A, C:\ProgramData\QlJTmt\dat\UuhjcK.exe, Quarantine Failed, 303, Queued for removal on reboot, [45c172cc86f6ce68b49d6c472ed3e51b]
Update, 13-03-2015 22:52:16, SYSTEM, SUE-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.13.6,
Protection, 13-03-2015 22:52:17, SYSTEM, SUE-PC, Protection, Refresh, Starting,
Protection, 13-03-2015 22:52:17, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 13-03-2015 22:52:17, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 13-03-2015 22:52:33, SYSTEM, SUE-PC, Protection, Refresh, Success,
Protection, 13-03-2015 22:52:33, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Starting,
Protection, 13-03-2015 22:52:34, SYSTEM, SUE-PC, Protection, Malicious Website Protection, Started,
Detection, 13-03-2015 22:56:51, SYSTEM, SUE-PC, Protection, Malware Protection, File, PUP.Optional.ZombieNews.A, C:\ProgramData\QlJTmt\dat\UuhjcK.exe, Quarantine Failed, 303, Queued for removal on reboot, [50ba261f2565fd397e0febd934cdf50b]
Detection, 13-03-2015 23:01:57, SYSTEM, SUE-PC, Protection, Malware Protection, File, PUP.Optional.ZombieNews.A, C:\ProgramData\QlJTmt\dat\UuhjcK.exe, Quarantine Failed, 303, Queued for removal on reboot, [50ba261f2565fd397e0febd934cdf50b]
Detection, 13-03-2015 23:02:44, SYSTEM, SUE-PC, Protection, Malware Protection, File, PUP.Optional.ZombieNews.A, C:\ProgramData\QlJTmt\dat\UuhjcK.exe, Quarantine Failed, 303, Queued for removal on reboot, [50ba261f2565fd397e0febd934cdf50b]
Detection, 13-03-2015 23:07:02, SYSTEM, SUE-PC, Protection, Malware Protection, File, PUP.Optional.ZombieNews.A, C:\ProgramData\QlJTmt\dat\UuhjcK.exe, Quarantine Failed, 303, Queued for removal on reboot, [50ba261f2565fd397e0febd934cdf50b]

(end)



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 13 March 2015 - 01:44 PM

Hi suez6,

 

Perfect work

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 13 March 2015 - 02:35 PM

Hi,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by sue (administrator) on SUE-PC on 14-03-2015 00:59:57
Running from C:\Users\sue\Downloads
Loaded Profiles: UpdatusUser & sue (Available profiles: UpdatusUser & sue)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Spotify Ltd) C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [613536 2010-12-18] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379040 2010-12-18] (Atheros Commnucations)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Facebook Update] => C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-18] (Facebook Inc.)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Google Update] => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Daily Kural] => C:\Program Files (x86)\Daily Kural\Kural.exe
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31090792 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2015-01-07] (Electronic Arts)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [GoogleChromeAutoLaunch_10F7407D9E7ABA30BA67FD388C333243] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Spotify] => C:\Users\sue\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [Spotify Web Helper] => C:\Users\sue\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> DefaultScope {22BA4677-BEAA-4DF1-BD97-43F16B4F8976} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B014IN0D20141127&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> {22BA4677-BEAA-4DF1-BD97-43F16B4F8976} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B014IN0D20141127&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO: No Name -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} ->  No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-27] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-27] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2015-03-11] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2012-11-22] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-27] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2312021400-1013561349-3986411154-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\sue\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2312021400-1013561349-3986411154-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\sue\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-28] (Google)
FF Plugin HKU\S-1-5-21-2312021400-1013561349-3986411154-1001: @talk.google.com/O1DPlugin -> C:\Users\sue\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-28] (Google)
FF Plugin HKU\S-1-5-21-2312021400-1013561349-3986411154-1001: @tools.google.com/Google Update;version=3 -> C:\Users\sue\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2312021400-1013561349-3986411154-1001: @tools.google.com/Google Update;version=9 -> C:\Users\sue\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sue\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-28] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sue\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-28] (Google)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2015-03-11]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-03]
CHR Extension: (Google Docs) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]
CHR Extension: (Google Drive) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]
CHR Extension: (YouTube) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (µBlock) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-01-04]
CHR Extension: (Entanglement) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2015-01-29]
CHR Extension: (Google Search) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-03-12]
CHR Extension: (Hola Better Internet Engine) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]
CHR Extension: (AdBlock) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-04]
CHR Extension: (Hola Better Internet) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-05]
CHR Extension: (Safe Money) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-03-12]
CHR Extension: (Content Blocker) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-03-12]
CHR Extension: (Virtual Keyboard) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2015-03-12]
CHR Extension: (KingsRoad) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2015-01-29]
CHR Extension: (Hangouts) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-01-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Kaspersky Protection) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-03-12]
CHR Extension: (Ghostery) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-01-04]
CHR Extension: (Norton Safe) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]
CHR Extension: (Anti-Banner) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-03-12]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - C:\Users\sue\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [2011-10-21]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [151552 2010-10-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [53920 2010-12-18] (Atheros Commnucations) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0236851423240833mcinstcleanup; C:\Users\sue\AppData\Local\Temp\023685~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-03] (AVG Technologies)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-03-12] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-03-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2015-03-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2015-03-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-03-12] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-13] ()
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 24ED0EB2B2558970176ECEE680F8F806
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys CBE61B4494165F458BD87E37181EE934
C:\Windows\System32\DRIVERS\athrx.sys 782D36BAD8DDBF008D02E055DBE70F82
C:\windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys 227C8F308DE4AF4808E587465CEAB838
C:\Windows\System32\DRIVERS\btath_bus.sys A83A91D07D1FE6BBE7A9DB46CA00434B
C:\Windows\System32\DRIVERS\btath_hcrp.sys C864FF85EE16D61C2BDD5EF76824625F
C:\Windows\System32\DRIVERS\btath_lwflt.sys 0DEA505EFB5D771826D177EF8B8A208F
C:\Windows\System32\DRIVERS\btath_rcp.sys 724C8088C96EFE7A3E63FEC21D4681C0
C:\Windows\System32\DRIVERS\btfilter.sys 486720DA2B3BB13D1080C83140C18B56
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthMtpEnum.sys BDAD7CA91F370E588ECC8C67B694300C
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CSCrySec.sys 04199CA5C4A6F6E935906A74EAFCA8E7
C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys 7D7F90460F1309B5205BF8CDFAD63E42
C:\Windows\System32\DRIVERS\CtClsFlt.sys BC3D4F90978CD7C8EABD1BAF3BF7873A
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbwwan.sys 334C907536E815E56CD13108A6D5FB9D
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 1642C62F1FD5E1FF44608283994A7BB8
C:\Windows\System32\DRIVERS\ewusbmdm.sys 04D1DE1E8ACE40CA396502C90524E945
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 174BCAC474DE13B2650E444CF124828E
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\klif.sys 70D959CB6DC1F2AC6AFF3AC20891939D
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B
C:\Windows\System32\DRIVERS\kneps.sys 0E71FAED99892750DFE1C5237A6F8FE6
C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 158AD24745BD85BA9BE3C51C38F48C32
C:\Windows\System32\DRIVERS\nusb3xhc.sys D40A13B2C0891E218F9523B376955DB6
C:\Windows\System32\drivers\nvhda64v.sys 857FB74754EBFF94EE3AD40788740916
C:\Windows\System32\DRIVERS\nvlddmkm.sys FBF431E02E0C669DAE483AC6D26CD26E
C:\Windows\System32\DRIVERS\nvpciflt.sys 782DB21441C1628FB91B26C75A56DFC6
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys BE29B0A3AC1E8BD02FFAB8CEE86BADFA
C:\Windows\System32\DRIVERS\Rt64win7.sys 2777226EE8BF50B059D7A7C90177E99C
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EF5ACDE92BA3F691BBFEF781CB063501
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys FD44FA80DA03EA144153A76DEBBB61B4
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 00:59 - 2015-03-14 01:00 - 00055242 _____ () C:\Users\sue\Downloads\FRST.txt
2015-03-14 00:59 - 2015-03-14 00:59 - 02095616 _____ (Farbar) C:\Users\sue\Downloads\FRST64.exe
2015-03-13 23:29 - 2015-03-13 23:29 - 00000000 ___RD () C:\Users\sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-13 22:47 - 2015-03-13 22:47 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-13 22:47 - 2015-03-13 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-13 22:47 - 2015-03-13 22:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 22:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-13 22:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-13 22:34 - 2015-03-13 22:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\sue\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-13 12:20 - 2014-11-25 07:44 - 00023752 _____ (360安全中心) C:\windows\SysWOW64\Drivers\efimon.sys
2015-03-13 11:59 - 2015-03-13 20:36 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-13 11:59 - 2015-03-13 12:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-13 11:44 - 2015-03-13 11:58 - 15632984 _____ () C:\Users\sue\Downloads\RogueKiller.exe
2015-03-13 11:35 - 2015-03-13 11:43 - 00000000 ____D () C:\Users\sue\AppData\Local\WinZip
2015-03-13 11:35 - 2015-03-13 11:35 - 00002289 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-03-13 11:35 - 2015-03-13 11:35 - 00002283 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-03-13 11:35 - 2015-03-13 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-13 11:35 - 2015-03-13 11:35 - 00000000 ____D () C:\Program Files\WinZip
2015-03-13 11:23 - 2015-03-13 23:28 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-13 11:06 - 2015-03-13 11:07 - 01079200 _____ (Software Program ) C:\Users\sue\Downloads\winzip19-new.exe
2015-03-13 10:30 - 2015-03-13 23:28 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 10:30 - 2015-03-13 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 10:30 - 2015-03-13 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-13 10:16 - 2015-03-13 22:31 - 00000000 ____D () C:\Users\sue\Desktop\mbar
2015-03-13 10:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-13 10:10 - 2015-03-13 10:16 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sue\Downloads\mbar-1.09.1.1004.exe
2015-03-12 23:48 - 2015-03-12 23:48 - 00019644 _____ () C:\Users\sue\Desktop\attach.txt
2015-03-12 23:48 - 2015-03-12 23:47 - 00034396 _____ () C:\Users\sue\Desktop\dds.txt
2015-03-12 23:45 - 2015-03-12 23:46 - 00688992 ____R (Swearware) C:\Users\sue\Downloads\dds.com
2015-03-12 16:30 - 2015-03-12 16:32 - 00000000 ____D () C:\AdwCleaner
2015-03-12 16:28 - 2015-03-12 16:29 - 02171392 _____ () C:\Users\sue\Downloads\AdwCleaner.exe
2015-03-12 13:27 - 2015-03-12 13:50 - 36388269 _____ () C:\Users\sue\Downloads\NBDE.rar
2015-03-11 21:58 - 2015-03-11 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2015-03-11 21:58 - 2015-03-11 21:57 - 00001080 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2015-03-11 21:57 - 2013-11-11 21:30 - 00064856 _____ (Kaspersky Lab) C:\windows\system32\klfphc.dll
2015-03-11 21:55 - 2015-03-12 01:07 - 00628288 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-03-11 21:55 - 2015-03-12 01:07 - 00092768 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-03-11 21:55 - 2015-03-11 21:55 - 00000000 ____D () C:\windows\ELAMBKUP
2015-03-11 21:55 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\windows\system32\Drivers\CSCrySec.sys
2015-03-11 21:55 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\windows\system32\Drivers\CSVirtualDiskDrv.sys
2015-03-11 20:46 - 2015-03-11 21:43 - 193793792 _____ (Kaspersky Lab ZAO) C:\Users\sue\Downloads\pure13.0.2.558en-in.exe
2015-03-11 17:36 - 2015-03-13 23:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-11 17:36 - 2015-03-11 21:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-11 17:36 - 2015-03-11 17:36 - 00001079 _____ () C:\Users\sue\Desktop\Kaspersky Security Scan.lnk
2015-03-11 17:36 - 2015-03-11 17:36 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-03-11 16:48 - 2015-03-11 16:49 - 00189320 _____ (Kaspersky Lab) C:\Users\sue\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6222.exe
2015-03-11 14:45 - 2015-02-24 08:45 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 14:45 - 2015-02-24 08:02 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 14:45 - 2015-02-21 06:46 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 14:45 - 2015-02-21 06:11 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 14:45 - 2015-02-21 05:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 14:45 - 2015-02-21 05:57 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 14:45 - 2015-02-21 05:55 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 14:45 - 2015-02-21 05:28 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 14:45 - 2015-02-21 05:02 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 14:45 - 2015-02-20 08:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 14:45 - 2015-02-20 08:35 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 14:45 - 2015-02-20 08:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 14:45 - 2015-02-20 08:19 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 14:45 - 2015-02-20 08:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 14:45 - 2015-02-20 08:18 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 14:45 - 2015-02-20 08:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 14:45 - 2015-02-20 08:11 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 14:45 - 2015-02-20 08:10 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 14:45 - 2015-02-20 08:06 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 14:45 - 2015-02-20 08:05 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 14:45 - 2015-02-20 08:05 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 14:45 - 2015-02-20 08:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 14:45 - 2015-02-20 08:02 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 14:45 - 2015-02-20 07:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:45 - 2015-02-20 07:52 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 14:45 - 2015-02-20 07:52 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 14:45 - 2015-02-20 07:43 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:45 - 2015-02-20 07:39 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 14:45 - 2015-02-20 07:38 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 14:45 - 2015-02-20 07:38 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 14:45 - 2015-02-20 07:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 14:45 - 2015-02-20 07:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 14:45 - 2015-02-20 07:35 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 14:45 - 2015-02-20 07:33 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 14:45 - 2015-02-20 07:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 14:45 - 2015-02-20 07:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 14:45 - 2015-02-20 07:28 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 14:45 - 2015-02-20 07:26 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 14:45 - 2015-02-20 07:26 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 14:45 - 2015-02-20 07:19 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 14:45 - 2015-02-20 07:19 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 14:45 - 2015-02-20 07:17 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 14:45 - 2015-02-20 07:16 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 14:45 - 2015-02-20 07:13 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 14:45 - 2015-02-20 07:11 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 14:45 - 2015-02-20 07:07 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 14:45 - 2015-02-20 07:00 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 14:45 - 2015-02-20 06:58 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 14:45 - 2015-02-20 06:54 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 14:45 - 2015-02-20 06:54 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 14:45 - 2015-02-20 06:53 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 14:45 - 2015-02-20 06:46 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 14:45 - 2015-02-20 06:33 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 14:45 - 2015-02-20 06:31 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 14:45 - 2015-02-20 06:27 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 14:45 - 2015-02-20 06:25 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 14:12 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 14:12 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 14:12 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 14:12 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 14:12 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 14:12 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 14:12 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 14:12 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 14:12 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 14:12 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 14:12 - 2015-02-03 09:04 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 14:12 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 14:12 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 14:12 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 14:12 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 14:12 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 14:12 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 14:12 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 14:12 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 14:12 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 14:12 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 14:12 - 2015-02-03 08:58 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 14:12 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 14:12 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 14:12 - 2015-02-03 08:46 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 14:12 - 2015-02-03 08:46 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 14:12 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 14:12 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 14:12 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 14:12 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 14:12 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 14:12 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 14:12 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 14:12 - 2015-02-03 08:38 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 14:12 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 14:12 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 14:12 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 14:12 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 14:04 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 14:04 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 14:02 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 14:02 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 14:01 - 2015-03-06 11:26 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:01 - 2015-03-06 11:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 14:01 - 2015-03-06 11:12 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 14:01 - 2015-03-06 11:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 14:01 - 2015-03-06 11:11 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 14:01 - 2015-03-06 11:11 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 14:01 - 2015-03-06 11:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 14:01 - 2015-03-06 11:08 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 14:01 - 2015-03-06 11:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 14:01 - 2015-03-06 10:40 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 14:01 - 2015-03-06 10:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 14:01 - 2015-03-06 10:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 14:01 - 2015-03-06 10:37 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 14:01 - 2015-03-06 10:37 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 14:01 - 2015-03-06 10:36 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 14:01 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 13:54 - 2015-02-26 08:55 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 13:54 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 13:54 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 13:54 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 13:54 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 13:48 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 13:48 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-05 22:22 - 2015-03-05 22:22 - 00854576 _____ () C:\Users\sue\AppData\Local\package.nw.new
2015-03-04 22:23 - 2015-03-04 22:23 - 00016321 _____ () C:\Users\sue\Downloads\MasterCard-World_Stmt_05031522231.xls
2015-03-04 07:08 - 2015-03-04 07:08 - 00011175 _____ () C:\Users\sue\Downloads\303012 (1).xlsx
2015-03-04 07:01 - 2015-03-04 07:10 - 24446928 _____ () C:\Users\sue\Downloads\Attachments_201534.zip
2015-03-04 06:54 - 2015-01-09 08:44 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-04 06:54 - 2015-01-09 08:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-04 06:54 - 2015-01-09 08:44 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-04 06:54 - 2015-01-09 08:18 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-03 21:16 - 2015-01-09 05:14 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-03 21:16 - 2015-01-09 05:13 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-21 13:04 - 2015-02-21 13:04 - 00011175 _____ () C:\Users\sue\Downloads\303012.xlsx
2015-02-21 10:22 - 2015-02-21 10:23 - 03060320 _____ (Symantec Corporation) C:\Users\sue\Downloads\NPE.exe
2015-02-20 23:00 - 2015-02-20 23:00 - 00000000 ____D () C:\Users\sue\AppData\Local\Halfbrick
2015-02-20 22:59 - 2015-02-20 22:59 - 00000000 ____D () C:\Users\sue\AppData\Local\Intel
2015-02-20 22:58 - 2015-02-20 22:58 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2015-02-20 18:27 - 2015-02-20 18:27 - 00000000 ____D () C:\Users\sue\AppData\Roaming\EncryptStick
2015-02-20 18:17 - 2015-02-20 18:18 - 00000000 ____D () C:\Users\sue\Documents\Bluetooth Folder
2015-02-20 12:31 - 2015-02-20 12:42 - 00000000 ____D () C:\Users\sue\Documents\admission docs 2014
2015-02-20 12:29 - 2015-02-20 12:29 - 00000000 ____D () C:\Users\sue\Documents\passport
2015-02-20 12:23 - 2015-02-20 12:23 - 00000000 ____D () C:\Users\sue\Downloads\phd
2015-02-20 09:52 - 2015-02-20 10:02 - 00000000 ____D () C:\Users\sue\Documents\Gmail - Software Approval_files
2015-02-20 09:52 - 2015-02-20 09:52 - 00006646 _____ () C:\Users\sue\Documents\Gmail - Software Approval.html
2015-02-17 23:02 - 2015-03-06 19:41 - 00061064 _____ () C:\windows\DPINST.LOG
2015-02-17 22:57 - 2015-02-18 12:24 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-02-17 22:57 - 2015-02-17 22:57 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Kingosoft
2015-02-17 22:57 - 2015-02-17 22:57 - 00000000 ____D () C:\Users\sue\AppData\Local\Kingosoft
2015-02-17 22:45 - 2015-02-17 22:45 - 00000000 ____D () C:\Users\sue\AppData\Local\AWSToolkit
2015-02-17 22:44 - 2015-02-17 22:44 - 00000000 ____D () C:\Program Files (x86)\One Click Root
2015-02-17 22:43 - 2015-02-17 22:43 - 00000000 ____D () C:\Users\sue\AppData\Roaming\One Click Root
2015-02-17 21:50 - 2015-02-17 21:50 - 00000000 ____D () C:\Users\sue\AppData\Roaming\HMYGSetting
2015-02-17 16:57 - 2015-02-17 16:57 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-17 16:56 - 2015-02-17 16:56 - 01002728 _____ (Microsoft Corporation) C:\windows\system32\WinUSBCoInstaller2.dll
2015-02-17 16:55 - 2015-02-17 17:14 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Jihosoft Android Phone Recovery
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2015-02-17 15:58 - 2015-02-17 16:09 - 00000000 ____D () C:\Program Files (x86)\7-Data Android Recovery
2015-02-17 15:12 - 2015-02-17 23:09 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-17 15:12 - 2015-02-17 23:09 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-17 15:12 - 2015-02-17 22:26 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Wondershare
2015-02-17 15:12 - 2015-02-17 15:12 - 00000000 ____D () C:\Users\sue\AppData\Local\Wondershare
2015-02-16 12:21 - 2015-02-16 12:21 - 00000035 _____ () C:\Users\sue\Documents\g.txt
2015-02-16 10:01 - 2015-02-16 10:01 - 00000000 ___RD () C:\Users\sue\Desktop\MySyncUPFiles
2015-02-11 09:40 - 2015-02-04 08:46 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 09:40 - 2015-02-04 08:46 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 09:40 - 2015-02-04 08:46 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 09:40 - 2015-02-04 08:46 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 09:40 - 2015-02-04 08:46 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 09:40 - 2015-02-04 08:46 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 09:40 - 2015-02-04 08:43 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 09:40 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 09:33 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 09:33 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 09:32 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 09:32 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 09:32 - 2014-10-04 07:40 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-11 09:32 - 2014-10-04 07:12 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-11 09:32 - 2014-10-04 07:12 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-11 09:06 - 2015-02-21 10:40 - 00000000 ____D () C:\Users\sue\AppData\Local\NPE
2015-02-10 13:04 - 2015-02-18 12:22 - 00027648 ___SH () C:\Users\sue\Downloads\Thumbs.db
2015-02-10 08:18 - 2015-02-10 08:18 - 00006073 _____ () C:\Users\sue\Downloads\chronological1.zip
2015-02-10 08:18 - 2015-02-10 08:18 - 00005123 _____ () C:\Users\sue\Downloads\skills-resume.zip
2015-02-09 10:06 - 2015-02-09 10:07 - 01768448 _____ () C:\Users\sue\Downloads\Effective scholarship.ppt
2015-02-06 22:11 - 2015-02-06 23:12 - 211811872 _____ (Symantec Corporation) C:\Users\sue\Downloads\N360-TW-21.1.0-EN-ROW.exe
2015-02-06 20:26 - 2015-02-06 20:26 - 00000197 _____ () C:\windows\system32\2015-02-06-14-56-50.005-AvastVBoxSVC.exe-7660.log
2015-02-06 17:10 - 2015-02-06 17:10 - 00000197 _____ () C:\windows\system32\2015-02-06-11-40-50.032-AvastVBoxSVC.exe-6852.log
2015-02-06 17:06 - 2015-03-13 23:27 - 00009868 _____ () C:\windows\setupact.log
2015-02-06 17:06 - 2015-02-06 17:06 - 00000000 _____ () C:\windows\setuperr.log
2015-02-06 17:05 - 2015-03-13 23:27 - 01838136 _____ () C:\windows\PFRO.log
2015-02-06 16:49 - 2015-02-06 20:24 - 00000000 ___RD () C:\Users\sue\Dropbox
2015-02-06 16:30 - 2015-02-06 20:26 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Dropbox
2015-02-06 16:24 - 2015-02-06 16:25 - 00003270 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001
2015-02-06 16:06 - 2015-02-06 16:06 - 00000247 _____ () C:\windows\system32\2015-02-06-10-36-03.099-aswFe.exe-17364.log
2015-02-06 15:58 - 2015-02-06 16:05 - 00000247 _____ () C:\windows\system32\2015-02-06-10-28-52.067-aswFe.exe-18168.log
2015-02-06 15:58 - 2015-02-06 15:58 - 00000197 _____ () C:\windows\system32\2015-02-06-10-28-47.088-AvastVBoxSVC.exe-14772.log
2015-02-06 15:52 - 2015-02-06 15:53 - 00000000 ____D () C:\windows\SysWOW64\vbox
2015-02-06 15:52 - 2015-02-06 15:53 - 00000000 ____D () C:\windows\system32\vbox
2015-02-06 14:43 - 2015-02-07 14:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-05 14:06 - 2015-02-05 14:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-05 14:06 - 2015-02-05 14:06 - 00002768 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-05 14:06 - 2015-02-05 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 12:25 - 2015-01-29 12:25 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 08:43 - 2015-02-16 09:47 - 00000000 ____D () C:\Users\sue\AppData\Local\Spotify
2015-01-23 10:14 - 2015-02-10 19:25 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Trine2
2015-01-23 10:00 - 2010-06-02 15:25 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2015-01-23 10:00 - 2010-06-02 15:25 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-01-23 10:00 - 2010-06-02 15:25 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2015-01-23 10:00 - 2010-06-02 15:25 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2015-01-23 10:00 - 2010-06-02 15:25 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-01-23 10:00 - 2010-06-02 15:25 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-01-23 10:00 - 2010-05-26 22:11 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2015-01-23 10:00 - 2010-02-04 20:31 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2015-01-23 10:00 - 2009-09-05 04:14 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2015-01-23 10:00 - 2009-09-05 04:14 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2015-01-23 10:00 - 2009-09-05 04:14 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2015-01-23 10:00 - 2009-09-05 04:14 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2015-01-23 10:00 - 2009-09-05 03:59 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2015-01-23 10:00 - 2009-03-17 00:48 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2015-01-23 10:00 - 2009-03-10 01:57 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2015-01-23 10:00 - 2009-03-10 01:57 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2015-01-23 10:00 - 2009-03-10 01:57 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2015-01-23 10:00 - 2009-03-10 01:57 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2015-01-23 10:00 - 2008-10-27 20:34 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2015-01-23 10:00 - 2008-10-15 16:52 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2015-01-23 10:00 - 2008-10-15 16:52 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2015-01-23 10:00 - 2008-10-15 16:52 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2015-01-23 10:00 - 2008-10-15 16:52 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2015-01-23 10:00 - 2008-07-31 21:11 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2015-01-23 10:00 - 2008-07-31 21:11 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2015-01-23 10:00 - 2008-07-31 21:11 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2015-01-23 10:00 - 2008-07-31 21:11 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2015-01-23 10:00 - 2008-07-31 21:10 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2015-01-23 10:00 - 2008-07-31 21:10 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2015-01-23 10:00 - 2008-07-10 21:31 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2015-01-23 10:00 - 2008-07-10 21:30 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2015-01-23 10:00 - 2008-07-10 21:30 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2015-01-23 10:00 - 2008-07-10 21:30 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2015-01-23 10:00 - 2008-07-10 21:30 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2015-01-23 10:00 - 2008-07-10 21:30 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2015-01-23 10:00 - 2008-05-31 00:49 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2015-01-23 10:00 - 2008-05-31 00:49 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2015-01-23 10:00 - 2008-05-31 00:48 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2015-01-23 10:00 - 2008-05-31 00:48 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2015-01-23 10:00 - 2008-05-31 00:47 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2015-01-23 10:00 - 2008-05-31 00:47 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2015-01-23 10:00 - 2008-05-31 00:47 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2015-01-23 10:00 - 2008-05-31 00:46 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2015-01-23 09:59 - 2008-05-31 00:41 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2015-01-23 09:59 - 2008-05-31 00:41 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2015-01-23 09:59 - 2008-05-31 00:41 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2015-01-23 09:59 - 2008-05-31 00:41 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2015-01-23 09:59 - 2008-03-06 02:34 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2015-01-23 09:59 - 2008-03-06 02:33 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2015-01-23 09:59 - 2008-03-06 02:33 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2015-01-23 09:59 - 2008-03-06 02:33 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2015-01-23 09:59 - 2008-03-06 02:30 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2015-01-23 09:59 - 2008-03-06 02:30 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2015-01-23 09:59 - 2008-03-06 02:26 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2015-01-23 09:59 - 2008-03-06 02:26 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2015-01-23 09:59 - 2008-03-06 02:26 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2015-01-23 09:59 - 2008-03-06 02:26 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2015-01-23 09:59 - 2008-02-06 09:37 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2015-01-23 09:59 - 2008-02-06 09:37 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2015-01-23 09:57 - 2008-05-31 00:41 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2015-01-23 09:57 - 2008-05-31 00:41 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2015-01-17 15:38 - 2015-01-17 15:38 - 00000000 ____D () C:\Users\sue\AppData\Local\Blizzard
2015-01-17 14:39 - 2015-03-11 13:26 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-17 14:39 - 2015-01-17 14:39 - 00001187 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-17 14:39 - 2015-01-17 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-17 14:34 - 2015-03-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-17 14:34 - 2015-01-17 14:34 - 00001150 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-17 14:34 - 2015-01-17 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-17 13:56 - 2015-01-17 13:59 - 02868792 _____ (Blizzard Entertainment) C:\Users\sue\Downloads\Battle.net-Setup-enUS.exe
2015-01-17 12:56 - 2015-01-17 13:01 - 03099552 _____ (Blizzard Entertainment) C:\Users\sue\Downloads\Hearthstone-Setup-enUS.exe
2015-01-14 02:02 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 02:02 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 02:02 - 2014-12-11 23:17 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 02:02 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 02:02 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 02:02 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-07 23:50 - 2015-01-07 23:51 - 00000000 ____D () C:\Users\sue\AppData\Local\Origin
2015-01-07 23:41 - 2015-01-07 23:41 - 00000985 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-01-07 23:41 - 2015-01-07 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-04 00:28 - 2015-01-04 00:28 - 00001797 _____ () C:\Users\sue\Desktop\Spotify.lnk
2015-01-04 00:28 - 2015-01-04 00:28 - 00001783 _____ () C:\Users\sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 00:18 - 2015-03-13 23:32 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Spotify
2015-01-03 23:04 - 2015-03-13 15:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-03 23:04 - 2015-01-03 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-03 12:22 - 2015-03-14 00:40 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 12:22 - 2015-03-13 23:28 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 12:22 - 2015-02-05 15:35 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-03 12:22 - 2015-02-05 15:35 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-03 12:05 - 2015-01-03 12:05 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 12:05 - 2014-09-27 05:12 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 12:05 - 2014-09-27 05:06 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-01 12:05 - 2014-09-27 05:06 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-01 12:05 - 2014-09-27 05:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-01 12:04 - 2015-01-01 12:05 - 00004714 _____ () C:\windows\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-01 11:56 - 2015-02-14 13:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-01 11:56 - 2015-01-01 11:56 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-01-01 11:56 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-31 01:49 - 2015-01-03 23:00 - 00000000 ____D () C:\Users\sue\AppData\Local\Deployment
2014-12-31 01:49 - 2014-12-31 01:49 - 00000000 ____D () C:\Users\sue\AppData\Local\Apps\2.0
2014-12-29 08:11 - 2014-12-29 08:11 - 00003114 _____ () C:\windows\System32\Tasks\{F3DDE7B3-10DE-467B-920B-F24886F4E5F8}
2014-12-29 08:10 - 2014-12-29 08:10 - 00003094 _____ () C:\windows\System32\Tasks\{AFDF4B86-A2CD-4F94-AF33-1F00CE160476}
2014-12-28 09:02 - 2015-01-04 01:16 - 00000000 __SHD () C:\Program Files (x86)\EcsXsibly
2014-12-28 08:53 - 2014-12-29 08:18 - 00000000 ____D () C:\Users\sue\AppData\Roaming\uTorrent
2014-12-26 08:37 - 2014-12-26 08:37 - 00000000 ____D () C:\Users\sue\.openvpn

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 01:00 - 2013-10-27 11:36 - 00000000 ____D () C:\FRST
2015-03-14 00:46 - 2013-09-22 14:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 00:45 - 2011-08-19 01:36 - 01697636 _____ () C:\windows\WindowsUpdate.log
2015-03-14 00:44 - 2012-09-18 21:39 - 00000920 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA.job
2015-03-14 00:39 - 2012-03-31 15:23 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA.job
2015-03-13 23:37 - 2009-07-14 10:15 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:37 - 2009-07-14 10:15 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 23:32 - 2012-11-02 22:50 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Skype
2015-03-13 23:32 - 2012-07-07 21:24 - 00000000 ____D () C:\ProgramData\Origin
2015-03-13 23:29 - 2012-07-07 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-13 23:29 - 2011-08-19 02:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-03-13 23:28 - 2011-08-19 02:46 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-13 23:28 - 2011-08-19 02:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-03-13 23:28 - 2011-08-19 02:35 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-13 23:27 - 2014-01-21 21:22 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-03-13 23:27 - 2011-08-19 04:28 - 00000000 ____D () C:\windows\ShellNew
2015-03-13 23:27 - 2011-08-19 02:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 23:27 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-13 22:07 - 2009-07-14 10:43 - 00006320 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-13 21:44 - 2012-09-18 21:39 - 00000898 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core.job
2015-03-13 18:54 - 2014-07-20 13:30 - 00000000 ____D () C:\Users\sue\AppData\Local\Battle.net
2015-03-13 16:28 - 2013-11-24 10:51 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cee8d511dea4f4.job
2015-03-13 15:39 - 2014-10-21 16:23 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cfed1d42acdcd1.job
2015-03-13 12:26 - 2012-03-18 22:37 - 00000000 ____D () C:\Users\sue\AppData\Local\CrashDumps
2015-03-13 11:42 - 2013-02-15 19:32 - 00000000 ____D () C:\ProgramData\WinZip
2015-03-13 11:07 - 2012-03-10 17:26 - 00000000 ____D () C:\Users\sue
2015-03-12 19:56 - 2012-03-19 21:14 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2015-03-12 18:36 - 2013-09-03 21:51 - 00000366 _____ () C:\Users\sue\AppData\Roaming\com.crackdat.crackdatsuite.xml
2015-03-12 18:36 - 2013-09-03 21:46 - 00000000 ____D () C:\Users\sue\AppData\Roaming\Crack the NBDE
2015-03-12 12:09 - 2009-07-14 10:38 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-12 10:32 - 2009-07-14 10:39 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-12 05:05 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\rescache
2015-03-12 04:05 - 2009-07-14 10:15 - 00420344 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 04:00 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 04:00 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 03:43 - 2012-12-04 06:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:28 - 2013-08-12 13:14 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 03:07 - 2012-09-04 21:19 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-12 01:07 - 2013-11-11 21:30 - 00458336 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2015-03-12 01:07 - 2013-11-11 21:30 - 00177864 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kneps.sys
2015-03-12 01:07 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klim6.sys
2015-03-06 19:41 - 2013-11-15 22:17 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-03-06 19:41 - 2013-11-15 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-06 19:41 - 2011-08-19 01:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-05 22:21 - 2014-11-30 22:04 - 00000000 ____D () C:\Users\sue\AppData\Local\Popcorn-Time
2015-03-05 19:16 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\tracing
2015-03-05 18:51 - 2014-03-21 16:07 - 00000000 ____D () C:\Users\sue\Desktop\MB
2015-02-25 22:18 - 2012-03-18 22:41 - 00000000 ____D () C:\Users\sue\AppData\Local\Nero
2015-02-24 04:17 - 2010-11-21 08:57 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-20 23:05 - 2009-07-14 11:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-20 12:29 - 2013-10-05 19:07 - 00000000 ____D () C:\Users\sue\Documents\nbde
2015-02-19 12:53 - 2013-09-13 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-19 12:53 - 2011-08-19 02:23 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 00:04 - 2014-01-10 21:39 - 00000000 ____D () C:\Users\sue\.android
2015-02-17 22:23 - 2009-07-14 08:50 - 00000000 ____D () C:\windows\system32\NDF
2015-02-14 20:57 - 2013-01-05 17:05 - 00000000 ____D () C:\Users\sue\AppData\Roaming\vlc
2015-02-12 17:35 - 2012-11-01 19:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 07:26 - 2014-12-12 10:58 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 07:26 - 2014-05-07 21:55 - 00000000 ___SD () C:\windows\system32\CompatTel

==================== Files in the root of some directories =======

2012-07-05 14:56 - 2012-07-05 14:56 - 0000476 _____ () C:\Program Files (x86)\none14561626.bat
2014-11-28 03:54 - 2014-11-28 04:08 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-09-03 21:51 - 2015-03-12 18:36 - 0000366 _____ () C:\Users\sue\AppData\Roaming\com.crackdat.crackdatsuite.xml
2014-07-27 15:52 - 2014-07-27 15:52 - 0000047 _____ () C:\Users\sue\AppData\Roaming\WB.CFG
2012-07-04 10:53 - 2012-02-01 15:03 - 3278888 _____ (Yahoo! Inc.) C:\Users\sue\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe
2012-06-22 16:49 - 2014-06-30 10:37 - 0006144 _____ () C:\Users\sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-05 22:22 - 2015-03-05 22:22 - 0854576 _____ () C:\Users\sue\AppData\Local\package.nw.new

Some content of TEMP:
====================
C:\Users\sue\AppData\Local\Temp\dllnt_dump.dll
C:\Users\sue\AppData\Local\Temp\Quarantine.exe
C:\Users\sue\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sue\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {a52a4aaa-c9fc-11e0-bc2a-e9921ab05d81}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {572bcd56-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {a52a4aaa-c9fc-11e0-bc2a-e9921ab05d81}
nx                      OptIn
detecthal               Yes
bootlog                 No

Resume from Hibernate
---------------------
identifier              {a52a4aaa-c9fc-11e0-bc2a-e9921ab05d81}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2015-03-05 19:54

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by sue at 2015-03-14 01:00:56
Running from C:\Users\sue\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
airtel (HKLM-x32\...\airtel) (Version: 21.005.11.01.284 - Huawei Technologies Co.,Ltd)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.45 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crack the NBDE 2015-2016 (HKLM-x32\...\Crack the NBDE) (Version: 2015-2016 - Crack Exam Preparation Software)
Crack the NBDE 5.1.5 (HKLM-x32\...\{D24A74DC-669A-4973-BA5B-A9DA2C7396A6}_is1) (Version:  - Crack NBDE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MBlaze (HKLM-x32\...\MBlaze) (Version: 21.005.11.00.656 - Huawei Technologies Co.,Ltd)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.0.0.2358 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 266.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.83 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.83 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spotify (HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.36.45 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\sue\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

21-01-2015 23:46:24 Scheduled Checkpoint
23-01-2015 09:57:20 Installed DirectX
23-01-2015 09:57:57 Installed DirectX
30-01-2015 10:48:05 Scheduled Checkpoint
03-02-2015 06:19:16 Windows Update
06-02-2015 12:55:24 Windows Update
06-02-2015 14:47:21 avast! antivirus system restore point
06-02-2015 15:50:35 Device Driver Package Install: Avast Network Service
06-02-2015 22:06:19 avast! antivirus system restore point
11-02-2015 22:04:21 Windows Update
12-02-2015 08:39:30 Norton_Power_Eraser_20150212083922410
12-02-2015 16:45:40 Windows Update
15-02-2015 19:19:39 Windows Update
17-02-2015 16:56:43 Device Driver Package Install: Google, Inc.
17-02-2015 22:48:20 Removed One Click Root
17-02-2015 23:03:03 Device Driver Package Install: Google, Inc. Android Phone
17-02-2015 23:03:23 Device Driver Package Install: Sony
17-02-2015 23:04:11 Device Driver Package Install: Sony Network adapters
17-02-2015 23:05:18 Device Driver Package Install: Google, Inc. Android Phone
18-02-2015 11:35:21 Removed WinZip 18.5
18-02-2015 11:58:03 Installed WinZip 19.0
20-02-2015 13:13:58 Removed Visual Studio 2010 x64 Redistributables
21-02-2015 10:40:51 Removed Java™ 6 Update 24 (64-bit)
03-03-2015 21:15:33 Windows Update
05-03-2015 18:42:43 Windows Update
11-03-2015 14:02:57 Windows Update
12-03-2015 03:01:16 Windows Update
13-03-2015 11:05:42 Removed WinZip 19.0
13-03-2015 22:31:11 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2013-10-26 22:36 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0651C1F8-9A8A-455A-8DB0-7E68C6D9FDF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03] (Google Inc.)
Task: {16EC079E-4FEC-46B0-8BB6-1B4A994AA2DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {1D1715AC-3CE7-4767-BADC-E49930C6800D} - System32\Tasks\{AFDF4B86-A2CD-4F94-AF33-1F00CE160476} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {2CFE5956-1096-4C96-8F8F-DF05A4141449} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {388746DB-837C-4A2B-AAE0-A8FA0BEE768C} - System32\Tasks\{2AA58FA8-D1E6-4890-8181-20E3988BDA6A} => pcalua.exe -a "C:\Users\sue\Downloads\Microsoft Office 2007 Enterprise + Serial Key  [420KRU]\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}\setup.exe" -d "C:\Users\sue\Downloads\Microsoft Office 2007 Enterprise + Serial Key  [420KRU]\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}"
Task: {3FF07FFB-5FBA-49AD-9FA3-B5330CDE236A} - System32\Tasks\{E3E5FAA6-2FDF-401C-9CD6-259E128E222C} => pcalua.exe -a "C:\Users\sue\Desktop\New folder\Sims3Setup.exe" -d "C:\Users\sue\Desktop\New folder"
Task: {582F5CFA-7A0C-485E-997B-56DB2D2AC9A8} - System32\Tasks\{11336415-1ABA-48CE-B20B-588B8C21AE81} => C:\pm2.exe
Task: {690BA4FB-64B0-4960-8F1C-3DD31D4DD726} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-03] (Google Inc.)
Task: {6A615EF3-7FD7-4553-B4B4-6550CDE4FC5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-21] (Piriform Ltd)
Task: {6B688A24-44AE-4F5A-90A3-5AD42B12DC8F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core => C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-18] (Facebook Inc.)
Task: {90884575-BB20-49A1-9091-5DC02E7C395D} - System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001 => Chrome.exe
Task: {B11C0941-F947-4AD1-9260-B303E548E161} - System32\Tasks\{F172F6B1-D128-4679-8674-E94559C67BFB} => C:\pm2.exe
Task: {B52BD4CA-FB9C-4231-8F6E-8ADB1EBBEAF3} - System32\Tasks\{E4908CB8-FB6C-4DC6-BEC5-BCC10FF7E4D0} => C:\pm2.exe
Task: {B6ACDD42-4759-4F87-A050-A2D789DE5F0B} - System32\Tasks\{1D01465E-5BD3-48B3-8998-8934E8A9A243} => pcalua.exe -a D:\Sims3Setup.exe -d D:\
Task: {BBDA1789-E31C-48DA-8E6E-577C263BCEF1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BC7E88D1-F715-4EB3-B056-AA01270E2320} - System32\Tasks\{055951E5-3B54-4C46-99CB-031BE3773B1E} => pcalua.exe -a "C:\Users\sue\Videos\Microsoft Office 2007 Enterprise- Fully Activated-hasim751\Office 2007 Enterprise\Setup\setup.exe" -d "C:\Users\sue\Videos\Microsoft Office 2007 Enterprise- Fully Activated-hasim751\Office 2007 Enterprise\Setup"
Task: {E7870D97-E628-4681-8195-F278D7248CB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cee8d511dea4f4 => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E81148EE-E534-41F3-80D3-BEC11460C080} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cfed1d42acdcd1 => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E90CC881-687C-4C39-A212-512D64286AEB} - System32\Tasks\{F3DDE7B3-10DE-467B-920B-F24886F4E5F8} => pcalua.exe -a C:\Users\sue\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {EB1624BC-4518-4A8A-9E54-9625E27AC042} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2312021400-1013561349-3986411154-1001
Task: {F0EEACCA-5FAB-4B67-AC61-BCC08C04438E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F286F318-21C0-41D1-B3EA-569ECBDBCA93} - System32\Tasks\{A7DC1597-41F6-48C2-A695-D83B52B4D10E} => C:\Users\sue\Downloads\HARRY.POTTER.ATGOF.V1.0.ENG.DEVIANCE.NOCD\gof_f.exe
Task: {F62F38BE-357D-43B2-A137-DE6E3F0BC459} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA => C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-18] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core.job => C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA.job => C:\Users\sue\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cee8d511dea4f4.job => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001Core1cfed1d42acdcd1.job => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2312021400-1013561349-3986411154-1001UA.job => C:\Users\sue\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-08-19 02:35 - 2011-08-18 20:35 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-08-19 04:13 - 2011-04-11 00:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-10-18 09:51 - 2014-10-18 09:51 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ad4c4edfdad8e430af19da64ab282d96\IsdiInterop.ni.dll
2011-08-19 01:46 - 2010-11-06 10:20 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-20 18:20 - 2012-12-20 18:20 - 00068616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\QtWebKit\qmlwebkitplugin4.dll
2014-12-03 23:36 - 2014-12-03 23:36 - 00305544 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-07-28 02:21 - 2012-07-28 02:21 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
2015-03-13 15:45 - 2015-03-07 11:42 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 15:45 - 2015-03-07 11:42 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 15:45 - 2015-03-07 11:43 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D16097E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sue\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2312021400-1013561349-3986411154-500 - Administrator - Disabled)
Guest (S-1-5-21-2312021400-1013561349-3986411154-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2312021400-1013561349-3986411154-1003 - Limited - Enabled)
sue (S-1-5-21-2312021400-1013561349-3986411154-1001 - Administrator - Enabled) => C:\Users\sue
UpdatusUser (S-1-5-21-2312021400-1013561349-3986411154-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 11:29:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 11:28:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (03/13/2015 10:31:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service hLgRxZASduw since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2015 10:31:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 360FsFlt mini-filter driver.

System Error:
The system cannot find the file specified.
.

Error: (03/13/2015 10:31:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 360Safe Anti Hacker Service.

System Error:
The system cannot find the file specified.
.

Error: (03/13/2015 10:07:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/13/2015 10:07:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/13/2015 00:26:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x16a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/13/2015 10:09:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/13/2015 10:09:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (03/13/2015 11:28:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/13/2015 08:37:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The hLgRxZASduw service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/13/2015 08:36:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/13/2015 00:30:09 PM) (Source: DCOM) (EventID: 10016) (User: sue-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}sue-PCsueS-1-5-21-2312021400-1013561349-3986411154-1001LocalHost (Using LRPC)

Error: (03/13/2015 00:30:09 PM) (Source: DCOM) (EventID: 10016) (User: sue-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}sue-PCsueS-1-5-21-2312021400-1013561349-3986411154-1001LocalHost (Using LRPC)

Error: (03/13/2015 00:00:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The hLgRxZASduw service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/13/2015 11:59:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/13/2015 11:23:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/12/2015 11:40:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.

Error: (03/12/2015 11:37:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Microsoft Office Sessions:
=========================
Error: (10/04/2013 09:15:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9417 seconds with 1800 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-03-11 21:57:12.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-11 21:57:12.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-11 21:57:12.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-11 21:57:12.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-26 22:23:10.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-26 22:23:10.052
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 6051.16 MB
Available physical RAM: 3023.59 MB
Total Pagefile: 12100.52 MB
Available Pagefile: 8255.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:406.76 GB) (Free:49.53 GB) NTFS
Drive e: (Data) (Fixed) (Total:174.66 GB) (Free:141.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2FE55CCE)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=174.7 GB) - (Type=OF Extended)

==================== End Of Log ============================



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 13 March 2015 - 03:36 PM

Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   8.37KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Run Eset Online Scan
Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

 

All browsers should be closed.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
  • Make sure that the option Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 suez6

suez6
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 15 March 2015 - 03:34 AM

Hi,

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by sue at 2015-03-14 10:32:43 Run:1
Running from C:\Users\sue\Downloads\FRST
Loaded Profiles: UpdatusUser & sue (Available profiles: UpdatusUser & sue)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.0.2.17
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=ns&pvid=22.0.2.17
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> DefaultScope {22BA4677-BEAA-4DF1-BD97-43F16B4F8976} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B014IN0D20141127&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> {22BA4677-BEAA-4DF1-BD97-43F16B4F8976} URL = https://in.search.yahoo.com/search?fr=mcafee&type=B014IN0D20141127&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: No Name -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} ->  No File
Toolbar: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (YouTube) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (Norton Safe) - C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-01-04]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fooihgffjknjfdidhkpgeibbipkjlhpn] - C:\Users\sue\AppData\Local\Temp\ccex.crx [Not Found]
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-03] (AVG Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files (x86)\360
2015-02-17 21:50 - 2015-02-17 21:50 - 00000000 ____D () C:\Users\sue\AppData\Roaming\HMYGSetting
2015-02-10 13:04 - 2015-02-18 12:22 - 00027648 ___SH () C:\Users\sue\Downloads\Thumbs.db
2015-02-06 22:11 - 2015-02-06 23:12 - 211811872 _____ (Symantec Corporation) C:\Users\sue\Downloads\N360-TW-21.1.0-EN-ROW.exe
2015-02-06 20:26 - 2015-02-06 20:26 - 00000197 _____ () C:\windows\system32\2015-02-06-14-56-50.005-AvastVBoxSVC.exe-7660.log
2015-02-06 17:10 - 2015-02-06 17:10 - 00000197 _____ () C:\windows\system32\2015-02-06-11-40-50.032-AvastVBoxSVC.exe-6852.log
2015-02-06 16:24 - 2015-02-06 16:25 - 00003270 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001
2015-02-06 16:06 - 2015-02-06 16:06 - 00000247 _____ () C:\windows\system32\2015-02-06-10-36-03.099-aswFe.exe-17364.log
2015-02-06 15:58 - 2015-02-06 16:05 - 00000247 _____ () C:\windows\system32\2015-02-06-10-28-52.067-aswFe.exe-18168.log
2015-02-06 15:58 - 2015-02-06 15:58 - 00000197 _____ () C:\windows\system32\2015-02-06-10-28-47.088-AvastVBoxSVC.exe-14772.log
2015-02-06 14:43 - 2015-02-07 14:07 - 00000000 ____D () C:\ProgramData\AVAST Software
C:\Program Files (x86)\none14561626.bat
C:\Users\sue\AppData\Roaming\com.crackdat.crackdatsuite.xml
2012-07-04 10:53 - 2012-02-01 15:03 - 3278888 _____ (Yahoo! Inc.) C:\Users\sue\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe
C:\Users\sue\AppData\Local\Temp\dllnt_dump.dll
C:\Users\sue\AppData\Local\Temp\Quarantine.exe
C:\Users\sue\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sue\AppData\Local\Temp\sqlite3.dll

CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\sue\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\sue\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {1D1715AC-3CE7-4767-BADC-E49930C6800D} - System32\Tasks\{AFDF4B86-A2CD-4F94-AF33-1F00CE160476} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {90884575-BB20-49A1-9091-5DC02E7C395D} - System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001 => Chrome.exe
AlternateDataStreams: C:\ProgramData\Temp:D16097E4
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

 

 

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value not found.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully.
HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22BA4677-BEAA-4DF1-BD97-43F16B4F8976}" => Key deleted successfully.
HKCR\CLSID\{22BA4677-BEAA-4DF1-BD97-43F16B4F8976} => Key not found.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully.
HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DB059B3-DD36-4a55-846C-59BE42A1202A}" => Key deleted successfully.
HKCR\CLSID\{9DB059B3-DD36-4a55-846C-59BE42A1202A} => Key not found.
HKU\S-1-5-21-2312021400-1013561349-3986411154-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\agbnjankikoaabjkmfbaceggjliabkbn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fooihgffjknjfdidhkpgeibbipkjlhpn" => Key deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
catchme => Service deleted successfully.
C:\Program Files (x86)\360 => Moved successfully.
C:\Users\sue\AppData\Roaming\HMYGSetting => Moved successfully.
C:\Users\sue\Downloads\Thumbs.db => Moved successfully.
C:\Users\sue\Downloads\N360-TW-21.1.0-EN-ROW.exe => Moved successfully.
C:\windows\system32\2015-02-06-14-56-50.005-AvastVBoxSVC.exe-7660.log => Moved successfully.
C:\windows\system32\2015-02-06-11-40-50.032-AvastVBoxSVC.exe-6852.log => Moved successfully.
C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001 => Moved successfully.
C:\windows\system32\2015-02-06-10-36-03.099-aswFe.exe-17364.log => Moved successfully.
C:\windows\system32\2015-02-06-10-28-52.067-aswFe.exe-18168.log => Moved successfully.
C:\windows\system32\2015-02-06-10-28-47.088-AvastVBoxSVC.exe-14772.log => Moved successfully.
C:\ProgramData\AVAST Software => Moved successfully.
C:\Program Files (x86)\none14561626.bat => Moved successfully.
C:\Users\sue\AppData\Roaming\com.crackdat.crackdatsuite.xml => Moved successfully.
C:\Users\sue\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe => Moved successfully.
C:\Users\sue\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\sue\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\sue\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\sue\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-2312021400-1013561349-3986411154-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D1715AC-3CE7-4767-BADC-E49930C6800D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D1715AC-3CE7-4767-BADC-E49930C6800D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AFDF4B86-A2CD-4F94-AF33-1F00CE160476} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AFDF4B86-A2CD-4F94-AF33-1F00CE160476}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90884575-BB20-49A1-9091-5DC02E7C395D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90884575-BB20-49A1-9091-5DC02E7C395D}" => Key deleted successfully.
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-2312021400-1013561349-3986411154-1001" => Key deleted successfully.
C:\ProgramData\Temp => ":D16097E4" ADS removed successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 685 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:35:38 ====

 

 

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 16:32:22
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : sue - SUE-PC
# Running from : C:\Users\sue\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : wpnfd_1_10_0_4

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\Users\sue\AppData\Local\ZombieNews
File Deleted : C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\sue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : PastaQuotes

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.4

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v40.0.2214.115

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R3].txt - [1560 bytes] - [12/03/2015 16:30:24]
AdwCleaner[S3].txt - [1511 bytes] - [12/03/2015 16:32:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1570  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by sue on 14-03-2015 at 10:45:57.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\sue\AppData\Roaming\pcdr"
Successfully deleted: [Empty Folder] C:\Users\sue\appdata\local\{44803D9B-264E-47C3-A948-DF7E24B65865}
Successfully deleted: [Empty Folder] C:\Users\sue\appdata\local\{A4B41919-D0B5-440D-A60D-546BE78D1141}
Successfully deleted: [Empty Folder] C:\Users\sue\appdata\local\{BCF5B213-3CD0-48FD-A7EE-46DB6D1994A2}
Successfully deleted: [Empty Folder] C:\Users\sue\appdata\local\{E5A0970B-75E7-4AA7-AEE8-2B223FBE2689}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\sue\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14-03-2015 at 10:50:48.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


eset online scan found no threats



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 15 March 2015 - 07:27 AM

Perfeckt :thumbup2:

 

Please do the following,

 

ComboFix run:

Please be sure to run our tools with administrator rights.

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users