Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE infection and possible ransomware?


  • This topic is locked This topic is locked
13 replies to this topic

#1 miztrniceguy

miztrniceguy

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 24 March 2015 - 11:17 AM

MBAM scan clean, MSE full scan under way. Ran RKILL before the scans. I now have FRST scan log and Addition log

 

Scan result of Farbar Recovery Scan

Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Lizzie (administrator) on LIZZIE_PC on 24-03-2015 11:09:23

Running from C:\Users\Lizzie\Desktop

Loaded Profiles: Lizzie (Available profiles: Lizzie & Michael)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Bleeping Computer, LLC) C:\Users\Michael\Desktop\rkill.exe

(Bleeping Computer, LLC) C:\Users\Michael\Desktop\rkill64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(ASUS) C:\Windows\AsScrPro.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1915614820-850652913-360261026-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)

HKU\S-1-5-21-1915614820-850652913-360261026-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-1915614820-850652913-360261026-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)

AppInit_DLLs-x32: c:\progra~2\magnipic\sprote~1.dll => "c:\progra~2\magnipic\sprote~1.dll" File Not Found

Startup: C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

HKLM\...\AppCertDlls: [makeutou] -> C:\Windows\system32\icacecab.dll

HKLM\...\AppCertDlls: [findvaws] -> C:\Windows\system32\icacecab64.dll

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1915614820-850652913-360261026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721

HKU\S-1-5-21-1915614820-850652913-360261026-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> {A2A0EEB6-E8AC-49C3-A17C-E3EF7CA2A643} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =

SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)

BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18] (Adobe Systems Incorporated)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)

Toolbar: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-03-21] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079

FF DefaultSearchEngine: Google

FF Homepage: file:///D:/system%20items/backups/bookmarks/homepage.html

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-04-03] (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-04-03] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1915614820-850652913-360261026-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lizzie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-21] (Citrix Online)

FF Plugin HKU\S-1-5-21-1915614820-850652913-360261026-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lizzie\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-1915614820-850652913-360261026-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lizzie\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-1915614820-850652913-360261026-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)

FF user.js: detected! => C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\user.js [2012-06-12]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\searchplugins\wot-safe-search.xml [2012-07-14]

FF Extension: DoNotTrackPlus - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\donottrackplus@abine.com [2012-08-31]

FF Extension: WOT - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-09-20]

FF Extension: Add to Amazon Wish List Button - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\amznUWL2@amazon.com.xpi [2012-10-03]

FF Extension: RSS Icon in url bar - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\rssicon.vaka@gmail.com.xpi [2012-07-12]

FF Extension: YouTube Unblocker - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2012-07-12]

FF Extension: NoScript - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-19]

FF Extension: LeechBlock - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2012-07-12]

FF Extension: Adblock Plus - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-03]

FF Extension: Tweet Context - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\TweetContext@loucypher [2015-02-12]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-23]

FF Extension: Roomy Bookmarks Toolbar - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\ALone-live@ya.ru.xpi [2015-01-27]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\amznUWL2@amazon.com.xpi [2015-01-05]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\facebook@disconnect.me.xpi [2015-01-23]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2015-01-05]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\vwof@drev.com.xpi [2015-01-29]

FF Extension: No Name - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-01-03]

FF Extension: Adblock Plus - C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-23]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-20]

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

CHR Profile: C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-20]

CHR Extension: (Add to Amazon Wish List) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-05-20]

CHR Extension: (Pinboard.in 'Save a Bookmark' button) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\geojpngopndpffccbfgekncdgmgchmgh [2014-05-20]

CHR Extension: (Pin It Button) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-20]

CHR Extension: (Adblock for Facebook™) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2014-05-20]

CHR Extension: (StayFocusd) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-05-20]

CHR Extension: (feedly) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2014-05-20]

CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-05-20]

CHR Extension: (Google Wallet) - C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-11] (SUPERAntiSpyware.com)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-20] (Adobe Systems) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

S4 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [641352 2013-05-31] (Apple Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)

R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-10] (Qualcomm Atheros) [File not signed]

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]

S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S4 HPSLPSVC; C:\Users\Michael\AppData\Local\Temp\7zS3091\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [98480 2014-11-18] (Qualcomm Atheros, Inc.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-24] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2009-12-17] (Sun Microsystems, Inc.)

S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-09-07] (Oracle Corporation)

S3 ALSysIO; \??\C:\Users\Lizzie\AppData\Local\Temp\ALSysIO64.sys [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]

S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

U3 wampapache64; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-24 11:09 - 2015-03-24 11:09 - 02095616 _____ (Farbar) C:\Users\Lizzie\Desktop\FRST64.exe

2015-03-24 11:09 - 2015-03-24 11:09 - 00031289 _____ () C:\Users\Lizzie\Desktop\FRST.txt

2015-03-24 11:09 - 2015-03-24 11:09 - 00000000 ____D () C:\FRST

2015-03-24 10:17 - 2015-03-24 11:09 - 00003352 _____ () C:\Users\Lizzie\Desktop\Rkill.txt

2015-03-24 10:17 - 2015-03-24 10:17 - 00000000 ____D () C:\Users\Lizzie\Desktop\rkill

2015-03-23 14:53 - 2015-03-23 14:53 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-03-23 14:53 - 2015-03-23 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-03-23 14:52 - 2015-03-24 11:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-23 14:52 - 2015-03-24 08:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-23 14:52 - 2015-03-23 14:52 - 00880208 _____ (Google Inc.) C:\Users\Lizzie\Desktop\ChromeSetup.exe

2015-03-23 14:52 - 2015-03-23 14:52 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-03-23 14:52 - 2015-03-23 14:52 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-03-15 18:55 - 2015-03-15 18:55 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\bookkeeping

2015-03-09 13:32 - 2015-03-09 13:32 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\WDC

2015-03-07 15:16 - 2015-03-07 15:57 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\mp3tagpro

2015-03-07 12:01 - 2015-03-07 12:01 - 00000000 ____D () C:\Users\Lizzie\AppData\Local\MediaMonkey

2015-03-07 12:00 - 2015-03-07 14:43 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\MediaMonkey

2015-02-28 21:04 - 2015-03-24 11:00 - 00001848 _____ () C:\Windows\setupact.log

2015-02-28 21:04 - 2015-02-28 21:04 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-28 21:03 - 2015-03-23 22:53 - 00001470 _____ () C:\Windows\PFRO.log

2015-02-28 20:49 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-28 20:49 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-02-28 20:26 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-28 20:26 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-28 20:26 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-28 20:26 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-28 20:26 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-28 20:26 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-28 20:26 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-28 20:26 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-28 20:26 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-28 20:26 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-28 20:26 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-28 20:26 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-28 20:26 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-28 20:26 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-28 20:26 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-28 20:26 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-28 20:26 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-28 20:26 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-28 20:26 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-28 20:26 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-28 20:26 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-28 20:26 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-28 20:26 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-28 20:26 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-28 20:26 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-28 20:26 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-28 20:26 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-28 20:26 - 2015-01-11 20:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-28 20:26 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-28 20:26 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-28 20:26 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-28 20:26 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-28 20:26 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-28 20:26 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-28 20:26 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-28 20:26 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-28 20:26 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-28 20:26 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-28 20:26 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-28 20:26 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-28 20:26 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-28 20:26 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-28 20:25 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-28 20:25 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-28 20:25 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-28 20:25 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-28 20:25 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-28 20:25 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-28 20:25 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-28 20:25 - 2015-01-11 21:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-28 20:25 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-28 20:25 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-28 20:25 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-28 20:25 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-28 20:25 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-28 20:25 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-28 20:25 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-28 20:25 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-28 20:25 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-28 20:25 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-28 20:25 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-28 20:25 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-28 20:25 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-28 20:24 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-28 20:24 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-28 20:24 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-02-28 20:24 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-02-28 20:24 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-02-28 20:24 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-02-28 20:24 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-02-28 20:24 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-02-28 20:24 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-28 20:24 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-02-28 20:24 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-28 20:24 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-02-28 20:24 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-02-28 20:24 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-02-28 20:24 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-02-28 20:24 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-02-28 20:24 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-02-28 20:24 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-28 20:24 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-28 20:24 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-02-28 20:24 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-02-28 20:24 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-02-28 20:24 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-02-28 20:24 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-02-28 20:24 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-28 20:24 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-02-28 20:24 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-28 20:24 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2015-02-28 20:24 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-02-28 20:24 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-02-28 20:24 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-02-28 20:24 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-02-28 20:21 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-28 20:21 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-26 09:21 - 2015-02-26 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-02-25 16:39 - 2015-02-25 16:39 - 00000000 __SHD () C:\Users\Lizzie\AppData\Local\EmieBrowserModeList

2015-02-25 16:39 - 2015-02-25 16:39 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Oberon Media

2015-02-25 16:39 - 2015-02-25 16:39 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay

2015-02-25 16:39 - 2015-02-25 16:39 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR

2015-02-25 16:39 - 2015-02-25 16:39 - 00000000 ____D () C:\Program Files (x86)\GamesBar

2015-02-25 12:15 - 2015-03-07 23:23 - 00000658 _____ () C:\Users\Lizzie\Desktop\SearchMyFiles.exe - Shortcut.lnk

2015-02-24 22:11 - 2015-02-24 22:11 - 00035720 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS

2015-02-24 12:21 - 2015-02-24 12:34 - 00000000 ____D () C:\Program Files\SyncToy 2.1

2015-02-23 15:36 - 2015-03-24 04:00 - 00000484 _____ () C:\Windows\Tasks\Macrium-Backup-{BA0D16D4-7264-4345-8ACB-06CAD34BE59C}.job

2015-02-23 15:36 - 2015-02-23 15:36 - 00003254 _____ () C:\Windows\System32\Tasks\Macrium-Backup-{BA0D16D4-7264-4345-8ACB-06CAD34BE59C}

2015-02-23 15:35 - 2015-02-23 15:36 - 00000000 ____D () C:\Users\Lizzie\Documents\Reflect

2015-02-23 09:08 - 2015-02-23 08:41 - 00169480 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys

2015-02-22 19:57 - 2015-02-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium

2015-02-22 19:57 - 2015-02-22 19:57 - 00000000 ____D () C:\Program Files\Macrium

2015-02-22 19:56 - 2015-02-22 19:58 - 00386630 _____ () C:\Reflect_Install.log

2015-02-22 19:51 - 2015-02-23 14:25 - 00000000 ____D () C:\ProgramData\Macrium

2015-02-22 12:20 - 2015-02-22 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital

2015-02-22 12:20 - 2015-02-22 13:19 - 00000000 ____D () C:\Program Files (x86)\Western Digital

2015-02-22 12:20 - 2015-02-22 12:21 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\com.wd.WDMyCloud

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-24 11:08 - 2013-08-05 13:37 - 01153888 _____ () C:\Windows\WindowsUpdate.log

2015-03-24 11:08 - 2009-07-13 23:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-24 11:08 - 2009-07-13 23:45 - 00015072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-24 11:02 - 2014-04-11 10:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-24 11:01 - 2012-09-21 23:52 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-24 11:00 - 2013-02-05 17:15 - 00000376 ____H () C:\Windows\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E}.job

2015-03-24 11:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-24 10:42 - 2012-07-11 13:44 - 00001317 _____ () C:\Windows\MultiTimer.ini

2015-03-23 22:25 - 2012-07-11 15:58 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\EditPlus 3

2015-03-23 20:59 - 2012-10-13 14:37 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Skype

2015-03-23 14:53 - 2011-04-01 23:36 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-23 13:30 - 2012-07-10 22:25 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2A43E7B2-5999-4A4C-A8E8-749E1236B0E5}

2015-03-23 11:51 - 2012-07-11 13:53 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\KeePass

2015-03-22 23:58 - 2012-07-11 15:48 - 00000000 ____D () C:\Users\Lizzie\Documents\My Digital Editions

2015-03-18 19:38 - 2011-09-14 17:35 - 00000000 ____D () C:\ProgramData\Temp

2015-03-17 17:57 - 2009-07-14 00:13 - 00802042 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-16 15:39 - 2012-07-11 13:41 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-03-16 15:39 - 2012-07-11 13:41 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Dropbox

2015-03-16 13:51 - 2012-07-11 13:30 - 00000000 ____D () C:\Users\Lizzie\Documents\My Kindle Content

2015-03-15 18:55 - 2012-07-11 15:25 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\security & cleanup

2015-03-15 18:55 - 2012-07-11 15:23 - 00000000 ___RD () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\occasional

2015-03-15 18:54 - 2012-07-11 13:21 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2015-03-10 12:41 - 2012-07-19 18:49 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2015-03-10 00:09 - 2012-05-18 06:45 - 00000000 ____D () C:\Program Files\Core Temp

2015-03-05 16:04 - 2012-07-31 19:23 - 00000000 ____D () C:\Users\Lizzie\.kindle

2015-03-04 10:48 - 2012-04-11 21:10 - 00177800 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-04 10:47 - 2013-07-30 10:49 - 00000000 ___RD () C:\Users\Michael\Virtual Machines

2015-03-04 10:42 - 2009-07-13 23:45 - 01106576 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-03 23:33 - 2013-04-16 15:41 - 00270256 ____H () C:\Windows\SysWOW64\mlfcache.dat

2015-03-03 22:28 - 2012-04-03 19:10 - 00177800 _____ () C:\Users\Lizzie\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-03 08:17 - 2012-04-05 14:54 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-03-01 01:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2015-02-28 21:07 - 2011-09-14 17:33 - 00003274 _____ () C:\Windows\system32\AutoRunFilter.ini

2015-02-28 21:03 - 2011-04-01 23:45 - 00000000 ____D () C:\Windows\en

2015-02-28 21:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-28 20:47 - 2012-07-18 10:27 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-28 20:47 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini

2015-02-28 20:39 - 2014-12-29 13:02 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-02-28 20:39 - 2012-04-25 13:39 - 00001945 _____ () C:\Windows\epplauncher.mif

2015-02-28 20:38 - 2012-04-25 13:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-28 20:38 - 2012-04-25 13:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2015-02-28 20:37 - 2014-05-30 12:14 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-26 13:56 - 2014-08-18 14:41 - 00001220 _____ () C:\Users\Lizzie\Desktop\homepage.html - Shortcut.lnk

2015-02-26 09:53 - 2012-07-11 15:58 - 00000000 ____D () C:\Program Files (x86)\EditPlus 3

2015-02-26 09:21 - 2012-04-08 22:51 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-25 16:43 - 2012-07-11 15:53 - 00000000 ___RD () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\games

2015-02-25 16:40 - 2012-07-11 13:09 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-02-25 16:39 - 2013-08-30 16:04 - 00000000 ____D () C:\ProgramData\Oberon Media

2015-02-25 11:04 - 2013-03-10 08:08 - 00000000 ____D () C:\Users\Lizzie\AppData\Roaming\EssentialPIM

2015-02-24 11:26 - 2012-07-19 22:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer

2015-02-23 14:14 - 2011-09-14 17:33 - 00001727 _____ () C:\Windows\system32\ServiceFilter.ini

2015-02-23 14:13 - 2013-11-29 10:03 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f752744d-b208-4c7a-998e-27a17bdf8ac1.job

2015-02-22 13:20 - 2012-08-15 10:36 - 00000000 ____D () C:\ProgramData\Western Digital

2015-02-22 12:20 - 2012-08-15 10:38 - 00000000 ____D () C:\Users\Lizzie\AppData\Local\Western Digital

2015-02-22 11:22 - 2011-09-14 17:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-02-22 11:21 - 2011-09-14 17:35 - 00000000 ____D () C:\ProgramData\CyberLink

2015-02-22 11:19 - 2014-08-15 12:07 - 00000000 ____D () C:\ProgramData\NCH Software

2015-02-22 11:13 - 2012-09-10 11:34 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-02-22 11:11 - 2014-09-10 23:02 - 00003346 _____ () C:\Windows\System32\Tasks\{2A8036B5-FD9C-4584-9C9E-31AEFF20E1E5}

2015-02-22 11:11 - 2014-09-10 23:00 - 00003150 _____ () C:\Windows\System32\Tasks\{E564A49C-6821-4E68-A709-B4770C1C36E9}

2015-02-22 11:11 - 2013-11-29 10:03 - 00003522 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f752744d-b208-4c7a-998e-27a17bdf8ac1

2015-02-22 11:11 - 2013-08-20 13:07 - 00002738 _____ () C:\Windows\System32\Tasks\Core Temp Autostart Lizzie

2015-02-22 11:11 - 2012-04-03 22:04 - 00003068 _____ () C:\Windows\System32\Tasks\ACMON

2015-02-22 11:11 - 2011-09-14 17:32 - 00003042 _____ () C:\Windows\System32\Tasks\ASUS P4G

==================== Files in the root of some directories =======

2012-06-24 11:55 - 2012-01-19 14:30 - 0536576 _____ () C:\Program Files\1026.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0413696 _____ () C:\Program Files\1028.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0339968 _____ () C:\Program Files\1029.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0225280 _____ () C:\Program Files\1030.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0245760 _____ () C:\Program Files\1031.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0610304 _____ () C:\Program Files\1032.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0020480 _____ () C:\Program Files\1033.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0241664 _____ () C:\Program Files\1034.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0258048 _____ () C:\Program Files\1036.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0348160 _____ () C:\Program Files\1038.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0229376 _____ () C:\Program Files\1040.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0573440 _____ () C:\Program Files\1041.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 1187840 _____ () C:\Program Files\1042.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0217088 _____ () C:\Program Files\1043.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0282624 _____ () C:\Program Files\1045.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0245760 _____ () C:\Program Files\1046.mst

2012-06-24 11:55 - 2012-01-19 14:30 - 0532480 _____ () C:\Program Files\1049.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0335872 _____ () C:\Program Files\1051.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0241664 _____ () C:\Program Files\1053.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0331776 _____ () C:\Program Files\1055.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0462848 _____ () C:\Program Files\1058.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0180224 _____ () C:\Program Files\1061.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0487424 _____ () C:\Program Files\1066.mst

2012-06-24 11:54 - 2012-01-19 14:30 - 0409600 _____ () C:\Program Files\2052.mst

2012-06-24 11:54 - 2012-01-19 16:58 - 8075264 _____ () C:\Program Files\ABBYY FineReader 11.msi

2012-06-24 11:54 - 2012-01-19 14:27 - 1133320 _____ (ABBYY) C:\Program Files\AutoRun.exe

2012-06-24 11:54 - 2011-05-17 20:16 - 0000093 _____ () C:\Program Files\AutoRun.inf

2012-06-24 11:54 - 2012-01-19 14:29 - 84304131 _____ () C:\Program Files\Bin.cab

2012-06-24 11:54 - 2012-01-19 14:30 - 32507759 _____ () C:\Program Files\DictLang.cab

2012-06-24 11:54 - 2009-07-07 18:12 - 1822520 _____ (Microsoft Corporation) C:\Program Files\instmsiw.exe

2012-06-24 11:54 - 2012-01-19 14:23 - 0634632 _____ (ABBYY) C:\Program Files\Setup.exe

2012-06-24 11:54 - 2011-07-21 14:55 - 0000563 _____ () C:\Program Files\setup.ini

2012-06-24 11:54 - 2009-07-07 18:12 - 0245408 _____ (Microsoft Corporation) C:\Program Files\unicows.dll

2012-11-09 13:11 - 2012-11-09 13:11 - 0000000 _____ () C:\Program Files (x86)\GUT2C7F.tmp

2012-11-09 13:10 - 2012-11-09 13:10 - 0000000 _____ () C:\Program Files (x86)\GUT4BD2.tmp

2012-11-09 13:05 - 2012-11-09 13:05 - 0000000 _____ () C:\Program Files (x86)\GUTA20C.tmp

2013-06-30 15:08 - 2013-06-30 15:29 - 0000379 _____ () C:\Users\Lizzie\AppData\Roaming\burnaware.ini

2015-02-11 09:45 - 2015-02-11 09:45 - 0000000 _____ () C:\Users\Lizzie\AppData\Local\BluetoothPresent.flag

2015-02-11 09:45 - 2015-02-11 09:45 - 0000000 _____ () C:\Users\Lizzie\AppData\Local\Driver_Jupiter_01Present.flag

2013-04-21 00:09 - 2013-04-21 00:09 - 0001805 _____ () C:\Users\Lizzie\AppData\Local\recently-used.xbel

2013-08-05 13:21 - 2013-08-05 13:21 - 0000017 _____ () C:\Users\Lizzie\AppData\Local\resmon.resmoncfg

2012-10-08 11:28 - 2012-10-08 11:28 - 0004958 _____ () C:\ProgramData\jmwgqlqm.fzc

2012-10-09 16:16 - 2014-04-12 11:17 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2011-09-14 17:36 - 2011-09-14 17:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2011-09-14 17:35 - 2011-09-14 17:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:

====================

C:\Users\Lizzie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpowipzm.dll

C:\Users\Lizzie\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Lizzie\AppData\Local\Temp\swt-win32-3452.dll

C:\Users\Michael\AppData\Local\Temp\Quarantine.exe

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-03-22 12:48

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lizzie at 2015-03-24 11:10:29
Running from C:\Users\Lizzie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.6 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
A-PDF Restrictions Remover (HKLM-x32\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG_Basic (HKLM-x32\...\AsusScr_K3 Series_ENG_Basic) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Atlantis Word Processor (HKLM-x32\...\Atlantis Word Processor) (Version:  - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudioEdit Deluxe (HKLM-x32\...\AudioEdit Deluxe) (Version:  - Mystik Media)
AudioEdit Deluxe (x32 Version: 4.x - Mystik Media) Hidden
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm (remove only) (HKLM-x32\...\Bookworm) (Version:  - )
Brother MFL-Pro Suite MFC-J630W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre (HKLM-x32\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CuteFTP 7 Professional (HKLM-x32\...\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}) (Version: 7.10.0000 - GlobalSCAPE)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1915614820-850652913-360261026-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eBook USB Driver (HKLM-x32\...\{134EBB5C-7B48-4702-B25D-89B6EC4A1FDC}) (Version: 3.0.0.0 - eBook Technologies)
eBookwise Librarian (HKLM-x32\...\{C453BA8C-5916-4A00-8C9C-04C9E01F08D4}) (Version: 2.0.61 - breeno.org/eBook/)
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version:  - ES-Computing)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.8 - ASUS)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Font Properties Editor ® (Remove Only) (HKLM-x32\...\FPEditR) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iPod for Windows 2006-03-23 (HKLM-x32\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-03-23 (x32 Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest (HKLM-x32\...\110194827) (Version:  - Oberon Media)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.15 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
KindlePreviewer (HKU\S-1-5-21-1915614820-850652913-360261026-1000\...\KindlePreviewer) (Version: 2.9 - Amazon)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.0.476 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Monkey Merge (HKLM-x32\...\Monkey Merge_is1) (Version:  - MonkeyJob Systems)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenSSL 1.0.1f Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Pattern Maker for cross stitch - v4 (Pro) (HKLM-x32\...\{9CE2B4FB-8127-4058-B028-C5961242A483}) (Version: 4.04.3000 - HobbyWare, Inc.)
PicPick (HKLM-x32\...\PicPick) (Version: 3.2.4 - NTeWORKS)
Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.49.1068 - Qualcomm Atheros)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.49.1068 - Qualcomm Atheros) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.9.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6324 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigil 0.8.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TotalAudioConverter (HKLM-x32\...\Total Audio Converter_is1) (Version: 5.1 - Softplicity, Inc.)
TotalMovieConverter (HKLM-x32\...\Total Movie Converter_is1) (Version:  - Softplicity, Inc.)
TrackerBox (HKLM-x32\...\TrackerBox) (Version:  - )
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{EB6E47F7-82FB-36FE-23E6-E8C9FD6522C8}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1915614820-850652913-360261026-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-03-2015 10:55:58 Windows Update
08-03-2015 10:53:59 Windows Update
11-03-2015 12:52:29 Windows Update
15-03-2015 23:21:51 Windows Update
19-03-2015 09:11:57 Windows Update
22-03-2015 09:34:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-08 14:11 - 00444519 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A9DD839-2695-42CF-8267-8A8AEECDCAE0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {27184366-830B-4C69-A058-69A1C58BB8AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: {48C7EE06-9200-48B7-87A4-6955CB403DD4} - System32\Tasks\Core Temp Autostart Lizzie => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {50AB65CC-F58B-4A79-8BD4-A239AA95D37F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: {54B5496A-6A4A-4568-B602-9BCC4335A6C6} - System32\Tasks\Macrium-Backup-{BA0D16D4-7264-4345-8ACB-06CAD34BE59C} => C:\Program Files\Macrium\Reflect\reflect.exe [2015-02-23] (Paramount Software UK Ltd)
Task: {54EB8BDC-C2B2-4BD1-AA77-79145434EC0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {5DCD4718-7A16-4486-90DC-A9C904431C0F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {5EB639EE-26FF-4C7D-B854-922D19EEF0DC} - System32\Tasks\{C5B46DBE-1134-4A32-9DB9-8D088D849F9D} => pcalua.exe -a C:\Users\Michael\Downloads\MFC-J630W-inst-A2-enus.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6E840BEF-34CA-461C-9160-E95E0B891752} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9000E251-DBC9-4F5E-9DB4-0EEBEC2736E4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {97430110-FD18-47BD-99B8-BF7EB0A72AFE} - System32\Tasks\SUPERAntiSpyware Scheduled Task f752744d-b208-4c7a-998e-27a17bdf8ac1 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {AD561DB2-660E-4E02-896D-864D63700CD8} - System32\Tasks\{E564A49C-6821-4E68-A709-B4770C1C36E9} => pcalua.exe -a "C:\Program Files\Rio Karma\sbdrvsetup.exe" -d "C:\Program Files\Rio Karma"
Task: {AE4E76FD-B995-4241-906D-D8C529BC5EF0} - System32\Tasks\{681EBF29-AFDB-468F-A9F8-C91FB55EA363} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsPlugin
Task: {B793EFDC-CA88-4BD6-B217-BDABF267FC02} - System32\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E} => C:\ProgramData\Premium\MagniPic\MagniPic.exe <==== ATTENTION
Task: {BC8F531C-D4B6-427F-9518-FF0D70FBED50} - System32\Tasks\{2A8036B5-FD9C-4584-9C9E-31AEFF20E1E5} => pcalua.exe -a "D:\system items\software downloads\audio converters &amp; editors\Rio Karma\RioDrivers.exe" -d "D:\system items\software downloads\audio converters &amp; editors\Rio Karma"
Task: {F863910A-0240-4F7B-B1E0-438EDEA058C8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium-Backup-{BA0D16D4-7264-4345-8ACB-06CAD34BE59C}.job => C:\Program Files\Macrium\Reflect\reflect.exeg-e -w C:\Users\Lizzie\Documents\Reflect\My Backup.xml
Task: C:\Windows\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E}.job => C:\ProgramData\Premium\MagniPic\MagniPic.exeA/schedule /profile C:\ProgramData\Premium\MagniPic\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f752744d-b208-4c7a-998e-27a17bdf8ac1.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Loaded Modules (whitelisted) ==============

2012-05-13 07:19 - 2005-04-21 23:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-05-30 22:23 - 2011-01-26 19:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-13 19:35 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-07-11 15:58 - 2012-05-03 11:49 - 00061544 _____ () C:\Program Files (x86)\EditPlus 3\eppshell64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-11 21:27 - 2014-12-11 21:27 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2EAD18C2
AlternateDataStreams: C:\ProgramData\Temp:90EF0C9C
AlternateDataStreams: C:\ProgramData\Temp:B63300D1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1915614820-850652913-360261026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lizzie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lizzie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Carbonite Backup => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: PicPick Start => C:\Program Files (x86)\PicPick\picpick.exe /startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

==================== Accounts: =============================

Administrator (S-1-5-21-1915614820-850652913-360261026-500 - Administrator - Disabled)
Guest (S-1-5-21-1915614820-850652913-360261026-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1915614820-850652913-360261026-1002 - Limited - Enabled)
Lizzie (S-1-5-21-1915614820-850652913-360261026-1000 - Administrator - Enabled) => C:\Users\Lizzie
Michael (S-1-5-21-1915614820-850652913-360261026-1003 - Administrator - Enabled) => C:\Users\Michael

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 11:02:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 808

Start Time: 01d0664bb5f6556b

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 24ef0429-d23f-11e4-9fae-8056f244c9f8

Error: (03/24/2015 09:22:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: thunderbird.exe, version: 17.0.6.4877, time stamp: 0x518c3ba7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1585f85c
Faulting process id: 0x103c
Faulting application start time: 0xthunderbird.exe0
Faulting application path: thunderbird.exe1
Faulting module path: thunderbird.exe2
Report Id: thunderbird.exe3

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:02:04.967]: [00006284]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:02:04.967]: [00006284]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:02:04.925]: [00006284]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:02:04.925]: [00006284]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:01:55.936]: [00005992]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:01:55.935]: [00005992]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:01:55.864]: [00005992]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/03/23 22:01:55.864]: [00005992]: ##### Fatal ERROR!! Create STI-device failed! #####


System errors:
=============
Error: (03/24/2015 11:10:48 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/24/2015 11:02:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/24/2015 11:01:04 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/24/2015 11:01:04 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (03/24/2015 10:59:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/24/2015 10:59:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/24/2015 10:59:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/24/2015 10:50:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/24/2015 10:50:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/24/2015 10:50:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/24/2015 11:02:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756780801d0664bb5f6556b16C:\Windows\Explorer.EXE24ef0429-d23f-11e4-9fae-8056f244c9f8

Error: (03/24/2015 09:22:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: thunderbird.exe17.0.6.4877518c3ba7unknown0.0.0.000000000c00000051585f85c103c01d0663d7dcfc541C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeunknown409e24ad-d231-11e4-9edf-8056f244c9f8

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:02:04.967]: [00006284]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:02:04.967]: [00006284]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:02:04.925]: [00006284]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:02:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:02:04.925]: [00006284]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:01:55.936]: [00005992]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:01:55.935]: [00005992]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:01:55.864]: [00005992]: Initialize TwdsMain Class failed!

Error: (03/23/2015 10:01:55 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/03/23 22:01:55.864]: [00005992]: ##### Fatal ERROR!! Create STI-device failed! #####


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 6056.23 MB
Available physical RAM: 3241.88 MB
Total Pagefile: 12110.66 MB
Available Pagefile: 8919.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:104.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Lizzie) (Fixed) (Total:332.7 GB) (Free:104.86 GB) NTFS
Drive g: (SD CARD) (Removable) (Total:3.79 GB) (Free:3.69 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 7A8CE995)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


BC AdBot (Login to Remove)

 


#2 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 24 March 2015 - 06:10 PM

Thank you for moving this to the right place!


Edited by miztrniceguy, 24 March 2015 - 06:43 PM.

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 24 March 2015 - 10:56 PM

Hello and welcome to Bleeping computer.

Please run the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   2.29KB   2 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 25 March 2015 - 06:11 AM

ok thank you for your CatByte. Here is the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Lizzie at 2015-03-25 06:09:38 Run:1
Running from C:\Users\Lizzie\Desktop
Loaded Profiles: Lizzie (Available profiles: Lizzie & Michael)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
AppInit_DLLs-x32: c:\progra~2\magnipic\sprote~1.dll => "c:\progra~2\magnipic\sprote~1.dll" File Not Found
HKLM\...\AppCertDlls: [makeutou] -> C:\Windows\system32\icacecab.dll
HKLM\...\AppCertDlls: [findvaws] -> C:\Windows\system32\icacecab64.dll
C:\Windows\system32\icacecab.dll
C:\Windows\system32\icacecab64.dll
HKU\S-1-5-21-1915614820-850652913-360261026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1915614820-850652913-360261026-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
2012-11-09 13:11 - 2012-11-09 13:11 - 0000000 _____ () C:\Program Files (x86)\GUT2C7F.tmp
2012-11-09 13:10 - 2012-11-09 13:10 - 0000000 _____ () C:\Program Files (x86)\GUT4BD2.tmp
2012-11-09 13:05 - 2012-11-09 13:05 - 0000000 _____ () C:\Program Files (x86)\GUTA20C.tmp
2012-10-08 11:28 - 2012-10-08 11:28 - 0004958 _____ () C:\ProgramData\jmwgqlqm.fzc
C:\Users\Lizzie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpowipzm.dll
C:\Users\Lizzie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lizzie\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
Task: {B793EFDC-CA88-4BD6-B217-BDABF267FC02} - System32\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E} => C:\ProgramData\Premium\MagniPic\MagniPic.exe <==== ATTENTION
Task: C:\Windows\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E}.job => C:\ProgramData\Premium\MagniPic\MagniPic.exeA/schedule /profile C:\ProgramData\Premium\MagniPic\profile.ini <==== ATTENTION
end






*****************

"c:\progra~2\magnipic\sprote~1.dll" => Value Data removed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\makeutou => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\findvaws => value deleted successfully.
"C:\Windows\system32\icacecab.dll" => File/Directory not found.
"C:\Windows\system32\icacecab64.dll" => File/Directory not found.
HKU\S-1-5-21-1915614820-850652913-360261026-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-1915614820-850652913-360261026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1915614820-850652913-360261026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1915614820-850652913-360261026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
"HKU\S-1-5-21-1915614820-850652913-360261026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-21-1915614820-850652913-360261026-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Program Files (x86)\GUT2C7F.tmp => Moved successfully.
C:\Program Files (x86)\GUT4BD2.tmp => Moved successfully.
C:\Program Files (x86)\GUTA20C.tmp => Moved successfully.
C:\ProgramData\jmwgqlqm.fzc => Moved successfully.
"C:\Users\Lizzie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpowipzm.dll" => File/Directory not found.
C:\Users\Lizzie\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Lizzie\AppData\Local\Temp\swt-win32-3452.dll => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B793EFDC-CA88-4BD6-B217-BDABF267FC02}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B793EFDC-CA88-4BD6-B217-BDABF267FC02}" => Key deleted successfully.
C:\Windows\System32\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E}" => Key deleted successfully.
C:\Windows\Tasks\MagniPicUpdaterTask{BE8CDD1F-B838-44E1-ACF3-C6016741B47E}.job => Moved successfully.

==== End of Fixlog 06:09:39 ====


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 25 March 2015 - 09:56 AM

looks better.

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 25 March 2015 - 11:19 AM

Ok thank you. Here's the log.

 

ComboFix 15-03-25.01 - Lizzie 03/25/2015  11:06:55.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6056.3952 [GMT -5:00]
Running from: c:\users\Lizzie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SafeSaver
c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\extensions\staged\ktdow-ttgh@wjwcgmr-rkeyz.co.uk
c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\extensions\staged\ktdow-ttgh@wjwcgmr-rkeyz.co.uk\bootstrap.js
c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\extensions\staged\ktdow-ttgh@wjwcgmr-rkeyz.co.uk\chrome.manifest
c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\extensions\staged\ktdow-ttgh@wjwcgmr-rkeyz.co.uk\content\bg.js
c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\extensions\staged\ktdow-ttgh@wjwcgmr-rkeyz.co.uk\install.rdf
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-25 to 2015-03-25  )))))))))))))))))))))))))))))))
.
.
2015-03-25 16:14 . 2015-03-25 16:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-03-25 16:14 . 2015-03-25 16:14    --------    d-----w-    c:\users\Michael\AppData\Local\temp
2015-03-25 11:05 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E96F7279-BAB3-4ACA-8DDC-0DF23D10177A}\mpengine.dll
2015-03-24 16:09 . 2015-03-25 11:09    --------    d-----w-    C:\FRST
2015-03-24 04:07 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-16 20:32 . 2015-03-16 20:32    --------    d-----w-    c:\users\Lizzie\AppData\Local\ElevatedDiagnostics
2015-03-09 18:32 . 2015-03-09 18:32    --------    d-----w-    c:\users\Lizzie\AppData\Roaming\WDC
2015-03-07 20:16 . 2015-03-07 20:57    --------    d-----w-    c:\users\Lizzie\AppData\Roaming\mp3tagpro
2015-03-07 17:01 . 2015-03-07 17:01    --------    d-----w-    c:\users\Lizzie\AppData\Local\MediaMonkey
2015-03-07 17:00 . 2015-03-07 19:43    --------    d-----w-    c:\users\Lizzie\AppData\Roaming\MediaMonkey
2015-03-01 01:25 . 2015-01-14 05:47    813744    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2015-03-01 01:24 . 2015-01-15 08:09    1461760    ----a-w-    c:\windows\system32\lsasrv.dll
2015-03-01 01:21 . 2014-12-11 17:47    87040    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-03-01 01:21 . 2015-01-09 02:03    3201536    ----a-w-    c:\windows\system32\win32k.sys
2015-02-25 21:39 . 2015-02-25 21:39    --------    d-----w-    c:\users\Lizzie\AppData\Roaming\Oberon Media
2015-02-25 21:39 . 2015-02-25 21:39    --------    d-----w-    c:\program files (x86)\Oberon Media SIDR
2015-02-25 21:39 . 2015-02-25 21:39    --------    d-----w-    c:\program files (x86)\Common Files\Oberon Media
2015-02-25 21:39 . 2015-02-25 21:39    --------    d-sh--w-    c:\users\Lizzie\AppData\Local\EmieBrowserModeList
2015-02-25 21:39 . 2015-02-25 21:39    --------    d-----w-    c:\program files (x86)\GamesBar
2015-02-25 03:11 . 2015-02-25 03:11    35720    ----a-w-    c:\windows\system32\drivers\PROCEXP152.SYS
2015-02-24 17:21 . 2015-02-24 17:34    --------    d-----w-    c:\program files\SyncToy 2.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 11:02 . 2014-04-11 15:26    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:17 . 2012-04-05 19:54    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-23 13:41 . 2015-02-23 14:08    169480    ----a-w-    c:\windows\system32\drivers\psmounterex.sys
2015-02-14 19:52 . 2011-09-14 22:34    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2015-02-09 19:21 . 2015-01-30 04:04    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-09 19:21 . 2015-01-30 04:04    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-30 04:29 . 2015-01-30 04:30    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-29 23:49 . 2012-04-04 03:34    116773704    ----a-w-    c:\windows\system32\MRT.exe
2014-12-29 18:11 . 2014-10-16 19:19    84448    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-19 21:58 . 2012-06-24 16:54    8075264    ----a-w-    c:\program files\ABBYY FineReader 11.msi
2012-01-19 19:27 . 2012-06-24 16:54    1133320    ----a-w-    c:\program files\AutoRun.exe
2012-01-19 19:23 . 2012-06-24 16:54    634632    ----a-w-    c:\program files\Setup.exe
2009-07-07 23:12 . 2012-06-24 16:54    245408    ----a-w-    c:\program files\unicows.dll
2009-07-07 23:12 . 2012-06-24 16:54    1822520    ----a-w-    c:\program files\instmsiw.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 15:49    594432    ----a-w-    c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-01-28 7780120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Lizzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lizzie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Lizzie\AppData\Local\Temp\ALSysIO64.sys;c:\users\Lizzie\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-23 19:53    1061704    ----a-w-    c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23 19:52]
.
2015-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23 19:52]
.
2015-03-25 c:\windows\Tasks\Macrium-Backup-{BA0D16D4-7264-4345-8ACB-06CAD34BE59C}.job
- c:\program files\Macrium\Reflect\reflect.exe [2015-02-23 13:52]
.
2015-02-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f752744d-b208-4c7a-998e-27a17bdf8ac1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Lizzie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41    220160    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41    220160    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 15:50    724992    ----a-w-    c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIC30F~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIC30F~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\xu2e4doi.default-1419011282079\
FF - prefs.js: browser.startup.homepage - file:///D:/system%20items/backups/bookmarks/homepage.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence"="36-E3VE-UD1K-GNA3-GR3G-8924-STJWT79"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-25  11:18:02
ComboFix-quarantined-files.txt  2015-03-25 16:18
.
Pre-Run: 114,533,703,680 bytes free
Post-Run: 114,664,759,296 bytes free
.
- - End Of File - - 12D12066A1B260F7FA55611C6B310F5E
 


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 25 March 2015 - 11:46 AM

Please do the following:

Open Malwarebytes:

• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
○ 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Attach the resulting log.

• Open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Export' > Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported" > Click Ok
• Attach that saved log to your next reply.

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Scan
  • If items are found, please select the Cleaning button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 25 March 2015 - 01:41 PM

OK done. MBAM was clean and here are he logs

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2015
Scan Time: 11:50:17 AM
Logfile: mbam log after combofix.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.25.05
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lizzie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439842
Time Elapsed: 36 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

===============================

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2015
Scan Time: 11:50:17 AM
Logfile: MBAM log 2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.25.05
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lizzie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439842
Time Elapsed: 36 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

==========================

 

# AdwCleaner v4.113 - Logfile created 25/03/2015 at 13:28:27
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Lizzie - LIZZIE_PC
# Running from : C:\Users\Lizzie\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Users\Lizzie\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\Lizzie\Documents\Updater
Folder Deleted : C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\Users\Lizzie\AppData\Roaming\Mozilla\Firefox\Profiles\g82dq668.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\DownLite
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v41.0.2272.101

[C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}
[C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lizzie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=7d988a48-6fe1-11e2-9704-5404a6022721&q={searchTerms}

*************************

AdwCleaner[R0].txt - [5177 bytes] - [28/11/2013 09:21:14]
AdwCleaner[R1].txt - [5296 bytes] - [28/11/2013 09:31:24]
AdwCleaner[R2].txt - [5415 bytes] - [28/11/2013 10:11:50]
AdwCleaner[R3].txt - [3361 bytes] - [25/03/2015 13:23:57]
AdwCleaner[S0].txt - [340 bytes] - [28/11/2013 09:25:01]
AdwCleaner[S1].txt - [340 bytes] - [28/11/2013 09:32:03]
AdwCleaner[S2].txt - [5496 bytes] - [28/11/2013 10:20:24]
AdwCleaner[S3].txt - [3007 bytes] - [25/03/2015 13:28:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3066  bytes] ##########
 


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 25 March 2015 - 02:19 PM

how is the computer running now, are there any outstanding issues?


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 25 March 2015 - 03:42 PM

Everything seems to be okay. opened IE without issues. No other problems. IE will go back into storage as we don't use it. My wife only opened it to try to replicate a client's issues with a website she manages.

 

Thank you for your help!


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 25 March 2015 - 06:38 PM


That's good to hear. Now we can clean up our tools, please do the following:

You can delete the FRST logs and program from your desktop.

NEXT

Follow these steps to uninstall Combofix
Make sure your security programs are totally disabled.
Press the WinKey +R to open a run box
Now copy/paste the following command into the runbox and click OK.
Combofix /uninstall

(Note the space between the ..x and the u, it needs to be there.)

NEXT

Double click on adwcleaner.exe to run the tool.
Click on the Uninstall button
Confirm with yes

If there are any logs/tools remaining on your desktop > right click and delete them

NEXT

Below I have included a couple of recommendations for how to protect your computer against malware infections.
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection.
Refer to this Microsoft article - Strong passwords: How to create and use them
http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com

This will ensure your computer has always the latest security updates available installed on your computer.

http://www.mywot.com
Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for Chrome, Firefox and IE

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
https://adblockplus.org/en/internet-explorer
https://adblockplus.org/en/firefox
https://adblockplus.org/en/chrome
click the link(s) for your browser(s) and download.

Thank you for your patience, and performing all of the procedures requested.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 25 March 2015 - 06:41 PM

Thank you again for the help! I will take  care of the cleanup.


Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 26 March 2015 - 12:04 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:16 PM

Posted 26 March 2015 - 12:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users