Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 stuck on classic, no internet, no sound...


  • This topic is locked This topic is locked
23 replies to this topic

#1 Terminator1128

Terminator1128

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 17 May 2015 - 09:36 PM

I booted up my computer after shutting it down to find that the theme is stuck on windows classic, no internet capability, no sound, lowest brightness setting, and the track-pad on the laptop wont work.

 

I ran the scan with all the boxes checked, if that's a problem I can redo it.

 

So how can I fix it?

Attached Files


Edited by rotor123, 31 May 2015 - 01:57 PM.


BC AdBot (Login to Remove)

 


#2 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 19 May 2015 - 08:24 PM

Just fyi the files are from Farbar Recovery Scan Tool.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 23 May 2015 - 08:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576530 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 30 May 2015 - 08:28 PM

I was given help by a bc member i ran all the scans, and it all worked out, i let mbar and mbam clear what was neccesary and thats all I did. The new logs are in the first post.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 01 June 2015 - 12:18 PM

Greetings Terminator1128 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this, using a clean computer as necessary to download programs and post results.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicyUsers\S-1-5-21-196490869-943364589-1227311327-1001\User: Group Policy restriction detected <======= ATTENTION
Handler: WSAllMyTubechrome - No CLSID Value
S2 MBAMService; "C:\Users\valencia\Desktop\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S1 ISODrive; \??\C:\Users\valencia\Desktop\UltraISO\drivers\ISODrv64.sys [X]
2015-03-31 16:56 - 2015-03-31 16:57 - 00000000 ____D () C:\Users\kids\AppData\Local\{18080938-0D54-4832-BD40-DA4DFAAB994E}
2015-03-20 20:36 - 2015-03-20 20:36 - 00000000 ____D () C:\Users\valencia\AppData\Local\{07589F18-C7F7-4702-938B-202CC54EA215}
2015-03-20 20:35 - 2015-03-20 20:35 - 00000000 ____D () C:\Users\valencia\AppData\Local\{CF04B821-A808-4CE2-ACAC-023E90C103B4}
2015-03-05 15:09 - 2015-03-05 15:22 - 00000000 ____D () C:\Users\valencia\AppData\Local\{16E4862B-0EFD-48A5-8D14-8F5F2DC13D9F}
2015-03-05 15:09 - 2015-03-05 15:09 - 00000000 ____D () C:\Users\valencia\AppData\Local\{700B3DA4-E1EC-408A-BCCA-BF9592DAC3DC}
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
C:\Users\kids\Desktop\00000001.TMP
C:\Users\kids\Desktop\00000002.TMP
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • Combofix log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 04 June 2015 - 05:57 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 04 June 2015 - 11:33 PM

Thanks Gary. Anyway Here are the logs.

 

For ComboFix

 

ComboFix 15-05-31.01 - valencia 06/04/2015  20:12:34.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6055.4829 [GMT -7:00]
Running from: c:\users\valencia\Desktop\scan\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-05 to 2015-06-05  )))))))))))))))))))))))))))))))
.
.
2015-06-05 03:37 . 2015-06-05 03:37 -------- d-----w- c:\users\kids\AppData\Local\temp
2015-06-03 03:23 . 2015-06-03 03:23 -------- d-----w- C:\found.000
2015-06-03 00:52 . 2015-06-03 00:52 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F29E4A-B839-4847-B90B-FCD0FD699222}\offreg.dll
2015-05-17 03:11 . 2015-06-04 23:05 -------- d-----w- C:\FRST
2015-05-13 03:34 . 2015-05-13 04:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-13 03:33 . 2015-05-13 03:33 -------- d-----w- c:\programdata\Malwarebytes
2015-05-13 03:33 . 2015-04-14 16:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-13 03:33 . 2015-04-14 16:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-02 22:24 . 2015-01-08 06:07 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-17 03:09 . 2011-09-23 09:01 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-16 03:46 . 2015-04-16 03:46 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-16 03:39 . 2015-01-25 22:58 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-14 16:37 . 2015-01-08 06:06 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 06:25 . 2015-04-27 22:56 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F29E4A-B839-4847-B90B-FCD0FD699222}\mpengine.dll
2015-04-04 06:25 . 2015-04-24 22:01 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-02 00:17 . 2015-04-14 22:25 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-03-25 23:06 . 2015-03-31 22:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB31842-2DE6-492F-BA39-A056B072B1F6}\gapaengine.dll
2015-03-25 23:06 . 2014-12-08 23:30 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-14 22:26 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 22:26 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 22:26 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 22:26 3298816 ----a-w- c:\windows\system32\wucltux.dll
 
For RogueKiller
 
RogueKiller V10.8.1.0 [Jun  3 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : valencia [Administrator]
Started from : C:\Users\valencia\Desktop\scan\RogueKiller.exe
Mode : Scan -- Date : 06/04/2015  21:20:40
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M750MBB +++++
--- User ---
[MBR] aacf02b1705f7b101ff5e8f477b72f12
[BSP] 98e89cbdd8bc0471222eaa5e298aa020 : Kiwi MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 697556 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1428801536 | Size: 17747 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
--- User ---
[MBR] 452cd092bbcea496dab2aec573e4e41e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 247 | Size: 1946 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 5aea0f6b14068314c7447d52e3141ed9
[BSP] 32cbb4a5b9593343a27fdebccbff2912 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32 | Size: 61050 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
FixLog
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-05-2015 01
Ran by valencia at 2015-06-04 16:05:37 Run:1
Running from C:\Users\valencia\Desktop\scan\New folder
Loaded Profiles: valencia (Available profiles: valencia & kids)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-196490869-943364589-1227311327-1001\User: Group Policy restriction detected <======= ATTENTION
Handler: WSAllMyTubechrome - No CLSID Value
S2 MBAMService; "C:\Users\valencia\Desktop\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S1 ISODrive; \??\C:\Users\valencia\Desktop\UltraISO\drivers\ISODrv64.sys [X]
2015-03-31 16:56 - 2015-03-31 16:57 - 00000000 ____D () C:\Users\kids\AppData\Local\{18080938-0D54-4832-BD40-DA4DFAAB994E}
2015-03-20 20:36 - 2015-03-20 20:36 - 00000000 ____D () C:\Users\valencia\AppData\Local\{07589F18-C7F7-4702-938B-202CC54EA215}
2015-03-20 20:35 - 2015-03-20 20:35 - 00000000 ____D () C:\Users\valencia\AppData\Local\{CF04B821-A808-4CE2-ACAC-023E90C103B4}
2015-03-05 15:09 - 2015-03-05 15:22 - 00000000 ____D () C:\Users\valencia\AppData\Local\{16E4862B-0EFD-48A5-8D14-8F5F2DC13D9F}
2015-03-05 15:09 - 2015-03-05 15:09 - 00000000 ____D () C:\Users\valencia\AppData\Local\{700B3DA4-E1EC-408A-BCCA-BF9592DAC3DC}
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
C:\Users\kids\Desktop\00000001.TMP
C:\Users\kids\Desktop\00000002.TMP
*****************
 
C:\windows\system32\GroupPolicyUsers\S-1-5-21-196490869-943364589-1227311327-1001\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKCR\PROTOCOLS\Handler\WSAllMyTubechrome" => Key deleted successfully.
MBAMService => Service deleted successfully.
ISODrive => Service deleted successfully.
C:\Users\kids\AppData\Local\{18080938-0D54-4832-BD40-DA4DFAAB994E} => Moved successfully.
C:\Users\valencia\AppData\Local\{07589F18-C7F7-4702-938B-202CC54EA215} => Moved successfully.
C:\Users\valencia\AppData\Local\{CF04B821-A808-4CE2-ACAC-023E90C103B4} => Moved successfully.
C:\Users\valencia\AppData\Local\{16E4862B-0EFD-48A5-8D14-8F5F2DC13D9F} => Moved successfully.
C:\Users\valencia\AppData\Local\{700B3DA4-E1EC-408A-BCCA-BF9592DAC3DC} => Moved successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}" => Key deleted successfully.
"HKU\S-1-5-21-196490869-943364589-1227311327-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}" => Key deleted successfully.
"C:\Users\kids\Desktop\00000001.TMP" => File/Directory not found.
"C:\Users\kids\Desktop\00000002.TMP" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:05:38 ====
 


#8 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 04 June 2015 - 11:35 PM

And the MSINFO32.

Attached Files



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:10 AM

Posted 05 June 2015 - 08:20 AM

Hello,
I will answer as soon as possible. Oh My! is currently not able to help and therefore I'm helping you. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:10 AM

Posted 05 June 2015 - 08:25 AM

You haven't posted the full content of the ComboFix log, please do this.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 07 June 2015 - 11:30 PM

Ok Here's the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015 01 (ATTENTION: ====> FRSTversion is 25 days old and could be outdated)
Ran by valencia (administrator) on VALENCIA-PC on 07-06-2015 21:18:47
Running from C:\Users\valencia\Desktop\scan\New folder
Loaded Profiles: valencia (Available profiles: valencia & kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [LXCTCATS] => rundll32 C:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry
HKLM\...\Run: [lxctmon.exe] => C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2007-03-19] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [82864 2007-03-19] (Lexmark International Inc.)
HKLM-x32\...\Run: [Lexmark 5400 Series] => C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [304048 2007-03-19] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
Startup: C:\Users\valencia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-04-26] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-196490869-943364589-1227311327-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-196490869-943364589-1227311327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-20] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-20] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Steve Scene Minecraft Theme) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjmklapclllpephcnnognbdaedlgfa [2014-12-05]
CHR Extension: (Google Docs) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google Drive) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (YouTube) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Google Search) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Google Sheets) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (Bookmark Manager) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Gmail) - C:\Users\valencia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
StartMenuInternet: Google Chrome.AHOG76CEIVVBXEIUJUL5CAE3JI - C:\Users\kids\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-18] (Intel Corporation) [File not signed]
S4 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-18] (Intel Corporation) [File not signed]
S4 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-18] (Intel Corporation) [File not signed]
S4 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2007-03-19] ( )
S4 lxct_device; C:\windows\SysWOW64\lxctcoms.exe [537520 2007-03-19] ( )
S4 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
S4 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [294912 2011-04-20] (Windows ® Win 7 DDK provider) [File not signed]
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [294912 2011-04-20] (Windows ® Win 7 DDK provider) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [51712 2011-05-18] (Intel Corporation) [File not signed]
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [53248 2011-05-18] (Intel Corporation) [File not signed]
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [282624 2011-07-18] (Intel Corporation) [File not signed]
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-07-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [342528 2013-11-06] (Intel® Corporation) [File not signed]
S4 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-06-04 20:52 - 2015-06-04 21:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-06-04 20:52 - 2015-06-04 21:16 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-06-04 20:25 - 2015-06-04 20:25 - 00000000 ____D () C:\Users\valencia\Documents\My Games
2015-06-04 20:21 - 2015-06-04 20:22 - 00000000 ____D () C:\Users\valencia\Desktop\Terraria 1.2.4.1 By Bounty Hawk
2015-06-04 20:09 - 2015-06-04 20:48 - 00000000 ____D () C:\Qoobox
2015-06-04 20:09 - 2015-06-04 20:48 - 00000000 ____D () C:\ComboFix
2015-06-04 20:09 - 2015-06-04 20:46 - 00000000 ____D () C:\windows\erdnt
2015-06-04 20:09 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2015-06-04 20:09 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2015-06-04 20:09 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-04 20:09 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-04 20:09 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-04 20:09 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2015-06-04 20:09 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2015-06-04 20:09 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2015-06-04 19:15 - 2015-06-04 19:15 - 00003352 ____N () C:\bootsqm.dat
2015-06-04 15:37 - 2015-06-04 15:37 - 00000000 ____D () C:\Users\valencia\AppData\Local\{46C69902-10AA-453C-A863-F3445AD35BC3}
2015-06-02 20:23 - 2015-06-02 20:23 - 00000000 ____D () C:\found.000
2015-06-02 19:41 - 2015-06-02 19:41 - 00000000 ____D () C:\Users\valencia\Documents\Inventor
2015-06-02 19:41 - 2015-06-02 19:41 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2015-06-02 16:45 - 2015-06-02 16:45 - 00010227 _____ () C:\Users\valencia\Documents\Uninstall STAR WARS The Old Republic.log
2015-06-02 15:24 - 2015-06-02 15:24 - 00000000 ____D () C:\Users\valencia\Downloads\Malwarebytes Anti-Malware
2015-05-16 20:11 - 2015-06-07 21:18 - 00000000 ____D () C:\FRST
2015-05-12 21:47 - 2015-06-04 21:40 - 00000000 ____D () C:\Users\valencia\Desktop\scan
2015-05-12 20:34 - 2015-05-12 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-12 20:33 - 2015-06-02 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-12 20:33 - 2015-05-12 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-12 20:33 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-12 20:33 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-12 16:24 - 2015-05-12 17:26 - 00000000 _____ () C:\Recovery.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-06-07 21:19 - 2014-12-21 23:28 - 00417725 _____ () C:\lxct.log
2015-06-07 21:17 - 2009-07-13 21:45 - 00021200 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 21:17 - 2009-07-13 21:45 - 00021200 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 21:13 - 2011-09-26 01:56 - 01431603 _____ () C:\windows\WindowsUpdate.log
2015-06-07 21:11 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-06-04 20:48 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default
2015-06-04 20:41 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2015-06-04 20:40 - 2014-12-04 12:46 - 00000008 __RSH () C:\Users\valencia\ntuser.pol
2015-06-04 20:40 - 2014-12-03 23:11 - 00000000 ____D () C:\Users\valencia
2015-06-04 20:38 - 2014-12-04 12:09 - 00954624 _____ () C:\windows\PFRO.log
2015-06-04 16:05 - 2009-07-13 20:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-06-04 16:05 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2015-06-02 17:13 - 2015-01-13 20:18 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-06-02 17:13 - 2014-12-18 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-06-02 17:07 - 2015-01-13 17:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-06-02 16:45 - 2014-12-05 16:44 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-06-02 16:45 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-02 15:24 - 2015-01-07 23:07 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 15:23 - 2015-02-04 19:13 - 00000325 _____ () C:\Users\kids\Documents\college courses.txt
2015-06-02 14:30 - 2014-12-04 14:05 - 00000000 ____D () C:\Program Files\Lx_cats
2015-05-16 20:27 - 2014-12-04 14:01 - 00000000 ____D () C:\Users\valencia\AppData\Roaming\Apple Computer
2015-05-16 20:05 - 2011-09-23 00:38 - 00000000 ____D () C:\windows\sk
2015-05-12 16:24 - 2014-12-03 23:11 - 00000000 ____D () C:\Recovery
 
==================== Files in the root of some directories =======
 
2014-12-03 23:11 - 2011-09-22 23:52 - 0001497 _____ () C:\Users\valencia\AppData\Local\PDLSetup.20110923.155237.txt
2014-12-03 23:11 - 2011-09-22 23:52 - 0001263 _____ () C:\Users\valencia\AppData\Local\PDLSetup.20110923.155239.txt
2015-01-07 22:30 - 2015-04-27 20:12 - 0007613 _____ () C:\Users\valencia\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\valencia\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-04 13:35
 
==================== End Of Log ============================


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:10 AM

Posted 08 June 2015 - 12:57 PM

 

You haven't posted the full content of the ComboFix log, please do this.

Please read what I post.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015 01 (ATTENTION: ====> FRSTversion is 25 days old and could be outdated)

Redownload FRST and do a new scan and post a fresh set of logs.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 10 June 2015 - 09:38 AM

Greetings,

I am sure you would like to join me in thanking Machiavelli for stepping in to assist us while I was unavailable. I will be helping you once again but I need you to reply to Machiavelli's latest post.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Terminator1128

Terminator1128
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 10 June 2015 - 08:19 PM

ComboFix 15-05-31.01 - valencia 06/10/2015  16:42:03.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6055.4672 [GMT -7:00]
Running from: c:\users\valencia\Desktop\scan\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-10 to 2015-06-10  )))))))))))))))))))))))))))))))
.
.
2015-06-10 23:54 . 2015-06-10 23:54 -------- d-----w- c:\users\kids\AppData\Local\temp
2015-06-10 23:54 . 2015-06-10 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-10 23:54 . 2015-06-10 23:54 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2015-06-05 03:52 . 2015-06-08 04:50 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-05 03:52 . 2015-06-05 04:29 -------- d-----w- c:\programdata\RogueKiller
2015-06-03 03:23 . 2015-06-03 03:23 -------- d-----w- C:\found.000
2015-06-03 00:52 . 2015-06-09 02:33 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F29E4A-B839-4847-B90B-FCD0FD699222}\offreg.dll
2015-05-17 03:11 . 2015-06-08 04:20 -------- d-----w- C:\FRST
2015-05-13 03:34 . 2015-05-13 04:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-13 03:33 . 2015-05-13 03:33 -------- d-----w- c:\programdata\Malwarebytes
2015-05-13 03:33 . 2015-04-14 16:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-13 03:33 . 2015-04-14 16:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-02 22:24 . 2015-01-08 06:07 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-17 03:09 . 2011-09-23 09:01 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-16 03:46 . 2015-04-16 03:46 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-16 03:39 . 2015-01-25 22:58 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-14 16:37 . 2015-01-08 06:06 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 06:25 . 2015-04-27 22:56 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3F29E4A-B839-4847-B90B-FCD0FD699222}\mpengine.dll
2015-04-04 06:25 . 2015-04-24 22:01 12032440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-02 00:17 . 2015-04-14 22:25 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-03-25 23:06 . 2015-03-31 22:59 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB31842-2DE6-492F-BA39-A056B072B1F6}\gapaengine.dll
2015-03-25 23:06 . 2014-12-08 23:30 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-14 22:26 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 22:26 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 22:26 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 22:26 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 22:26 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 22:26 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 22:26 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 22:26 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 22:26 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 22:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 22:26 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 22:26 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 22:26 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 22:26 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 22:26 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 22:26 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 09:32 . 2015-04-21 02:36 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BCD833D-C4BB-49FF-B87F-6B42753A6B00}\mpengine.dll
2015-03-23 03:25 . 2015-04-14 22:26 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 22:26 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 22:26 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 22:26 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 22:26 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 22:26 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-14 22:26 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-14 22:26 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:22 . 2015-04-14 22:26 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:22 . 2015-04-14 22:26 95672 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:22 . 2015-04-14 22:26 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:19 . 2015-04-14 22:26 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-14 22:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-14 22:26 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-14 22:25 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-14 22:26 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-14 22:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 05:16 . 2015-04-14 22:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 05:16 . 2015-04-14 22:26 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 05:16 . 2015-04-14 22:25 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 05:16 . 2015-04-14 22:26 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-14 22:25 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-14 22:25 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 05:16 . 2015-04-14 22:26 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 05:16 . 2015-04-14 22:26 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 05:16 . 2015-04-14 22:25 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-14 22:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 05:16 . 2015-04-14 22:26 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 05:16 . 2015-04-14 22:26 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-14 22:26 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-14 22:26 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 05:16 . 2015-04-14 22:25 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-14 22:25 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 05:16 . 2015-04-14 22:26 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-14 22:26 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-14 22:26 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 05:15 . 2015-04-14 22:26 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-04-14 22:26 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 05:13 . 2015-04-14 22:25 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 05:13 . 2015-04-14 22:25 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 05:11 . 2015-04-14 22:25 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-14 22:25 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 22:25 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-17 05:01 . 2015-04-14 22:26 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-14 22:26 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 04:59 . 2015-04-14 22:26 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5400 Series"="c:\program files (x86)\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R4 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R4 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R4 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;c:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe;c:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [x]
R4 mitsijm2015;Autodesk Simulation Moldflow MITSI 2015 Job Manager;c:\program files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-196490869-943364589-1227311327-1001Core.job
- c:\users\kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05 23:15]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-196490869-943364589-1227311327-1001UA.job
- c:\users\kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05 23:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-18 10365952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-02-04 444520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll" [2006-11-21 31744]
"lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"EzPrint"="c:\program files (x86)\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - (no file)
ShellIconOverlayIdentifiers-{853B7E05-C47D-4985-909A-D0DC5C6D7303} - (no file)
ShellIconOverlayIdentifiers-{42D38F2E-98E9-4382-B546-E24E4D6D04BB} - (no file)
AddRemove-The Forest_is1 - c:\users\valencia\Desktop\The Forest\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-10  16:58:14
ComboFix-quarantined-files.txt  2015-06-10 23:58
.
Pre-Run: 531,716,882,432 bytes free
Post-Run: 531,410,915,328 bytes free
.
- - End Of File - - 1313049D1B7EF1E8BF2E4B274990CEFF

I would also like to thank 

Machiavelli

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:10 PM

Posted 10 June 2015 - 09:41 PM

Thank you. Please don't overlook this:

 

Redownload FRST and do a new scan and post a fresh set of logs.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users