Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap do, Sonic search, airtostrong infected keeps coming back, alters chrome


  • This topic is locked This topic is locked
51 replies to this topic

#1 Buriedindream

Buriedindream

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 24 February 2016 - 03:48 PM

Hi there, I could really use some help please,

 

I have a toshiba windows 7 laptop 32bit.

My son installed a game (Prison break) off the internet and ran it without virus checking it first! 

Since then i have had a lot of trouble! I removed 5 ad-like programs (installed at the same time of the game installation) from the add and remove programs. (These items no longer show in the add and remove section)

 

I have used these software to find malware/viruses/trojans: 

Microsoft security essentials - At first found nothing, them removed some items, now deleted from the quarantine 

Hitman pro - found a few, removed then, then found more threats on later scan

Malwarebytes - always find many!

Adware removal tool - always found many and removed most the first scan but a couple it could not remove, but yesterday seemed to remove more junk, (used the reset google chrome function on this, but the search engines would still take over chrome and reappear in the managed search engine list.

 

From what i can see there are many offenders in there, but i did spot these: Snap do, Sonic search, airtostrong.exe which was also active in windows task manager processes (cannot see it there at this point in time however)

I use Google chrome and search engine changes have been constant, even after removing offending search engines and resetting chrome. I have pop ups, freezing up the redirections to other browsers/search engines. I have used the virus/malware removals so many times everyday, sometimes they remove items, sometimes they say 0 results found then next scan later in day 140 threats found.
 
At this point i can be online without being redirect but im pretty sure horribles are lurking in the computer just waiting to reactivate themselves as they did earlier. 
 
I think i have covered everything. Would really appreciate your help please :) Thank you so much!
 
Here is the FRST log: (and will attach Additional txt file)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-02-2016
Ran by Elizabeth (administrator) on ELIZABETH-PC (25-02-2016 09:13:19)
Running from C:\Users\Elizabeth\Downloads
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-10] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-03] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-21] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-28] (Disc Soft Ltd)
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: G - G:\LGAutoRun.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {021597e5-dab7-11e2-be02-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {021597e8-dab7-11e2-be02-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {0a14156d-6a34-11e2-b38e-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {0bfc3415-48bc-11e3-8e04-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {0bfc3417-48bc-11e3-8e04-002622fa8301} - I:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {24f306a7-b647-11e2-a84b-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {24f306a9-b647-11e2-a84b-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {313fc4a2-9d60-11e2-b737-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {4e157158-a3cc-11e2-b466-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {6aff721d-d85d-11e2-bc6f-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {6aff721f-d85d-11e2-bc6f-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {74bc57b8-3db2-11e3-bb71-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {7644b6d4-ad33-11e2-9938-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {7644b6d6-ad33-11e2-9938-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {7a121acd-2950-11e3-912d-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {7f19251c-c580-11e2-8400-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {80f4e62b-b4f0-11e2-b96d-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {859d4745-a489-11e2-bec3-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {9c38dddc-2d40-11e3-a82f-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {a0cf7d3c-1b41-11df-a510-002622fd4fbe} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {a1820e79-aaf0-11e2-8f6f-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {a1820e7d-aaf0-11e2-8f6f-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {a8e058f2-0222-11e4-ae1e-002622fa8301} - E:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {a8e058f6-0222-11e4-ae1e-002622fa8301} - E:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {bbdd62ed-bdad-11e2-a401-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {c39af734-0d12-11e3-8f05-701a04b8f38d} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {c3b85bd7-bddf-11e2-b972-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {c3b85c01-bddf-11e2-b972-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {c3b85c3a-bddf-11e2-b972-002622fa8301} - H:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {c85c5bf7-a48d-11e2-9e93-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {e8f65ee6-b4e9-11e2-b8a7-002622fa8301} - G:\Setup.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\MountPoints2: {ed6b8959-6cca-11e3-ac77-002622fa8301} - E:\LGAutoRun.exe
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{32CCE8AF-FD2F-43D5-9BFF-70359E8002E6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F5CBCB0C-C464-4E1C-9AB7-64A8BD40202F}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-4288062432-252110514-3150149879-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\Elizabeth\Documents\iTools\Plugin\iToolsBHO.dll => No File
Toolbar: HKU\S-1-5-21-4288062432-252110514-3150149879-1004 -> No Name - {28E515BD-3505-4E5D-9BD1-D54C213F64D8} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Users\Elizabeth\Documents\iTools\Plugin\npiTools.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4288062432-252110514-3150149879-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elizabeth\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-09-01] (Apple Inc.)
FF HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-11-24] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://www.google.co.nz/"
CHR Profile: C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Google Search) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Gmail) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR HKU\S-1-5-21-4288062432-252110514-3150149879-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [181616 2009-07-18] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-28] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51576 2010-07-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [181616 2009-08-11] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Update eye perform; "C:\Program Files\eye perform\updateeyeperform.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [278984 2011-02-28] ()
R3 dtlitescsibus; C:\windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-10] (Disc Soft Ltd)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2016-02-23] ()
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25416 2010-06-02] ()
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
S1 prodrv06; C:\windows\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology) [File not signed]
S0 prohlp02; C:\windows\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology) [File not signed]
S0 prosync1; C:\windows\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology) [File not signed]
S0 sfhlp01; C:\windows\System32\drivers\sfhlp01.sys [4832 2003-12-02] (Protection Technology) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-05-03] () [File not signed]
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 F-Secure Standalone Minifilter; \??\C:\Users\ELIZAB~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [X]
S3 hwmobile; system32\DRIVERS\hwusbser.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-25 09:13 - 2016-02-25 09:14 - 00021998 _____ C:\Users\Elizabeth\Downloads\FRST.txt
2016-02-25 09:11 - 2016-02-25 09:13 - 00000000 ____D C:\FRST
2016-02-25 09:10 - 2016-02-25 09:10 - 01722368 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST.exe
2016-02-25 08:55 - 2016-02-25 08:57 - 00000000 ____D C:\7d55a01f51506e6d46ee73ece9ff
2016-02-24 19:46 - 2016-02-24 19:46 - 00000299 _____ C:\Users\Elizabeth\Desktop\bleeping computer.txt
2016-02-24 15:42 - 2016-02-24 20:54 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\denaf
2016-02-24 15:40 - 2016-02-24 17:44 - 00000000 ____D C:\ProgramData\0a6335f2-6413-1
2016-02-24 15:40 - 2016-02-24 17:44 - 00000000 ____D C:\ProgramData\0a6335f2-62e1-0
2016-02-24 10:53 - 2016-02-24 10:53 - 02744739 _____ C:\Users\Elizabeth\Downloads\uart_gardens.rar
2016-02-23 12:39 - 2016-02-23 12:39 - 00019984 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-23 12:18 - 2016-02-23 12:18 - 00700584 _____ C:\Users\Elizabeth\Desktop\Adware_Removal_Tool_by_TSA (2).exe
2016-02-23 08:30 - 2016-02-24 09:35 - 00290304 _____ (Microsoft Corporation) C:\windows\system32\subinacl.exe
2016-02-23 08:30 - 2016-02-23 08:30 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2016-02-22 16:42 - 2016-02-22 16:42 - 00000000 ____D C:\Program Files\Common Files\qevrfwla
2016-02-22 16:12 - 2016-02-22 16:13 - 00000000 ____D C:\ProgramData\0a6335f2-1f07-1
2016-02-22 16:12 - 2016-02-22 16:12 - 00000000 ____D C:\ProgramData\0a6335f2-1723-0
2016-02-22 16:10 - 2016-02-22 16:10 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2016-02-22 15:48 - 2016-02-22 21:24 - 00000000 ____D C:\ProgramData\4ac44f26-6e01-0
2016-02-22 15:48 - 2016-02-22 15:48 - 00000000 ____D C:\ProgramData\0a6335f2-6e01-1
2016-02-22 15:48 - 2016-02-22 15:48 - 00000000 ____D C:\ProgramData\0a6335f2-2225-0
2016-02-22 15:43 - 2016-02-22 21:24 - 00000000 ____D C:\ProgramData\4ac44f26-0853-0
2016-02-22 15:42 - 2016-02-22 15:43 - 00000000 ____D C:\ProgramData\73fc048f
2016-02-22 15:42 - 2016-02-22 15:43 - 00000000 ____D C:\ProgramData\0a6335f2-6bb5-1
2016-02-22 15:42 - 2016-02-22 15:43 - 00000000 ____D C:\ProgramData\0a6335f2-5303-0
2016-02-22 15:42 - 2016-02-22 15:42 - 00000000 ____D C:\ProgramData\{13eacfb8-6190-0}
2016-02-22 15:42 - 2016-02-22 15:42 - 00000000 ____D C:\ProgramData\{0d1ed9c7-6190-1}
2016-02-22 15:42 - 2016-02-22 15:42 - 00000000 ____D C:\ProgramData\{00c6aff5-4190-0}
2016-02-22 15:41 - 2016-02-22 15:41 - 00222699 _____ C:\Users\Elizabeth\AppData\Roaming\Freedox.bin
2016-02-22 15:41 - 2016-02-22 15:41 - 00041472 _____ C:\Users\Elizabeth\AppData\Local\Matity.dat
2016-02-22 15:41 - 2016-02-22 15:41 - 00000187 _____ C:\Users\Elizabeth\AppData\Local\Matity.exe.config
2016-02-22 15:40 - 2016-02-22 15:40 - 07951360 _____ C:\Users\Elizabeth\AppData\Roaming\agent.dat
2016-02-22 15:40 - 2016-02-22 15:40 - 01883623 _____ C:\Users\Elizabeth\AppData\Roaming\Goldstock.tst
2016-02-22 15:40 - 2016-02-22 15:40 - 00072707 _____ C:\Users\Elizabeth\AppData\Roaming\Tam-Tone.tst
2016-02-22 15:40 - 2016-02-22 15:40 - 00018432 _____ C:\Users\Elizabeth\AppData\Roaming\Main.dat
2016-02-22 15:39 - 2016-02-22 15:39 - 00126976 _____ C:\Users\Elizabeth\AppData\Roaming\Installer.dat
2016-02-22 14:29 - 2016-02-24 09:33 - 00000000 ____D C:\Users\Elizabeth\Desktop\FB
2016-02-21 14:36 - 2016-02-21 14:36 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\FreeVPN
2016-02-15 12:12 - 2016-02-24 17:44 - 00002447 _____ C:\Users\Elizabeth\Desktop\Redemption Cemetery Bitter Frost Collectors.lnk
2016-02-15 12:07 - 2016-02-15 12:07 - 00000000 ____D C:\Program Files\Games
2016-02-10 14:49 - 2016-01-12 07:47 - 02956288 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-10 14:49 - 2016-01-12 07:47 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-10 14:49 - 2016-01-12 07:35 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-10 14:49 - 2016-01-12 07:17 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-10 14:49 - 2016-01-12 07:14 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-10 14:49 - 2016-01-12 07:14 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-10 14:49 - 2016-01-12 07:14 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-10 14:49 - 2016-01-12 07:14 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-10 14:49 - 2016-01-12 07:14 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-10 14:49 - 2016-01-12 07:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-10 14:49 - 2016-01-12 07:14 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-10 14:48 - 2016-01-17 07:42 - 00022464 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-10 14:48 - 2016-01-17 07:36 - 01413632 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-10 14:48 - 2016-01-17 07:34 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-10 14:48 - 2016-01-12 03:07 - 01198080 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-10 14:48 - 2016-01-12 03:07 - 00591360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-10 14:48 - 2016-01-12 03:07 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-10 14:48 - 2016-01-12 03:07 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-10 14:48 - 2016-01-12 03:07 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-10 14:47 - 2016-01-22 19:05 - 12877824 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-10 14:47 - 2016-01-22 19:00 - 01498624 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-10 14:47 - 2016-01-22 18:59 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-10 14:47 - 2016-01-22 18:12 - 02973184 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-10 14:46 - 2016-02-06 23:01 - 20366848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-10 14:46 - 2016-02-06 22:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-10 14:46 - 2016-02-06 22:43 - 02280448 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-10 14:46 - 2016-02-06 22:38 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-10 14:46 - 2016-02-06 22:16 - 12857856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-10 14:46 - 2016-02-06 21:54 - 01312256 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-10 14:46 - 2016-01-22 19:13 - 03993536 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-02-10 14:46 - 2016-01-22 19:13 - 03938752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-10 14:46 - 2016-01-22 19:13 - 00138176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-10 14:46 - 2016-01-22 19:13 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-10 14:46 - 2016-01-22 19:09 - 01310232 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-10 14:46 - 2016-01-22 19:06 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-10 14:46 - 2016-01-22 19:05 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-10 14:46 - 2016-01-22 19:05 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-10 14:46 - 2016-01-22 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-10 14:46 - 2016-01-22 19:04 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-10 14:46 - 2016-01-22 19:04 - 00535040 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 01060864 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00872448 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00293888 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\msorcl32.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-10 14:46 - 2016-01-22 19:02 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00642560 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 18:07 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-10 14:46 - 2016-01-22 18:01 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-10 14:46 - 2016-01-22 18:00 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-10 14:46 - 2016-01-22 17:53 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-10 14:46 - 2016-01-22 17:53 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-10 14:46 - 2016-01-22 17:53 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-10 14:46 - 2016-01-22 17:51 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-10 14:46 - 2016-01-22 17:51 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-10 14:46 - 2016-01-22 17:51 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-10 14:46 - 2016-01-22 17:51 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-10 14:46 - 2016-01-22 17:51 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 17:51 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 17:51 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 14:46 - 2016-01-22 17:51 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 14:46 - 2016-01-08 06:47 - 02386944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-10 14:46 - 2016-01-07 07:41 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-10 14:46 - 2016-01-07 06:56 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-10 14:46 - 2015-12-21 07:45 - 02745856 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-10 14:46 - 2015-12-21 07:45 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 14:46 - 2015-12-21 05:16 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-02-10 14:45 - 2016-01-23 09:10 - 00341200 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-10 14:45 - 2016-01-22 19:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-10 14:45 - 2016-01-22 19:02 - 00496640 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-10 14:45 - 2016-01-22 19:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-10 14:45 - 2016-01-22 19:01 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-10 14:45 - 2016-01-22 19:01 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-10 14:45 - 2016-01-22 19:00 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-10 14:45 - 2016-01-22 18:55 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-10 14:45 - 2016-01-22 18:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-10 14:45 - 2016-01-22 18:52 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-10 14:45 - 2016-01-22 18:51 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-10 14:45 - 2016-01-22 18:51 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-10 14:45 - 2016-01-22 18:51 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-10 14:45 - 2016-01-22 18:46 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-10 14:45 - 2016-01-22 18:43 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-10 14:45 - 2016-01-22 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 14:45 - 2016-01-22 18:38 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-10 14:45 - 2016-01-22 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-10 14:45 - 2016-01-22 18:35 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-10 14:45 - 2016-01-22 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-10 14:45 - 2016-01-22 18:34 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-10 14:45 - 2016-01-22 18:33 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-10 14:45 - 2016-01-22 18:27 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-10 14:45 - 2016-01-22 18:25 - 00687104 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-10 14:45 - 2016-01-22 18:25 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-10 14:45 - 2016-01-22 18:24 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-10 14:45 - 2016-01-22 18:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-10 14:45 - 2016-01-22 18:07 - 02120704 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-10 14:45 - 2016-01-22 18:02 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-10 14:45 - 2016-01-08 06:35 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-10 13:57 - 2016-02-24 17:45 - 00001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-10 13:57 - 2016-02-10 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-10 13:56 - 2016-02-10 13:56 - 00000000 ____D C:\Program Files\iTunes
2016-02-10 13:56 - 2016-02-10 13:56 - 00000000 ____D C:\Program Files\iPod
2016-02-10 13:52 - 2016-02-10 13:52 - 00000000 ____D C:\Program Files\Bonjour
2016-02-05 16:13 - 2016-02-05 17:40 - 00000000 ____D C:\Users\Elizabeth\Desktop\Uniform
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-25 08:57 - 2012-05-02 00:02 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-25 08:57 - 2011-01-26 09:31 - 00001945 _____ C:\windows\epplauncher.mif
2016-02-25 08:56 - 2011-01-26 09:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-25 08:53 - 2015-02-27 15:28 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 08:52 - 2015-10-02 11:40 - 00001040 _____ C:\windows\Tasks\9rgE1R5pj6cju30usrk5G85LKD.job
2016-02-24 21:04 - 2009-07-14 17:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:04 - 2009-07-14 17:34 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 20:55 - 2009-07-14 17:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-24 20:55 - 2009-07-14 15:37 - 00000000 ____D C:\windows\Globalization
2016-02-24 20:54 - 2010-04-11 02:35 - 00000000 ____D C:\windows\pss
2016-02-24 20:51 - 2015-02-27 15:28 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 20:51 - 2010-02-21 00:08 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\uTorrent
2016-02-24 20:31 - 2012-07-29 15:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-02-24 19:55 - 2015-08-23 15:20 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-24 17:45 - 2015-12-06 17:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-24 17:45 - 2015-09-23 19:28 - 00001008 _____ C:\Users\Public\Desktop\Movavi Video Suite 14.lnk
2016-02-24 17:45 - 2015-08-23 15:18 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-24 17:45 - 2015-06-23 17:03 - 00002093 _____ C:\Users\Public\Desktop\Clive Barker's Undying™.lnk
2016-02-24 17:45 - 2015-03-03 15:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-24 17:45 - 2015-02-27 15:29 - 00002129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 17:45 - 2014-09-15 21:14 - 00001291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-02-24 17:45 - 2014-04-08 12:35 - 00001302 _____ C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-02-24 17:45 - 2014-01-24 10:35 - 00000851 _____ C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-02-24 17:45 - 2013-05-29 13:50 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
2016-02-24 17:45 - 2013-05-29 13:47 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2016-02-24 17:45 - 2013-05-29 13:45 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
2016-02-24 17:45 - 2013-05-29 13:39 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
2016-02-24 17:45 - 2013-05-29 13:31 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
2016-02-24 17:45 - 2013-05-29 13:30 - 00001336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2016-02-24 17:45 - 2010-02-17 07:40 - 00001514 _____ C:\ProgramData\Microsoft\Windows\Start Menu\UserGuide.lnk
2016-02-24 17:45 - 2010-02-17 07:16 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator Help.lnk
2016-02-24 17:45 - 2009-08-21 12:10 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-24 17:45 - 2009-08-21 12:10 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-24 17:45 - 2009-07-27 12:01 - 00001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator.lnk
2016-02-24 17:45 - 2009-07-14 17:46 - 00001656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-24 17:45 - 2009-07-14 17:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-24 17:45 - 2009-07-14 17:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-24 17:45 - 2009-07-14 17:42 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-24 17:45 - 2009-07-14 17:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-24 17:45 - 2009-07-14 17:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-24 17:45 - 2009-07-14 17:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-24 17:44 - 2014-10-28 15:33 - 00001359 _____ C:\Users\Elizabeth\Desktop\HitmanPro - Shortcut.lnk
2016-02-24 17:44 - 2010-02-17 07:08 - 00001006 _____ C:\Users\Elizabeth\Desktop\PC Health Monitor.lnk
2016-02-24 16:22 - 2010-08-26 12:30 - 00000000 ____D C:\Users\Elizabeth\Documents\Downloaded Utorrent vids
2016-02-24 15:40 - 2014-04-29 21:27 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
2016-02-24 15:07 - 2012-09-25 17:09 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\DVDVideoSoft
2016-02-24 12:12 - 2013-09-13 15:03 - 00000476 _____ C:\windows\Tasks\At1.job
2016-02-24 09:13 - 2014-01-13 11:35 - 00000000 ____D C:\Users\Elizabeth\Documents\UNDYING IMAGES
2016-02-23 18:31 - 2010-02-17 09:35 - 00000000 ____D C:\windows\Minidump
2016-02-23 12:54 - 2010-02-16 16:17 - 00000000 ____D C:\Users\Elizabeth
2016-02-22 21:52 - 2014-04-08 12:37 - 00000258 __RSH C:\Users\Elizabeth\ntuser.pol
2016-02-22 21:51 - 2009-07-14 20:48 - 00000000 ____D C:\windows\ShellNew
2016-02-22 16:10 - 2014-06-29 14:59 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-22 15:53 - 2009-07-14 15:04 - 00000489 _____ C:\windows\win.ini
2016-02-18 20:13 - 2015-11-10 13:59 - 00000000 ____D C:\Users\Elizabeth\Desktop\Rose red Edit!
2016-02-18 14:04 - 2010-08-26 13:28 - 00002803 _____ C:\Users\Elizabeth\Documents\Passes.txt
2016-02-16 15:01 - 2011-11-11 10:39 - 00002507 _____ C:\Users\Elizabeth\Documents\MOVIE LIST.txt
2016-02-15 12:12 - 2011-10-29 14:28 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\ERS Game Studios
2016-02-11 19:20 - 2009-07-14 15:37 - 00000000 ____D C:\windows\rescache
2016-02-11 08:53 - 2009-07-14 17:33 - 03876088 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-11 08:49 - 2014-12-12 09:31 - 00000000 ____D C:\windows\system32\appraiser
2016-02-11 08:49 - 2014-05-07 00:42 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-11 08:49 - 2009-07-14 20:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 08:38 - 2013-08-16 09:39 - 00000000 ____D C:\windows\system32\MRT
2016-02-11 07:29 - 2010-02-20 15:01 - 144254680 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-11 07:20 - 2012-07-29 13:19 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-02-11 07:20 - 2011-06-16 09:08 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-02-10 13:56 - 2010-02-17 19:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-08 12:14 - 2015-02-02 12:37 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\iFunbox_UserCache
 
==================== Files in the root of some directories =======
 
2015-04-20 01:20 - 2015-04-20 01:20 - 0005872 _____ () C:\Users\Elizabeth\AppData\Roaming\9rgE1R5pj6cju30usrk5G85LKD
2016-02-22 15:40 - 2016-02-22 15:40 - 7951360 _____ () C:\Users\Elizabeth\AppData\Roaming\agent.dat
2010-03-30 17:10 - 2011-10-01 20:23 - 0000134 _____ () C:\Users\Elizabeth\AppData\Roaming\AVSMediaPlayer.m3u
2013-11-23 12:49 - 2014-04-29 23:45 - 0000137 _____ () C:\Users\Elizabeth\AppData\Roaming\Camdata.ini
2013-11-23 12:49 - 2014-04-29 23:45 - 0000408 _____ () C:\Users\Elizabeth\AppData\Roaming\CamLayout.ini
2013-11-23 12:49 - 2014-04-29 23:45 - 0000408 _____ () C:\Users\Elizabeth\AppData\Roaming\CamShapes.ini
2013-11-23 12:49 - 2014-01-20 17:20 - 0004534 _____ () C:\Users\Elizabeth\AppData\Roaming\CamStudio.cfg
2016-02-22 15:41 - 2016-02-22 15:41 - 0222699 _____ () C:\Users\Elizabeth\AppData\Roaming\Freedox.bin
2016-02-22 15:40 - 2016-02-22 15:40 - 1883623 _____ () C:\Users\Elizabeth\AppData\Roaming\Goldstock.tst
2016-02-22 15:39 - 2016-02-22 15:39 - 0126976 _____ () C:\Users\Elizabeth\AppData\Roaming\Installer.dat
2014-07-10 18:21 - 2014-07-21 13:58 - 0004977 _____ () C:\Users\Elizabeth\AppData\Roaming\log.sflog
2016-02-22 15:40 - 2016-02-22 15:40 - 0018432 _____ () C:\Users\Elizabeth\AppData\Roaming\Main.dat
2016-02-22 15:40 - 2016-02-22 15:40 - 0072707 _____ () C:\Users\Elizabeth\AppData\Roaming\Tam-Tone.tst
2013-11-23 12:48 - 2014-04-29 21:28 - 0000096 _____ () C:\Users\Elizabeth\AppData\Roaming\version2.xml
2011-05-26 10:07 - 2011-05-26 10:09 - 0013374 ___SH () C:\Users\Elizabeth\AppData\Local\8vr65vk72s2t543
2010-10-19 22:42 - 2015-02-22 13:13 - 0064000 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-03 13:27 - 2010-04-03 13:27 - 0000097 _____ () C:\Users\Elizabeth\AppData\Local\fusioncache.dat
2011-05-27 23:51 - 2011-05-27 23:51 - 0000036 _____ () C:\Users\Elizabeth\AppData\Local\housecall.guid.cache
2016-02-22 15:41 - 2016-02-22 15:41 - 0041472 _____ () C:\Users\Elizabeth\AppData\Local\Matity.dat
2016-02-22 15:41 - 2016-02-22 15:41 - 0000187 _____ () C:\Users\Elizabeth\AppData\Local\Matity.exe.config
2010-04-25 18:02 - 2012-11-12 17:02 - 0007605 _____ () C:\Users\Elizabeth\AppData\Local\resmon.resmoncfg
2014-01-26 23:39 - 2011-01-25 13:44 - 0097280 _____ () C:\Users\Elizabeth\AppData\Local\UrlManager.exe
2014-01-26 23:39 - 2011-01-25 13:44 - 0002405 _____ () C:\Users\Elizabeth\AppData\Local\urlManager.xml
2011-05-26 10:07 - 2011-05-26 10:09 - 0013374 ___SH () C:\ProgramData\8vr65vk72s2t543
2012-11-04 00:52 - 2012-11-04 00:52 - 0001157 _____ () C:\ProgramData\coloritbynumbers-color-by-numbers-halloween-cfg
2010-05-31 15:37 - 2010-05-31 15:38 - 0003904 _____ () C:\ProgramData\doicrane_save.log
2010-02-17 00:24 - 2010-02-17 00:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-12-31 14:14 - 2014-12-31 14:14 - 0005097 _____ () C:\ProgramData\hsqvmxbo.uxh
2012-01-03 11:34 - 2012-01-03 11:34 - 0004984 _____ () C:\ProgramData\jexqjxsy.dne
2015-09-23 19:20 - 2015-09-23 19:20 - 0000016 _____ () C:\ProgramData\mntemp
2014-11-17 12:20 - 2014-12-28 15:22 - 0001488 _____ () C:\ProgramData\port_acpca.log
2014-12-27 12:04 - 2014-12-27 12:04 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix
2012-01-03 11:42 - 2012-01-03 11:42 - 0004987 _____ () C:\ProgramData\ywasvxup.hvs
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some files in TEMP:
====================
C:\Users\Elizabeth\AppData\Local\Temp\0_Twilight_School.exe
C:\Users\Elizabeth\AppData\Local\Temp\1ADA.tmp.exe
C:\Users\Elizabeth\AppData\Local\Temp\24B7.tmp.exe
C:\Users\Elizabeth\AppData\Local\Temp\6295.tmp.exe
C:\Users\Elizabeth\AppData\Local\Temp\9A72.tmp.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup0838__10235.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup0891__10235.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup0936__16582.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup2909__16582.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup2961__17115.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup2974__17115.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3026__11164.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3036__11164.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3088__16608.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3101__16608.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3150__15807.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3163__15807.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3216__13749.exe
C:\Users\Elizabeth\AppData\Local\Temp\amisetup3226__13749.exe
C:\Users\Elizabeth\AppData\Local\Temp\bdfilters.dll
C:\Users\Elizabeth\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Elizabeth\AppData\Local\Temp\FreeVPNSetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\i4jdel0.exe
C:\Users\Elizabeth\AppData\Local\Temp\ICReinstall_CCleanerUpdateSetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\optprosetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\Prison Break The Conspiracy Game.exe
C:\Users\Elizabeth\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34011161.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34013405.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34015330.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34016397.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34016502.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34017276.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34017489.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34019535.exe
C:\Users\Elizabeth\AppData\Local\Temp\tmd_34019951.exe
C:\Users\Elizabeth\AppData\Local\Temp\Uninstall.exe
C:\Users\Elizabeth\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Elizabeth\AppData\Local\Temp\_Twilight_School.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 20:56
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 24 February 2016 - 04:46 PM

Hello,

 

Please post Frst Additional.txt

 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 24 February 2016 - 05:47 PM

Hi Olgun52 - thank you for the speedy reply. 

Sorry i thought i had attached it.

Here is the Addition.txt notepad info copied. 

Thank you :) 

 

 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-02-2016
Ran by Elizabeth (2016-02-25 11:43:20)
Running from C:\Users\Elizabeth\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-02-16 03:17:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4288062432-252110514-3150149879-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4288062432-252110514-3150149879-1008 - Limited - Enabled)
Elizabeth (S-1-5-21-4288062432-252110514-3150149879-1004 - Administrator - Enabled) => C:\Users\Elizabeth
Guest (S-1-5-21-4288062432-252110514-3150149879-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4288062432-252110514-3150149879-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon ScanGear Starter (HKLM\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version:  - )
Clive Barker's Undying™ (HKLM\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
ffdshow v1.1.3572 [2010-09-13] (HKLM\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Free Studio (HKLM\...\Free Studio_is1) (Version: 6.6.1.119 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.6 (HKLM\...\HitmanPro36) (Version: 3.6.0.151 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2C741651-87E0-4479-9703-6DD0D7988B84}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movavi Video Suite 14 (HKLM\...\Movavi Video Suite 14) (Version: 14.3.0 - Movavi)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Redemption Cemetery Bitter Frost Collectors 1.00 (HKLM\...\Redemption Cemetery Bitter Frost Collectors 1.00) (Version: 1.00 - Games)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM\...\{663743C6-642A-4486-8E42-7F90BA2EE3B3}) (Version: 5.0.6.0 - Husdawg, LLC)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{342126B2-10D5-409E-884B-245347A497E1}) (Version: 1.0.04.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.19 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.6.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}) (Version: 1.0.04.32 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.8 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.45 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
Unity Web Player (HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Utility Common Driver (Version: 1.0.50.26C - TOSHIBA) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4288062432-252110514-3150149879-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Elizabeth\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4288062432-252110514-3150149879-1004_Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32 ->  => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D7491A-C72F-4FB8-AF0B-FC95F456456B} - System32\Tasks\{D5C2ABEB-7A5A-425B-AE54-8A288857DC53} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {04C16576-DA70-4A3D-9287-273B28D5BFA7} - \ASP -> No File <==== ATTENTION
Task: {056ECDF2-4BC9-49DC-999E-CA00D1CDC1D0} - System32\Tasks\{10BC9094-52CF-4B9F-9883-D925ABB84766} => C:\Program Files\Deep Silver\Secret Files Tunguska\AutoStarter.exe
Task: {08E504BF-F776-4FB8-B1CC-DE3075FDB1CE} - System32\Tasks\{91407FC2-EBA2-40A8-82E5-13F249062466} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\DarkTales-EdgarAllanPoesThePrematureBurialCE\Dark Tales - Edgar Allan Poe's The Premature Burial CE.exe
Task: {09B585EB-1285-436A-A325-1779746A76F6} - System32\Tasks\{B6513949-B4D0-4DDD-BB23-B05A6AF72240} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Danger by Design - Adventure\GameSetup.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Danger by Design - Adventure"
Task: {0C5A7EEC-D919-4BFA-9F79-A264F90A275B} - System32\Tasks\{3D6C5EF5-93D0-4142-A379-15E7827AF1FE} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {0ECA2BE7-66FB-4B17-B880-E3661FC3D2D7} - System32\Tasks\{374E0998-E0A5-4512-9FD1-61A9AE8AB188} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {0F87E1DA-8482-40A3-B7C1-06DEC1028C91} - System32\Tasks\{E92F923B-EFE3-4C19-96F9-A477F533DECD} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {0FE4BA0D-8863-43B2-BD7D-BE1FDF1CDC8C} - System32\Tasks\{5B2E0AE9-5002-4B92-A05E-FFE84431F907} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {1640ADF6-97B8-4C51-A66E-BC8C00F92419} - System32\Tasks\{A0BC9336-6CDA-423D-B8F8-EBB937D37532} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {1C0E6AAE-1E75-4DB2-ADFD-F530FF1E1483} - System32\Tasks\{10E2851F-3324-4E10-B717-87463878F75C} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {20095E71-A1EB-4E74-9338-E22224D6C4C6} - System32\Tasks\{9FFCF8F9-F07B-4D37-B1D1-D482F1F759BD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1505D9B1-6037-4310-815A-4D8A212C5075}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {27E151EC-A3BB-4A74-8F7A-2E55E6FD6203} - System32\Tasks\{A3DA5A7A-20F7-4CE5-98C5-52CC729F14B3} => pcalua.exe -a E:\Install.exe -d E:\
Task: {2A5CFD0A-AD25-4E1C-B6A7-5EE7571210B0} - System32\Tasks\{550818FC-C88F-46D4-A855-795955BA98F0} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {2C800589-A150-4926-B41E-FEFF9FFE999F} - System32\Tasks\{9031D4DF-9D81-46EC-AF0B-E4571516FA16} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {2C96BB55-42C6-426B-B3D4-D714837C24E1} - System32\Tasks\{E78C880C-0B82-474A-B3EA-57FE011501DE} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Curse of Blackmoor Manor\NDCurseSetup.exe
Task: {2F465E81-1EB8-40B1-9E12-1A39D4D186C8} - System32\Tasks\{EA130764-CD67-4717-B612-A5252E24A3DA} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {309777F2-26AB-4E2F-906E-F0B9E7C3C5D2} - System32\Tasks\{9870FCD2-2822-4AF4-8BF1-0B9003054271} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {3385E685-06F4-4D90-B93B-7B2147F2DF05} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4288062432-252110514-3150149879-1004
Task: {344A947B-1A50-4797-B656-CD210524EA07} - System32\Tasks\{F379BF66-B2ED-404C-ADF9-1AD7ED94F440} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {35A280F6-AC9E-46E2-BA45-2E856B316107} - System32\Tasks\{0A2940F2-E73C-4146-8E4B-45F80FE74613} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {39412808-416C-4D0F-A583-35BF434D1BC4} - System32\Tasks\{EAE2206A-3AC2-42CA-8E61-DE1FA70385F1} => pcalua.exe -a C:\Users\Elizabeth\Downloads\lide20lide30n670un676un1240uvst7031a_xpen\SetupSG.exe -d C:\Users\Elizabeth\Downloads\lide20lide30n670un676un1240uvst7031a_xpen
Task: {3A5885BB-2AD6-4008-B0F3-BE14DA8BCE66} - System32\Tasks\{305DE42D-C78A-4436-84EE-AA72767EBE26} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Curse of Blackmoor Manor\NDCurseSetup.exe
Task: {3AC0F67C-B917-4B9B-98DB-94C67BE1C8AD} - System32\Tasks\{D39B019B-3B58-45BB-AF2F-8AA88068B358} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {3B7A94D7-6B24-48EB-847A-F4E84C85ACFD} - System32\Tasks\{F0387B3E-9523-44C1-B98C-DE25C8A60B76} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {3BEE92DB-D339-475E-BA3B-E3F2BCD331D2} - System32\Tasks\{5AD7D60B-6503-41D4-9EAF-BBC0A2969381} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {3DA33755-59BA-41C1-9056-59C48FCBF7E2} - System32\Tasks\{FC285DF3-53EC-4992-890A-347971136E88} => C:\Program Files\EA Games\Clive Barker's Undying\System\Undying.exe [2001-01-26] ()
Task: {3F1809A0-66C1-47C6-93B6-B90BE690EEED} - System32\Tasks\At1 => C:\windows\system32\winlogoon.exe [2014-07-17] () <==== ATTENTION
Task: {42FCC9F1-5A35-4F18-A1BE-910D44D1ABCC} - System32\Tasks\{E0D0CC6A-6742-4DBB-BE9A-9919BD0DBD02} => C:\Program Files\Dark Secrets\Dark Secrets V1.0.exe
Task: {45A51C20-A476-4C86-AD0A-2068DD86D5FC} - System32\Tasks\{0E7F92E4-F5FA-4D35-857A-C1B2F3B56B39} => C:\windows\twain_32\CNQSG\SGST.exe [2006-07-28] (CANON INC.)
Task: {45C58DBE-36C7-472D-93AD-B3D3B304CDF4} - System32\Tasks\{371B7987-5A04-44C3-9D4E-1A24C17C5F31} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Dark Tales - Edgar Allan Poe's The Premature Burial CE\Dark Tales - Edgar Allan Poe's The Premature Burial CE\DT_EAP_ThePrematureBurial.exe
Task: {47F2F24A-E1DC-4A10-AE45-72AEBC655D2B} - System32\Tasks\{726D950C-BA35-4F37-B93B-B96EC29484E3} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {4DDFC14A-4521-446F-BDDD-39F701D04420} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {4E5C46CC-342B-4527-B369-2BCFDADE6999} - System32\Tasks\{5C448D53-C77A-482C-9DFB-64B55B2048E3} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {5027CAE0-3281-4222-9077-F1FB2F705229} - System32\Tasks\{6B0A9C35-4F84-4564-BA9E-A25CDC0F3E47} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {51C63B23-F3C4-4C59-88BB-C97B61103CAA} - System32\Tasks\{BEB84246-BA68-42DB-A4B9-362D872E6D00} => C:\Users\Elizabeth\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
Task: {53124BF0-992B-4538-9390-FF1BF8423C9F} - System32\Tasks\{F1599A1A-8866-4D03-ADC0-4A9AC5492D4D} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {5577A9CC-E1E9-4495-BB1B-9B3F45F065D5} - System32\Tasks\{796351B7-5C98-4C95-BA92-743EF27EB6B7} => C:\Program Files\Focus\Frogwares\The Awakened\game.exe
Task: {57D7E3DA-867E-4AE0-BDC0-0FB0C29090AB} - System32\Tasks\{AB2460B1-80FB-411C-B665-290565E523E9} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {5A929C3D-0022-4D62-9687-4EC952AAE6C1} - System32\Tasks\{DC8460CE-E86F-4C8D-B642-22FF9A6A91BE} => E:\Setup.exe
Task: {5B56456F-5C62-448C-B01F-ACA161E36057} - System32\Tasks\{58D88A93-29FD-4790-B101-B670752AD134} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Twilight School UPDATED\Twilight_School.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Twilight School UPDATED"
Task: {5B957033-B7CD-4986-8CB2-16803FD554EC} - System32\Tasks\{4895F2D4-A3DD-4511-9215-48EC7BD3158F} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {5D4FB046-2665-4696-BE0D-4F28DD7D676B} - System32\Tasks\{D5C294F6-DAD4-470C-B0B9-F3D2AE2B55BB} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {6038919E-8E87-4AA8-9D74-CEDFFA88EF00} - System32\Tasks\{B4DCCFD7-7388-4D4A-88E2-6ED86240BDB2} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Delaware St John - Town With No Name\DSJV_TWNN_Setup.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Delaware St John - Town With No Name"
Task: {64E09A57-AFCE-4045-ABE7-FA5450013316} - System32\Tasks\{BC418B53-A98E-49B0-9562-03DB595E2E6D} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {64FFDFDC-C34A-4CDB-B54A-8230A50191B3} - System32\Tasks\{26619F80-14DB-4893-85D9-E3FA0B006018} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {65A97C3C-F41A-477E-A466-C3BD9D51E5DC} - System32\Tasks\{7874CBBD-8DD0-4B68-B4C9-9D7204816A35} => E:\DOGAuto.exe
Task: {6891E902-1F73-4EAA-99F8-79B51D7A0CFD} - System32\Tasks\{F868CAC7-82C5-4539-B67F-8C85CB598DD1} => C:\windows\twain_32\CNQSG\SGST.exe [2006-07-28] (CANON INC.)
Task: {6E006B5D-C308-4CBA-9068-C21EE1BF6834} - System32\Tasks\{ABE6D198-4A60-4B0C-8289-FE8F28960980} => C:\Nancy Drew\Treasure in the Royal Tower\game.exe
Task: {6F37894A-61A6-4D80-BBBE-6E9BCC7E816A} - System32\Tasks\{550C2C40-3857-47EF-BFDB-F8E2385B39EE} => C:\Program Files\Games\Campfire Legends 2 The Babysitter\CampfireLegendsBabysitter.exe
Task: {71A8DD1E-8051-4636-859B-5A6B92928A8E} - System32\Tasks\{3FB1E1E2-779E-41D1-9469-FF802D846C5B} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {725925D8-8B78-4384-8D84-4DD760790489} - System32\Tasks\{F0561891-2813-4D6A-9EC7-9335069F8CE1} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {736A0F22-48F4-4ED2-8826-73CB0B1BC354} - System32\Tasks\{771F4AB6-DFD5-40B8-B70B-817713F12900} => C:\windows\twain_32\CNQSG\SGST.exe [2006-07-28] (CANON INC.)
Task: {74F59095-80C0-417C-931F-1391C26D07C6} - System32\Tasks\9rgE1R5pj6cju30usrk5G85LKD => C:\Users\Elizabeth\AppData\Roaming\9rgE1R5pj6cju30usrk5G85LKD.exe <==== ATTENTION
Task: {75077234-17DF-4E74-BA50-2AFBECB768D8} - System32\Tasks\{967990C2-F2DA-4212-8519-1E8225ED56BE} => C:\Program Files\EA Games\Clive Barker's Undying\System\Undying.exe [2001-01-26] ()
Task: {770C26D8-5914-4952-BE0B-08353B343F0D} - System32\Tasks\{F580E879-F127-426E-AE38-F15B1EAE5EB3} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {7721F949-3318-46FA-9768-657FC91707FC} - System32\Tasks\{77F132A7-29ED-4403-AD0B-EBFB9BE83720} => C:\Program Files\Games\Nanny Mania 2 Hollywood\Nanny2.exe
Task: {77268F65-C6D1-4FB7-81CE-0F94F126519F} - System32\Tasks\{ED6086F2-F88B-4309-9219-5991F8C5318C} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {77CEED21-C3E0-4E52-86BE-D9D2FDFDCA5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {7826544A-428C-4CDF-90B9-13C40042B5CC} - System32\Tasks\{31A86A9D-85EA-482B-A72B-4E639362F4EA} => pcalua.exe -a C:\Users\Elizabeth\Downloads\wlsetup-web.exe -d C:\Users\Elizabeth\Downloads
Task: {792952D7-D029-4CBF-A2C7-DA11CB59C28C} - System32\Tasks\{5FEBDD2A-EAA7-4E38-801A-001FA00B8E9B} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {7BC3A0EB-189B-4D2F-9999-3682B2E7BA28} - System32\Tasks\{8F9EE5BA-F4A6-41E3-81D1-C80E26D227CD} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {7DCF3D25-6785-4EB1-A489-43F6E8D9D286} - System32\Tasks\{A14549EE-33AB-45C2-9A7B-900521D3B2EF} => C:\Program Files\Games\Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition\Dark Tales Edgar Allan Poe's Murders in the Rue Morgue.exe
Task: {7F145126-7CA3-4F2C-9B54-133D77C7E6B7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-14] (TOSHIBA CORPORATION)
Task: {80E2EA1E-5E87-47A4-A04C-8FCC1FB4A988} - System32\Tasks\{49792101-C240-405F-90D2-A65AABBA87F0} => pcalua.exe -a "C:\Program Files\Infogrames Interactive\Zapper PC\ZapperConfig.exe" -d C:\Users\Elizabeth\Desktop
Task: {81FA5CB6-120D-4D48-818E-D64BEBD7E07E} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\Elizabeth\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-02-21] ()
Task: {82F6C79E-4D6C-4F40-A007-348A9A229530} - System32\Tasks\{9DF3146A-5C96-43A0-9239-67B5F786A586} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {87D20C03-2ADE-431E-BBEA-113AF2B4CE37} - System32\Tasks\{1835E6EF-D413-A29B-264F-C44AD0B30475} => /s /n /i:"/rt" "C:\PROGRA~2\73fc048f\45837193.dll"
Task: {87E1E10C-1FC9-48F9-9836-33D6417AF8DC} - \{BF97A9CC-8738-5D08-58BF-B99C4613627C} -> No File <==== ATTENTION
Task: {8A76C93E-6F3F-431F-9A6D-D5933C163AF8} - System32\Tasks\{B89197FE-1B7A-45C7-BE15-D5E3B6BB96B2} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Curse of Blackmoor Manor\NDCurseSetup.exe
Task: {92D7E625-8EC0-4727-97E2-FF7B97C8CC03} - System32\Tasks\{110EA956-AD35-45BB-9423-F375F2199C7E} => C:\Program Files\Movavi Video Suite 14\Suite.exe [2015-09-01] (Movavi)
Task: {92F23D60-8992-4881-97D7-B180B3EE0BC8} - System32\Tasks\{71388054-15A7-4867-AC65-733267507244} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {938EE206-359D-4B85-8CDD-ECE684DD8B24} - System32\Tasks\{9C773970-904F-4C27-8E80-DCFF4E81116F} => C:\Program Files\EA Games\Clive Barker's Undying\System\Undying.exe [2001-01-26] ()
Task: {9404B45D-43A9-4210-A3D9-A245109717AF} - System32\Tasks\{67EDF78C-5D7F-4227-92F3-93FE84A632B6} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {9860B6B9-ECAB-4EB4-8497-49A9BD3A10B6} - System32\Tasks\{BE4DFBDE-21DA-43BE-9D56-B0C36CCD0CAC} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Hide &amp; Secret 2 - Cliffhanger Castle + Adnan_Boy 2008 + Precracked\Hide &amp; Secret 2 - Cliffhanger Castle.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Hide &amp; Secret 2 - Cliffhanger C (the data entry has 36 more characters).
Task: {9BEAD573-88DF-4246-9838-DB4F0F677C14} - System32\Tasks\{DDC0C24C-6759-416C-B468-6CDB7E3B0B11} => pcalua.exe -a "C:\windows\Victorian Mysteries - Woman in White\uninstall.exe" -c "/U:C:\Program Files\Victorian Mysteries - Woman in White\Uninstall\uninstall.xml"
Task: {9F7BF143-986B-46E2-A4DB-6C54FC0B02B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A145041C-F2E1-48F8-91DF-5F65D9DB8CAE} - System32\Tasks\{CB9380C5-7ED1-4D53-A16C-D2B89AAE7C28} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {A1E328BE-DFDB-48C0-A2B4-483E839FED15} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {A2BFEBFA-99AC-4ABC-AC3A-18E6FB4F8404} - System32\Tasks\{BF335A68-E417-48E3-93D7-143F1D1DFA97} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A442B3FC-77A0-49BC-9EDF-F0E4B3A8E145} - System32\Tasks\{7FB417FD-4252-40EE-B8B2-42CC3EEE5EB5} => C:\Program Files\Red Orb Entertainment\John Saul's Blackstone Chronicles\BSC.EXE
Task: {A559656E-9113-4316-9A38-2E32EBD275C8} - System32\Tasks\{88EC36EF-0BFB-430F-9DB3-655051BBCFA7} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\The Lost Crown (A Ghost Haunting Adventure)\Setup.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\The Lost Crown (A Ghost Haunting Adventure)"
Task: {A9F50246-740F-4A89-A032-158DCF688596} - System32\Tasks\{37F24D06-6272-4571-9712-B24E98EA94A4} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {AC0ACB9A-D30A-48A7-A7E0-E565755A3F99} - System32\Tasks\{9E9D26F3-1DFA-4071-9339-6D85F0696E55} => C:\Program Files\Clive Barker's Undying\System\Undying.exe
Task: {AC8E77EB-BDED-4FA4-AB67-A771E00C5D3A} - System32\Tasks\{B5BA3D51-2786-4D2E-8ADE-57F20ECCB36C} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Curse of Blackmoor Manor\NDCurseSetup.exe
Task: {AE64EE8E-490B-473F-87F2-3E3E0B9CEB88} - System32\Tasks\{C74B824C-4F20-4693-8D2A-61B1C65BCC42} => C:\Program Files\EA Games\Clive Barker's Undying\System\Undying.exe [2001-01-26] ()
Task: {B4183F78-F93B-4E08-84F2-645A07512F37} - System32\Tasks\{2D3236BD-4E08-4DEA-BF2F-D9F8EB6EE136} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {B476E6AC-361F-4DFA-BAC6-69656EB4B41E} - System32\Tasks\{37751D4D-EDB6-4BD6-9133-B849DE24B9DF} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\DarkTales-EdgarAllanPoesThePrematureBurialCE\Dark Tales - Edgar Allan Poe's The Premature Burial CE.exe
Task: {B662C12F-72AE-45C8-A002-F8021F3CEC52} - System32\Tasks\{F12C44DB-6398-4245-94BB-07617EBDC39B} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {B813F4C5-C2FA-465A-B2A1-16D2F1A177FF} - System32\Tasks\{46765485-C3C2-4951-A952-839539057F46} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Hide &amp; Secret 2 - Cliffhanger Castle + Adnan_Boy 2008 + Precracked\Hide &amp; Secret 2 - Cliffhanger Castle.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Hide &amp; Secret 2 - Cliffhanger C (the data entry has 36 more characters).
Task: {B8358581-D74E-477D-9314-925834E9DCD8} - System32\Tasks\{147302BC-A4FD-4EF3-A42E-7C35AD12705A} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {B8993FFC-94B9-4E52-AE16-F239A3D9499C} - System32\Tasks\{AAB4A3D8-1BCD-4B35-A37B-A16C253DAB2A} => pcalua.exe -a D:\launch.exe -d D:\ -c CD 1
Task: {BA2DE833-EC00-4E73-B9DD-5B1CCDC9E6FB} - System32\Tasks\{2689A7F6-8257-431F-9A29-70D2DDF9DE7A} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {BAE077A1-A59C-4277-AF85-BD95CE802D04} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BCE95C7D-911D-4019-B6B4-8F8F62E220B7} - System32\Tasks\{6E827246-4C54-499E-8B77-BB3A51CFF029} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {BD0F1A71-B33C-45FF-91F9-C90714FC6BC0} - System32\Tasks\{F8F8524F-24B1-4E6D-9E46-7BB1F40851B0} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew - Curse of Blackmoor Manor\NDCurseSetup.exe
Task: {BD51D508-768D-4B1F-A2DB-B698538DE080} - System32\Tasks\{9AFB1F80-4354-4BAF-8921-A580CDF814F0} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {BDE50210-B432-4E83-83C4-E83501370F90} - System32\Tasks\{2012DD1A-73BC-4257-AC9E-0EFCBD91310D} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {C17633C0-8C71-446B-A059-57C82787B1AB} - System32\Tasks\{A6180AC4-134F-4438-A8C7-92642B2D0B5C} => E:\Memento Mori\MEMENTO.exe
Task: {C20D79DE-78DA-4D23-8F65-AB21BCC321A3} - System32\Tasks\{8AE64972-8D2D-41D5-B2AF-DB970A3C818C} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {C2690D08-555B-4E31-8A41-4FA88D8564CA} - System32\Tasks\{7879E803-52DC-472E-AD99-8C9D9A603D9D} => C:\Program Files\Darkness Within 2\DarkLineage.exe
Task: {C31D6258-9ABB-4D00-8C79-FF3134B2A463} - System32\Tasks\rfi4glvu => C:\Program Files\Common Files\qevrfwla\46266yqvguz5r.exe [2016-02-22] () <==== ATTENTION
Task: {C46471E2-341B-455C-96F1-CABF3DEBA145} - System32\Tasks\{4DE8457D-B2FC-4FA0-87BE-9EF8EFE48AB1} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {C4A31014-30A2-4A01-BFD7-9AB54AD5DE9F} - System32\Tasks\{4F824704-A12B-4D94-BE97-C36B12951354} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {C611F42C-16D6-40B0-9985-7650C17BF7AB} - System32\Tasks\{F99BD4E6-82E6-4381-94A8-7766B134912D} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {C6EE1C09-2254-48C7-9A08-8AF52B8D5FD8} - System32\Tasks\{01523735-4B1D-483E-A077-0E772AC43CF6} => C:\Nancy Drew\Message in a Haunted Mansion\Game.exe
Task: {C8CF520F-1D3D-4C20-8D11-3819A89E312C} - System32\Tasks\{C812F1A9-2930-4731-ADEF-89605D78DDDF} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {CA75AED4-4B7D-4264-BF1D-189F6469CF3C} - System32\Tasks\{65BD7128-53A5-408A-AB09-29266C5173C0} => C:\Program Files\Foxy Games\Nightmare Visions - Full Moon Horror BETA\NightmareVisions_FullMoonHorror.exe
Task: {CBC7939E-A70F-4D2E-BB15-8E2ADBDCBED4} - System32\Tasks\{C23BA55F-DE4F-44D2-8E35-2F53EECE7E39} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {CF2DF297-FF0D-4BB6-9EA5-B1674F10D80F} - System32\Tasks\{1CAFCE23-D4EF-493F-8D0F-3CD0F5525351} => C:\Program Files\Games\Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition\Dark Tales Edgar Allan Poe's Murders in the Rue Morgue.exe
Task: {CF32E2C0-87D6-4E87-9ACC-CEECA64B408A} - System32\Tasks\{09A30E26-4CDE-4311-A81E-77823ABF68C5} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {D2B57B96-C1FF-4D4F-875C-B58FA012ECEC} - System32\Tasks\{E3C3D510-A088-4832-8600-CFE6A86ED9B5} => C:\Program Files\Terminal Reality\Nocturne\nocturne.exe
Task: {D39C17B7-446F-4A18-9A9C-F0A177920615} - System32\Tasks\{8A902458-948B-4FA5-9C92-01B8E5401A00} => C:\Program Files\Terminal Reality\Nocturne\nocturne.exe
Task: {D764CDE3-65B5-4018-B9F0-5EAD4AE5A2AF} - System32\Tasks\{733E1323-6866-44BF-9245-F1D44D431555} => C:\Program Files\PC Suite 2.0\PC Suite 2.0.exe
Task: {DC55E512-7C48-4D28-9E66-04A29FBAD916} - System32\Tasks\{393E3631-3BDF-4506-8EB9-D6DF1420EA3F} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {E0AD61A9-263C-4344-98C0-B84EDE720A90} - System32\Tasks\{FC3DAFF2-896F-423F-90B6-A4D8DDF92CE1} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {E30BFCA3-6062-4EEB-BE62-1E87B4FEE299} - System32\Tasks\{00ED268B-69F3-4930-B335-0D4E4DD56FA7} => C:\Users\Elizabeth\Downloads\Im.Not.Alone.(TGC.%e2%80%93.The.Games.Company).(2010).45150.exe
Task: {E70F4DD9-9309-4E71-B1BF-5007860CC07A} - \{0F040D47-7909-790A-7A11-78080D0F117D} -> No File <==== ATTENTION
Task: {E7335A7A-FB74-46B2-8188-BB7F0C1FCAF4} - System32\Tasks\{357B664D-8808-4D73-ABA8-40A057763286} => C:\Program Files\Games\Midnight Mysteries The Edgar Allan Poe Conspiracy\Midnight Mysteries - Edgar Allan Poe Conspiracy.exe
Task: {EAD7DF71-EA9F-437A-8CE9-CCF39D2869DF} - System32\Tasks\{47467C4E-E2C1-4B1D-AE4F-249C683E6A50} => C:\Program Files\Movie Maker 2.6\MOVIEMK.exe
Task: {EFD2E884-BBB8-4D01-882F-C30B4835F330} - System32\Tasks\{09A5EB6D-FB0F-4EFB-B5A2-34B3FFF4C81D} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F0D85377-027F-4DD0-929E-0822C3AFB3CC} - System32\Tasks\{37FBBF6E-3C88-41BA-BA29-53CBC375B5F0} => pcalua.exe -a "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Jane Austen's Estate of affairs\Jane Austen's Estate of Affairs Setup\JaneAusten.exe" -d "C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Jane Austen's Estate of affairs\Jane Austen's Estate of Affairs Setup"
Task: {F0DDAB2A-D131-4F89-A089-342B350891CE} - System32\Tasks\{A0520CA3-3C9D-4F14-9974-2C139647268B} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {F26F2A66-44BA-4584-8251-D59859CA2C9F} - System32\Tasks\{957FBA1C-6251-4B4E-BA6E-6B5E975C970B} => C:\Program Files\Skype\Phone\Skype.exe
Task: {F2C4C3DB-3C85-45E1-8856-F3C6F2410D51} - System32\Tasks\{2CBB60CA-9C14-49F8-A21E-0AAC8F129A52} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Nancy Drew games\Nancy Drew 08 - The Haunted Carousel\CARAuto.exe
Task: {F38FE39A-A483-44EF-A1E7-1BE8FB9696B1} - System32\Tasks\{7DDF4885-68BB-4D57-B127-945E010A65B0} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\DarkTales-EdgarAllanPoesThePrematureBurialCE\Dark Tales - Edgar Allan Poe's The Premature Burial CE.exe
Task: {F3B0A422-0BBF-49F8-B4AA-0D2501586E2F} - System32\Tasks\{8244B6A7-E81E-4993-A016-3A313A20DA62} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
Task: {F4EF5F96-62AD-4BED-B944-171B559F67D8} - System32\Tasks\{134491EA-7160-482B-9C19-1B41B258BB7B} => C:\Program Files\Games\Nanny Mania 2 Hollywood\Nanny2.exe
Task: {F80F14CD-8DBE-4CF7-9080-0BE4744F6CAC} - System32\Tasks\{C5E4EBD4-A67A-4677-9F8C-E6FE135F769D} => C:\Users\Elizabeth\Downloads\UNDYING MAP LOADER\UnLoader.exe
Task: {F843A23B-4625-4C51-8DA5-2732A3D0C3B9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {FB024AD6-014F-428E-8CC3-C660933F0F0E} - System32\Tasks\{5BDE0439-D9DC-4CDF-94C3-BC85215CF61F} => C:\Program Files\Nucleosys\Scratches\scream.exe
Task: {FBFBB9B6-33E1-4CA9-85AD-7F79B43AAD00} - System32\Tasks\{C6069DAD-A880-4FAB-847A-D3F5886693B7} => C:\Program Files\Amnesia - The Dark Descent\redist\Amnesia.exe
Task: {FE2E1B44-9821-4F21-B650-B0F6FC67E840} - System32\Tasks\{7A21321C-2531-40C3-A953-24B3DCC628D3} => pcalua.exe -a C:\windows\IsUninst.exe -c -f"C:\Program Files\Infogrames\Alone in the Dark\Uninst.isu"
Task: {FF5C2FB5-5E78-43B9-A32C-4797F7CF5597} - System32\Tasks\{7E3599B8-A35E-4585-B269-F8898D6FFAF1} => C:\Users\Elizabeth\Documents\Downloaded Utorrent vids\Bigfish Games - Forgotten Riddles 2  - The Moonlight Sonatas + Adnan_Boy 2008 + Precracked\Forgotten Riddles - The Moonlight Sonatas.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\9rgE1R5pj6cju30usrk5G85LKD.job => C:\Users\Elizabeth\AppData\Roaming\9rgE1R5pj6cju30usrk5G85LKD.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\At1.job => C:\windows\system32\winlogoon.exe C:\windows\system32\api-ms-win-security-lsalookup-l11-1-0.dll
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00110952 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\zlib1.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00253800 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\collector.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00295272 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\stat.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00104296 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00020328 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2014-09-30 10:38 - 2016-01-19 04:02 - 00044392 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2009-07-17 12:27 - 2009-07-17 12:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-17 12:27 - 2009-07-17 12:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-21 12:16 - 2009-06-23 11:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-13 16:08 - 2009-03-13 16:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-08-04 15:17 - 2009-08-04 15:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-02-20 09:20 - 2016-02-18 17:14 - 01630360 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 09:20 - 2016-02-18 17:14 - 00085656 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0785072C
AlternateDataStreams: C:\ProgramData\TEMP:07C99568
AlternateDataStreams: C:\ProgramData\TEMP:0841B94B
AlternateDataStreams: C:\ProgramData\TEMP:114C90CA
AlternateDataStreams: C:\ProgramData\TEMP:14B2E0BD
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356
AlternateDataStreams: C:\ProgramData\TEMP:1A8BB29B
AlternateDataStreams: C:\ProgramData\TEMP:1B389835
AlternateDataStreams: C:\ProgramData\TEMP:1C6D843F
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83
AlternateDataStreams: C:\ProgramData\TEMP:3D36932D
AlternateDataStreams: C:\ProgramData\TEMP:3D922890
AlternateDataStreams: C:\ProgramData\TEMP:3ED5E595
AlternateDataStreams: C:\ProgramData\TEMP:453967C6
AlternateDataStreams: C:\ProgramData\TEMP:474022C7
AlternateDataStreams: C:\ProgramData\TEMP:4C3D5A8B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:587F3582
AlternateDataStreams: C:\ProgramData\TEMP:58E38390
AlternateDataStreams: C:\ProgramData\TEMP:6B86037F
AlternateDataStreams: C:\ProgramData\TEMP:6E1F359F
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:9195103F
AlternateDataStreams: C:\ProgramData\TEMP:9485E512
AlternateDataStreams: C:\ProgramData\TEMP:95079543
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
AlternateDataStreams: C:\ProgramData\TEMP:A6F30843
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B2112128
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:CC30FDA5
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DF5D803F
AlternateDataStreams: C:\ProgramData\TEMP:E690114B
AlternateDataStreams: C:\ProgramData\TEMP:E8C44CB4
AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66
AlternateDataStreams: C:\ProgramData\TEMP:EEED3F26
AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE
AlternateDataStreams: C:\ProgramData\TEMP:FC60E0F8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4288062432-252110514-3150149879-1004\...\vizzed.com -> www.vizzed.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-05-16 02:03 - 2016-02-24 15:58 - 00001763 ____A C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com practivate.adobe.ipp activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com 
127.0.0.1 practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe 3dns-2.adobe.com www.wip4.adobe.com 3dns-3.adobe.com 
127.0.0.1 crl.verisign.net adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com wip4.adobe.com ereg.wip1.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com 
127.0.0.1 ereg.wip3.adobe.com adobeereg.com lmlicenses.wip4.adobe.com www.wip2.adobe.com ereg.wip2.adobe.com hl2rcv.adobe.com www.wip.adobe.com wip2.adobe.com adobe-dns-2.adobe.com 
127.0.0.1 activate.adobe.com adobe-dns-3.adobe.com www.wip1.adobe.com activate.wip3.adobe.com activate-sea.adobe.com practivate.adobe.com www.adobeereg.com wip.adobe.com www.wip3.adobe.com 
127.0.0.1 practivate.adobe.newoa wwis-dubc1-vip60.adobe.com lm.licenses.adobe.com 127.0.0.1 clients2.google.com 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4288062432-252110514-3150149879-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desktop Clock-7 => "C:\Program Files\Desktop Clock-7\Desktop Clock-7.exe"
MSCONFIG\startupreg: DS Clock => "C:\Program Files\DS Clock\DSClock.exe"
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Elizabeth\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iFunBox => C:\Program Files\i-Funbox DevTeam\iFunBox.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C45CCA2B-D3F3-4573-9E0B-957757071952}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6A0220C6-DD3B-4AF5-839E-D7D6E588344A}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{5F68E174-3486-4A92-BFCE-867883D85027}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AA75DD5F-7CD3-4AC1-B997-9E1A0B9D964C}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{BEAE58D0-75C8-4DDE-8EBA-E3787587EA65}D:\alice.exe] => (Allow) D:\alice.exe
FirewallRules: [UDP Query User{BF6AF23A-AAD0-403E-A113-D772A01B7506}D:\alice.exe] => (Allow) D:\alice.exe
FirewallRules: [{95BF28FC-D4FE-48A2-BE1D-6CC33B52D570}] => (Allow) LPort=5353
FirewallRules: [{001276CB-A81B-4582-94A3-6978DC870D54}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{C28AF58A-269A-4E76-B854-137E471C1896}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [TCP Query User{ECB55F6C-06CE-46CD-8D65-824F034AF01A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{ED0DC497-D575-4360-80B2-8228FB9660FD}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7A45C9A9-52F3-4A8B-A6BF-866E47031364}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20CDE725-8E89-4A19-A8AF-E0694201D1D1}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{1667C80D-8413-47BF-B83F-958BA6ACEBA0}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4BFBE937-FF86-4BE4-94E3-2C22557747FC}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C49947B-2615-4FA5-9ABC-6D89D90B2423}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{47A803EE-9659-4E39-9460-FF5D17F3CB33}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{A2AE2F1C-D0E4-4C1F-A9DA-ED7946599A80}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{DCE38FF7-6694-4265-BDD6-AEF810D69132}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{E4CF0499-4647-40E6-BC15-F837B19380FE}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [{45D96096-89AE-457E-BBC8-8B7042B0E5DA}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{F1DAE36C-9BD4-4731-B9A8-EE94800C1520}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{A5D09034-EA9D-42F3-9C15-2F3897CDFBF2}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{28508A50-9F52-47C5-8FDD-B1D74EF25D7B}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B607B9D0-DCF0-490F-95C0-3C0C3D9CE69B}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63F38DB2-08F0-41A2-95A2-8F035E29132F}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{2DB15993-4729-42C8-A630-9A318889D525}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Free Screen Recorder\Apowersoft Free Screen Recorder.exe
FirewallRules: [{914A5E63-C054-4C55-877F-9C89A3AE00AF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A92AC040-115F-42F6-98CF-6CF1925505F2}] => (Allow) LPort=2869
FirewallRules: [{39918DAA-9CA1-43D9-B7D5-CD0A1142A8AE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{BA04D81E-997D-4DE6-A970-8F7DE14BAD3C}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{384DB568-0F1D-4ACF-AE27-25E7FFF7D993}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{FCDBF941-B229-4E69-960C-F7F3F145F24D}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{79A48661-89D1-4E6F-9FE2-345C41DBD7C8}] => (Allow) C:\Users\Elizabeth\AppData\Roaming\SSN\updssn.exe
FirewallRules: [TCP Query User{D44094BB-BF9E-45E6-871D-47E89EB105D9}C:\program files\common files\tencent\qqdownload\125\tencentdl.exe] => (Block) C:\program files\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [UDP Query User{584EB1A0-9DCF-473A-80D1-2520FDC3E101}C:\program files\common files\tencent\qqdownload\125\tencentdl.exe] => (Block) C:\program files\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{8F8966F6-7F28-4416-940F-89B68D861394}] => (Allow) C:\program files\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{CFD35C58-180B-491E-BD93-25DBABF71DEB}] => (Allow) C:\program files\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [TCP Query User{1C68B1B8-3190-4688-ABED-93D5AA950647}C:\program files\taigpro\download\minithunderplatform.exe] => (Block) C:\program files\taigpro\download\minithunderplatform.exe
FirewallRules: [UDP Query User{79DBF1D0-CD8C-455C-A6CC-631F37079C9F}C:\program files\taigpro\download\minithunderplatform.exe] => (Block) C:\program files\taigpro\download\minithunderplatform.exe
FirewallRules: [TCP Query User{1D3CA9DA-A038-4AC7-AF11-C9CF9DDD5182}C:\program files\smart view\smart view.exe] => (Block) C:\program files\smart view\smart view.exe
FirewallRules: [UDP Query User{EC7A759F-EB84-49AE-A39E-167232EDEB52}C:\program files\smart view\smart view.exe] => (Block) C:\program files\smart view\smart view.exe
FirewallRules: [{62F995E5-2AA9-4218-8E3F-DA55A6311A76}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{DF8964F4-71DF-4535-8D90-02DE9DE68C7B}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{38E2A4B2-EF46-4CEF-AEC3-123D3F11C6F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1442B0A1-F3CA-4217-8EBA-C7EA2A77D90D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA0A6650-06B7-4629-BB9A-5564EE9453AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6D1818E5-3941-40A4-9D59-8E391B760A22}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-02-2016 14:47:26 Windows Update
24-02-2016 19:47:24 Windows Update
25-02-2016 08:53:08 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2016 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15132
 
Error: (02/25/2016 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15132
 
Error: (02/25/2016 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/25/2016 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14134
 
Error: (02/25/2016 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14134
 
Error: (02/25/2016 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/25/2016 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13135
 
Error: (02/25/2016 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13135
 
Error: (02/25/2016 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/25/2016 10:32:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12121
 
 
System errors:
=============
Error: (02/25/2016 08:53:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/24/2016 08:55:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
prodrv06
prohlp02
prosync1
sfhlp01
 
Error: (02/24/2016 08:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update eye perform service failed to start due to the following error: 
%%2
 
Error: (02/24/2016 08:55:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error: 
%%1275
 
Error: (02/24/2016 08:55:28 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.
 
Error: (02/24/2016 08:55:16 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (02/24/2016 08:55:13 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402.
 
Error: (02/24/2016 08:54:56 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver prodrv06.sys has been blocked from loading.
 
Error: (02/24/2016 08:54:51 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver prohlp02.sys has been blocked from loading.
 
Error: (02/24/2016 08:54:51 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver prosync1.sys has been blocked from loading.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 1912.88 MB
Available physical RAM: 1093.59 MB
Total Virtual: 3825.75 MB
Available Virtual: 2443.23 MB
 
==================== Drives ================================
 
Drive c: (S3A8047D003) (Fixed) (Total:286.32 GB) (Free:43.8 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: DD7B6696)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)
 
==================== End of Addition.txt ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 24 February 2016 - 06:27 PM

Hi Buriedindream,
 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

===========================================================================================

 

Please do the following,

 

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • HitmanPro
  • Adware_Removal_Tool
  • F-Secure
  • uTorrent
  • LimeWire

And Applications:

  • C:\Program Files\Adware Removal Tool by TSA

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

========================================================================

Ensure your external and/or USB drives are inserted always during the scan

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 25 February 2016 - 02:05 PM

Hi there,

 

I have uninstalled Utorrent, hitman pro and removed the adware removal tool, i didnt have F-secure or Limewire.

 

I have a question. I am just about to run the Zemana scan, i am about to turn off the real time scanner for Microsoft security essentials and turn off the firewall (dont have any other than the windows firewall) as advised before i do the scan, but am i to turn these both back on again after the scan before coming back online to this site? Thought i had better check..

 

I have included a screenshot of Zemana.. Auto launch should be unchecked right?

 

Thank you :)

Attached Files


Edited by Buriedindream, 25 February 2016 - 02:53 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 25 February 2016 - 03:02 PM

Settings must be like in the picture
Start browsing now


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 25 February 2016 - 03:46 PM

Ok i started the scan after reading your response and realized a little into scanning i had forgotten to turn microsoft security essentials and firewall off, so posting the half scan, and the full scan which had been done while both were turned off.

 

No option to run as admin so just pressed scan. Restarting pc now.

 

Here is the first result (half scan)    WILL POST FULL SCAN BENEATH ALSO

 

Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Terminated
Scan Date              : 2016/2/26
Operating System       : Windows 7 32-bit
Processor              : 2X Pentium® Dual-Core CPU T4400 @ 2.20GHz
BIOS Mode              : Legacy
CUID                   : 00768E051FC00A4F63E454
Scan Type              : Smart Scan
Duration               : 3m 27s
Scanned Objects        : 14069
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Generic Root Trust CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob = 5C000000010000000400000000100000190000000100000010000000C3C6FF7213FE624BAE4831301BA17D090F0000000100000014000000AC596AC410AD9E88C97A631F2030F3D90D3C1A65030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA71950B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000140000000100000014000000CE5FBC70E3290C4537046BC28AEAB9783D4E602D04000000010000001000000010FD129C4DE26F6B67B096D644CBEBC720000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5AB921EEEDC9925E13C9FDA8F2AE1F22359975D4FB96CE2FE1CC7E846180F504039A681573487E9FEF3CF0CA8E75B07D54C4B8D02B3E24B2CF4F66EA5F93D89D06D63634619D5F22862A42923F1A1A7FFB24C3652B432634994B2F711F25C855D79614A63ED4376AD7974C6DA2A7859DCAE775C6F3D691B90276A3A68A4C7D05E01F7FA3EA3BCF5903C744B4A62742042EAA3FBA041CDC1560CDAA90203010001A38198308195300F0603551D130101FF040530030101FF302F0603551D1F042830263024A022A020861E687474703A2F2F63726C2E67727369676E2E636F6D2F726F6F742E63726C30510603551D01044A3048801081CCA285444BBDF62F30A7426F3C0525A1223020311E301C0603550403131547656E6572696320526F6F7420547275737420434182100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05000382020100DDFF3647576E7AE7A101FB531683247AF3276623F6CFABA169B78039019FAD7D1297E568E8D8FD115F431F8FFAB1DED33BC78159F3277CDBC1E21B7C54300F21D26B1CF7C6DFF5EE507FDBFCC0D71B67462EFC664ABEC83F11D1C04D064129B4FB794893B46E87E8068774575DED1C66B90C5DBF59FD188495116301FC109F2314BB0AB2D2201339D9D0D2BFC11F4CA78340F3D221788E887DC62D38554BDC8C5CD928A7EE33F63559DF868192C667215B4D7B917E383D365CAFF123987F05E0B340B5083C87F037725D525136C5CCDA2ACDC2D229AD6794A764A1BEF40FBAB55E3A0D432124C449EF956AFB0E75C388C629189D0D065956A81179BBB96D9E29B1C994FA8EB1AD2BB87467BCEF4749FED2197F4A3D8AE58B6765041B7D7FEC600E62E05707998D480CB81C2F2125D0C41504FC0449BBF7FC97E028E37357EC9FEB96D35721428633527FFEF4D1E34BCA9DEB16B1AD1D682DC199B654DAF18BF6F1699C47AD9A2C8109F5A3053745CC196D3474D94AC9BC78E7C0D6B198A890B506E74D9F3989D1A6C5DEFF18B4AF9680AD945F7EA46C116A57E6A117FF6D1014EDD19A8C55260B40EA310FEEEED5BFB42BAF8CAABD20CBB6263289DAB5E1BB3023417BF97ED5D14C91106D2473BC71DE95BFCDEB18093FD8B78FAEA0F8BFA8FA2348CCC289CB5CC76A37701842661A40E9EE0DDED2A3ABBA0F29E761D9E7F8DC
 
VeriSign Class 3 Code Signing 2009-2 CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob = 190000000100000010000000C763A218002B666458293666AF69E0960F000000010000001400000003F55B4DB5C35C83945318021724039001E009DA0300000001000000140000005557C0953FBD9F93745B214FB2483E9369B597F0140000000100000014000000B9ADA723835784199FC276D5825FA7C23E48FF322000000001000000E7040000308204E3308203CBA0030201020210109F1DAAAFB83315A6B64A6EED82D816300D06092A864886F70D01010505003081B6310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F7270612028632930393130302E06035504031327566572695369676E20436C617373203320436F6465205369676E696E6720323030392D32204341301E170D3039313130343030303030305A170D3132313130333233353935395A3081A0310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65204369747931143012060355040A140B445420536F6674204C7464313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E207632311430120603550403140B445420536F6674204C746430819F300D06092A864886F70D010101050003818D003081890281810098D43C8BDBF9ABF7B0628E0F5C146E0A20D1177F550643082387488EE46B0270ECF7BD62C4C5F14D3FA8568F9CCEEA469BF325CEA2065E76369298C78194B8252461C5E59E24A024947858009AFD811564366E756A85089E52C116B191829AE93AEC4747D99F2301A3DEFC43266B466F4F19293658594BD9A98BE92D245B2F2F0203010001A38201833082017F30090603551D1304023000300E0603551D0F0101FF04040302078030440603551D1F043D303B3039A037A0358633687474703A2F2F637363332D323030392D322D63726C2E766572697369676E2E636F6D2F435343332D323030392D322E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F72706130130603551D25040C300A06082B06010505070303307506082B0601050507010104693067302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303F06082B060105050730028633687474703A2F2F637363332D323030392D322D6169612E766572697369676E2E636F6D2F435343332D323030392D322E636572301F0603551D2304183016801497D06BA82670C8A13F941F082DC4359BA4A11EF2301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101006B0B1C2813CAE3A009B57810C2DA153DB4342DA632717A0374BAE9A489F87877DAEF4A72A960BAFD1A41E2A08C6B17BD39DEA86D5C52DDB4CAA00A57DF07F3766103DE0D8FF3C8396D86C9F8BAB4C90F13A13212CED23339697F48B67541173AF9B17D83C5178982D556F4C56BBCB1A764B2CF70667B95AAF44C4A12E74D3BA4BB93FB9FA414AF5638E89CCEE9A40C47857C61FF8C57551BE1959E60C10DE477AD52457CBA23DB9753BF5FB5E2C31F13619AACA720A2C287DBE0D91C29F5D8862E203476D126A4922FFDC5FDB63EFFEA611582485AF7F28209C4BB133ED0CA06316DEA5FB40058F94B52245DEAF8DD5173CC18955870F6388C73EC8135699D89
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 48BDF5B4496BCD99BEECC5E6E16FC975
Publisher          : -
Size               : 1763
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Traces             :
                Hosts file - 127.0.0.1 - google.com
                File - %systemroot%\system32\drivers\etc\hosts
 
 
 
 
****************************   FULL SCAN RESULT ************************************
 
Zemana AntiMalware 2.19.2.904 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/2/26
Operating System       : Windows 7 32-bit
Processor              : 2X Pentium® Dual-Core CPU T4400 @ 2.20GHz
BIOS Mode              : Legacy
CUID                   : 00768E051FC00A4F63E454
Scan Type              : Smart Scan
Duration               : 3m 5s
Scanned Objects        : 13961
Detected Objects       : 12
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Generic Root Trust CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195\Blob = 5C000000010000000400000000100000190000000100000010000000C3C6FF7213FE624BAE4831301BA17D090F0000000100000014000000AC596AC410AD9E88C97A631F2030F3D90D3C1A65030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA71950B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000140000000100000014000000CE5FBC70E3290C4537046BC28AEAB9783D4E602D04000000010000001000000010FD129C4DE26F6B67B096D644CBEBC720000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5AB921EEEDC9925E13C9FDA8F2AE1F22359975D4FB96CE2FE1CC7E846180F504039A681573487E9FEF3CF0CA8E75B07D54C4B8D02B3E24B2CF4F66EA5F93D89D06D63634619D5F22862A42923F1A1A7FFB24C3652B432634994B2F711F25C855D79614A63ED4376AD7974C6DA2A7859DCAE775C6F3D691B90276A3A68A4C7D05E01F7FA3EA3BCF5903C744B4A62742042EAA3FBA041CDC1560CDAA90203010001A38198308195300F0603551D130101FF040530030101FF302F0603551D1F042830263024A022A020861E687474703A2F2F63726C2E67727369676E2E636F6D2F726F6F742E63726C30510603551D01044A3048801081CCA285444BBDF62F30A7426F3C0525A1223020311E301C0603550403131547656E6572696320526F6F7420547275737420434182100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05000382020100DDFF3647576E7AE7A101FB531683247AF3276623F6CFABA169B78039019FAD7D1297E568E8D8FD115F431F8FFAB1DED33BC78159F3277CDBC1E21B7C54300F21D26B1CF7C6DFF5EE507FDBFCC0D71B67462EFC664ABEC83F11D1C04D064129B4FB794893B46E87E8068774575DED1C66B90C5DBF59FD188495116301FC109F2314BB0AB2D2201339D9D0D2BFC11F4CA78340F3D221788E887DC62D38554BDC8C5CD928A7EE33F63559DF868192C667215B4D7B917E383D365CAFF123987F05E0B340B5083C87F037725D525136C5CCDA2ACDC2D229AD6794A764A1BEF40FBAB55E3A0D432124C449EF956AFB0E75C388C629189D0D065956A81179BBB96D9E29B1C994FA8EB1AD2BB87467BCEF4749FED2197F4A3D8AE58B6765041B7D7FEC600E62E05707998D480CB81C2F2125D0C41504FC0449BBF7FC97E028E37357EC9FEB96D35721428633527FFEF4D1E34BCA9DEB16B1AD1D682DC199B654DAF18BF6F1699C47AD9A2C8109F5A3053745CC196D3474D94AC9BC78E7C0D6B198A890B506E74D9F3989D1A6C5DEFF18B4AF9680AD945F7EA46C116A57E6A117FF6D1014EDD19A8C55260B40EA310FEEEED5BFB42BAF8CAABD20CBB6263289DAB5E1BB3023417BF97ED5D14C91106D2473BC71DE95BFCDEB18093FD8B78FAEA0F8BFA8FA2348CCC289CB5CC76A37701842661A40E9EE0DDED2A3ABBA0F29E761D9E7F8DC
 
VeriSign Class 3 Code Signing 2009-2 CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob = 190000000100000010000000C763A218002B666458293666AF69E0960F000000010000001400000003F55B4DB5C35C83945318021724039001E009DA0300000001000000140000005557C0953FBD9F93745B214FB2483E9369B597F0140000000100000014000000B9ADA723835784199FC276D5825FA7C23E48FF322000000001000000E7040000308204E3308203CBA0030201020210109F1DAAAFB83315A6B64A6EED82D816300D06092A864886F70D01010505003081B6310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F7270612028632930393130302E06035504031327566572695369676E20436C617373203320436F6465205369676E696E6720323030392D32204341301E170D3039313130343030303030305A170D3132313130333233353935395A3081A0310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65204369747931143012060355040A140B445420536F6674204C7464313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E207632311430120603550403140B445420536F6674204C746430819F300D06092A864886F70D010101050003818D003081890281810098D43C8BDBF9ABF7B0628E0F5C146E0A20D1177F550643082387488EE46B0270ECF7BD62C4C5F14D3FA8568F9CCEEA469BF325CEA2065E76369298C78194B8252461C5E59E24A024947858009AFD811564366E756A85089E52C116B191829AE93AEC4747D99F2301A3DEFC43266B466F4F19293658594BD9A98BE92D245B2F2F0203010001A38201833082017F30090603551D1304023000300E0603551D0F0101FF04040302078030440603551D1F043D303B3039A037A0358633687474703A2F2F637363332D323030392D322D63726C2E766572697369676E2E636F6D2F435343332D323030392D322E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F72706130130603551D25040C300A06082B06010505070303307506082B0601050507010104693067302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303F06082B060105050730028633687474703A2F2F637363332D323030392D322D6169612E766572697369676E2E636F6D2F435343332D323030392D322E636572301F0603551D2304183016801497D06BA82670C8A13F941F082DC4359BA4A11EF2301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101006B0B1C2813CAE3A009B57810C2DA153DB4342DA632717A0374BAE9A489F87877DAEF4A72A960BAFD1A41E2A08C6B17BD39DEA86D5C52DDB4CAA00A57DF07F3766103DE0D8FF3C8396D86C9F8BAB4C90F13A13212CED23339697F48B67541173AF9B17D83C5178982D556F4C56BBCB1A764B2CF70667B95AAF44C4A12E74D3BA4BB93FB9FA414AF5638E89CCEE9A40C47857C61FF8C57551BE1959E60C10DE477AD52457CBA23DB9753BF5FB5E2C31F13619AACA720A2C287DBE0D91C29F5D8862E203476D126A4922FFDC5FDB63EFFEA611582485AF7F28209C4BB133ED0CA06316DEA5FB40058F94B52245DEAF8DD5173CC18955870F6388C73EC8135699D89
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 48BDF5B4496BCD99BEECC5E6E16FC975
Publisher          : -
Size               : 1763
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Traces             :
                Hosts file - 127.0.0.1 - google.com
                File - %systemroot%\system32\drivers\etc\hosts
 
DownloadProxyPS.dll
Status             : Scanned
Object             : %commonprogramfiles%\tencent\qqdownload\125\downloadproxyps.dll
MD5                : E9D54EF47FA2D4867533EAE934B81272
Publisher          : Tencent Technology(Shenzhen) Company Limited
Size               : 69176
Version            : 1.0.125.3
Detection          : Trojan:Win32/Tencent!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %commonprogramfiles%\tencent\qqdownload\125\downloadproxyps.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}\InprocServer32\@ = C:\program files\common files\tencent\qqdownload\125\DownloadProxyPS.dll
 
OCComSDK.dll
Status             : Scanned
Object             : %localappdata%\temp\hyde527.tmp.1456424079\hta\3rdparty\occomsdk.dll
MD5                : B24375972DC03AB61F611CCF1A0A40BC
Publisher          : OpenCandy
Size               : 193632
Version            : 1.0.0.1
Detection          : Adware:Win32/OpenCandy!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\temp\hyde527.tmp.1456424079\hta\3rdparty\occomsdk.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}\InprocServer32\@ = C:\Users\ELIZAB~1\AppData\Local\Temp\HYDE527.tmp.1456424079\HTA\3rdparty\OCComSDK.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}\InprocServer32\@ = C:\Users\ELIZAB~1\AppData\Local\Temp\HYDE527.tmp.1456424079\HTA\3rdparty\OCComSDK.dll
 
tencentdl.exe
Status             : Scanned
Object             : %commonprogramfiles%\tencent\qqdownload\125\tencentdl.exe
MD5                : 92347A3335388FD8DE040B24E4B8A472
Publisher          : Tencent Technology(Shenzhen) Company Limited
Size               : 904760
Version            : 1.0.125.3
Detection          : Trojan:Win32/Tencent!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %commonprogramfiles%\tencent\qqdownload\125\tencentdl.exe
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\LocalServer32\@ = "C:\program files\common files\tencent\qqdownload\125\tencentdl.exe"
 
cmmcfg32.dll
Status             : Scanned
Object             : %systemroot%\system32\cmmcfg32.dll
MD5                : 8EB402089AFC724150FF5A07081EEA61
Publisher          : -
Size               : 73728
Version            : -
Detection          : Trojan:Win32/Hellium.A!Rktm
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\cmmcfg32.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{4DB74D06-491C-440D-305E-012400990F3E}\InprocServer32\@ = C:\windows\system32\cmmcfg32.dll
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DB74D06-491C-440D-305E-012400990F3E}\@ = C:\windows\system32\cmmcfg32.dll
 
amisetup0936__16582.exe
Status             : Scanned
Object             : %localappdata%\temp\amisetup0936__16582.exe
MD5                : A58AEED3C5BCDEB79390B6DD5BCBFB50
Publisher          : -
Size               : 707072
Version            : 34.0.0.445
Detection          : Adware:Win32/Amonetize!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %localappdata%\temp\amisetup0936__16582.exe
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{2f776aef-8a9e-49d7-a54d-782e406d57c4}\LocalServer32\@ = "C:\Users\ELIZAB~1\AppData\Local\Temp\amisetup0936__16582.exe"
 
FreeVPN.exe
Status             : Scanned
Object             : %appdata%\freevpn\freevpn.exe
MD5                : A618D48CCC594D5170E1670BF61A4339
Publisher          : -
Size               : 239108
Version            : -
Detection          : Trojan:Win32/Blackoat.A!Real
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\freevpn\freevpn.exe
                Scheduled Task - C:\windows\System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN
 
winlogoon.exe
Status             : Scanned
Object             : %systemroot%\system32\winlogoon.exe
MD5                : EC84C8724EE0DA377F8C156CBB852F19
Publisher          : -
Size               : 40960
Version            : -
Detection          : Malware:Win32/Fidelz.A!Rmrr
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\winlogoon.exe
                Scheduled Task - At1.job
                Scheduled Task - C:\windows\System32\Tasks\At1
 
45837193.dll
Status             : Scanned
Object             : %allusersprofile%\73fc048f\45837193.dll
MD5                : A6C2E2403C806D38F0CCA06BE407622C
Publisher          : -
Size               : 526848
Version            : -
Detection          : Adware:Win32/Blackoat.A!Lkke
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\73fc048f\45837193.dll
                Scheduled Task - C:\windows\System32\Tasks\{1835E6EF-D413-A29B-264F-C44AD0B30475}
 
46266yqvguz5r.exe
Status             : Scanned
Object             : %commonprogramfiles%\qevrfwla\46266yqvguz5r.exe
MD5                : ED97AA987A971352B18F45FFCC38919A
Publisher          : -
Size               : 59904
Version            : 0.0.0.0
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %commonprogramfiles%\qevrfwla\46266yqvguz5r.exe
                Scheduled Task - C:\windows\System32\Tasks\rfi4glvu
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 12
Reported as safe      : 0
Failed                : 0
 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 25 February 2016 - 05:07 PM

Very good,thank you.

 

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 25 February 2016 - 05:53 PM

 Thank you so much Olgun52 :)  Here are the results: 

 

ComboFix 16-02-23.01 - Elizabeth 26/02/2016  11:19:46.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.1913.1225 [GMT 13:00]
Running from: c:\users\Elizabeth\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elizabeth\AppData\Roaming\.#
c:\users\Elizabeth\AppData\Roaming\Freedox.bin
c:\windows\system32\is-9D8AA.tmp
c:\windows\system32\is-B0IHV.tmp
c:\windows\system32\is-DPSA2.tmp
c:\windows\system32\is-KJL9M.tmp
c:\windows\system32\is-PGK09.tmp
c:\windows\system32\is-R16UU.tmp
c:\windows\system32\xa186051768.exe
c:\windows\system32\xa186053578.exe
c:\windows\system32\xa186062735.exe
c:\windows\system32\xa186064358.exe
E:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-25 to 2016-02-25  )))))))))))))))))))))))))))))))
.
.
2016-02-25 22:34 . 2016-02-25 22:37 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2016-02-25 19:47 . 2015-11-25 10:43 9014120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AAF4059-AF6B-47EC-830D-53759499DF96}\mpengine.dll
2016-02-25 18:41 . 2016-02-25 18:41 179448 ----a-w- c:\windows\system32\drivers\zam32.sys
2016-02-25 18:41 . 2016-02-25 18:41 179448 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2016-02-25 18:41 . 2016-02-25 18:41 -------- d-----w- c:\program files\Zemana AntiMalware
2016-02-25 18:41 . 2016-02-25 18:41 -------- d-----w- c:\users\Elizabeth\AppData\Local\Zemana
2016-02-24 20:11 . 2016-02-24 22:44 -------- d-----w- C:\FRST
2016-02-24 06:49 . 2015-11-25 10:43 9014120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-24 02:42 . 2016-02-24 07:54 -------- d-----w- c:\users\Elizabeth\AppData\Roaming\denaf
2016-02-24 02:40 . 2016-02-24 04:44 -------- d-----w- c:\programdata\0a6335f2-62e1-0
2016-02-24 02:40 . 2016-02-24 04:44 -------- d-----w- c:\programdata\0a6335f2-6413-1
2016-02-22 23:39 . 2016-02-22 23:39 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-22 19:30 . 2016-02-23 20:35 290304 ----a-w- c:\windows\system32\subinacl.exe
2016-02-22 03:42 . 2016-02-25 20:38 -------- d-----w- c:\program files\Common Files\qevrfwla
2016-02-22 03:12 . 2016-02-22 03:13 -------- d-----w- c:\programdata\0a6335f2-1f07-1
2016-02-22 03:12 . 2016-02-22 03:12 -------- d-----w- c:\programdata\0a6335f2-1723-0
2016-02-22 03:10 . 2016-02-22 03:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2016-02-22 02:48 . 2016-02-22 02:48 -------- d-----w- c:\programdata\0a6335f2-2225-0
2016-02-22 02:48 . 2016-02-22 08:24 -------- d-----w- c:\programdata\4ac44f26-6e01-0
2016-02-22 02:48 . 2016-02-22 02:48 -------- d-----w- c:\programdata\0a6335f2-6e01-1
2016-02-22 02:43 . 2016-02-22 08:24 -------- d-----w- c:\programdata\4ac44f26-0853-0
2016-02-22 02:42 . 2016-02-25 20:38 -------- d-----w- c:\programdata\73fc048f
2016-02-22 02:42 . 2016-02-22 02:42 -------- d-----w- c:\programdata\{13eacfb8-6190-0}
2016-02-22 02:42 . 2016-02-22 02:42 -------- d-----w- c:\programdata\{0d1ed9c7-6190-1}
2016-02-22 02:42 . 2016-02-22 02:42 -------- d-----w- c:\programdata\{00c6aff5-4190-0}
2016-02-22 02:42 . 2016-02-22 02:43 -------- d-----w- c:\programdata\0a6335f2-5303-0
2016-02-22 02:42 . 2016-02-22 02:43 -------- d-----w- c:\programdata\0a6335f2-6bb5-1
2016-02-21 01:36 . 2016-02-25 20:38 -------- d-----w- c:\users\Elizabeth\AppData\Roaming\FreeVPN
2016-02-14 23:07 . 2016-02-14 23:07 -------- d-----w- c:\program files\Games
2016-02-10 01:49 . 2016-01-11 18:47 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-10 01:49 . 2016-01-11 18:17 2062848 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-10 01:49 . 2016-01-11 18:14 573440 ----a-w- c:\windows\system32\wuapi.dll
2016-02-10 01:49 . 2016-01-11 18:47 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-10 01:49 . 2016-01-11 18:35 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-10 01:49 . 2016-01-11 18:14 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-10 01:49 . 2016-01-11 18:14 35840 ----a-w- c:\windows\system32\wups2.dll
2016-02-10 01:49 . 2016-01-11 18:14 136192 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-10 01:49 . 2016-01-11 18:14 30208 ----a-w- c:\windows\system32\wups.dll
2016-02-10 01:49 . 2016-01-11 18:14 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-10 01:49 . 2016-01-11 18:14 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-10 01:48 . 2016-01-11 14:07 1198080 ----a-w- c:\windows\system32\appraiser.dll
2016-02-10 01:48 . 2016-01-16 18:34 949760 ----a-w- c:\windows\system32\aeinv.dll
2016-02-10 01:48 . 2016-01-11 14:07 591360 ----a-w- c:\windows\system32\invagent.dll
2016-02-10 01:48 . 2016-01-11 14:07 544768 ----a-w- c:\windows\system32\generaltel.dll
2016-02-10 01:48 . 2016-01-11 14:07 424960 ----a-w- c:\windows\system32\devinv.dll
2016-02-10 01:48 . 2016-01-16 18:42 22464 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-10 01:48 . 2016-01-11 14:07 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-02-10 01:48 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\system32\ole32.dll
2016-02-10 01:47 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\explorer.exe
2016-02-10 01:47 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 01:47 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\system32\authui.dll
2016-02-10 01:47 . 2016-01-06 18:42 1225216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-10 01:47 . 2016-01-06 18:41 939520 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-10 01:47 . 2016-01-06 18:41 991232 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-02-10 01:47 . 2016-01-06 18:41 971776 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-02-10 01:47 . 2016-01-06 18:41 672768 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-02-10 01:47 . 2016-01-06 18:41 1415168 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-10 01:45 . 2016-01-07 17:35 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 00:56 . 2016-02-10 00:56 -------- d-----w- c:\program files\iPod
2016-02-10 00:56 . 2016-02-10 00:56 -------- d-----w- c:\program files\iTunes
2016-02-10 00:52 . 2016-02-10 00:52 -------- d-----w- c:\program files\Bonjour
2016-02-05 19:54 . 2015-07-01 00:04 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{300CE0DE-39A1-4C44-BF85-647DD8EC09FE}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-24 06:55 . 2015-08-23 02:20 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-10 18:20 . 2012-07-29 00:19 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-10 18:20 . 2011-06-15 20:08 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-09 03:39 . 2010-02-16 06:39 247976 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 21:54 . 2016-01-13 01:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 902144 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 815616 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 01:49 739328 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 740352 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 01:49 1568768 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 665088 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 358400 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 1202688 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 21:54 . 2016-01-13 01:49 1325056 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 01:49 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 01:49 154112 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 01:49 338944 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 21:53 . 2016-01-13 01:49 206848 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 01:49 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 21:53 . 2016-01-13 01:49 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 21:53 . 2016-01-13 01:49 206848 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 21:53 . 2016-01-13 01:45 509952 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 21:53 . 2016-01-13 01:49 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 01:49 829952 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 01:49 241152 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 241152 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 79872 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 415744 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 3209728 ----a-w- c:\windows\system32\mf.dll
2015-12-08 21:53 . 2016-01-13 01:49 728576 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 21:53 . 2016-01-13 01:49 609280 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 01:49 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 21:53 . 2016-01-13 01:49 53248 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 01:49 103424 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 21:53 . 2016-01-13 01:49 4608 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 21:53 . 2016-01-13 01:49 489984 ----a-w- c:\windows\system32\evr.dll
2015-12-08 21:53 . 2016-01-13 01:45 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 21:53 . 2016-01-13 01:49 67584 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 21:53 . 2016-01-13 01:49 153600 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 01:49 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 01:49 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 01:49 193536 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 21:50 . 2016-01-13 01:49 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 21:43 . 2016-01-13 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 21:11 . 2016-01-13 01:49 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 21:11 . 2016-01-13 01:49 5120 ----a-w- c:\windows\system32\drivers\drmkaud.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 4556048]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 986872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 157456]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2016-02-18 12831984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 19:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 05:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2015-02-27 16:41 4556048 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-17 09:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 01:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 00:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-11 19:37 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-02-13 06:21 2065944 ----a-w- c:\users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-04 1135416]
R2 Update eye perform;Update eye perform;c:\program files\eye perform\updateeyeperform.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-02-22 19984]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\ELIZAB~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\DRIVERS\hwusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-01-22 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-04 51928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-12 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-01-29 292816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-06-30 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-03 691696]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2016-02-25 179448]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [2016-02-25 179448]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files\Common Files\DVDVideoSoft\lib\app_updater.exe [2016-01-18 388968]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [2016-02-18 12831984]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1030928]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-04-10 25104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-04 23256]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-06-19 1117800]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 20:15 1088664 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 18:20]
.
2016-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-27 02:28]
.
2016-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-27 02:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Amazify this photo - c:\users\Elizabeth\AppData\Local\PixBrite\Amazifier\Extensions\ExtIE\AmazifyExt.html
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5CBCB0C-C464-4E1C-9AB7-64A8BD40202F}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5CBCB0C-C464-4E1C-9AB7-64A8BD40202F}\4586F6D637F6E6637353246483: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
WebBrowser-{28E515BD-3505-4E5D-9BD1-D54C213F64D8} - (no file)
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
MSConfigStartUp-Desktop Clock-7 - c:\program files\Desktop Clock-7\Desktop Clock-7.exe
MSConfigStartUp-DS Clock - c:\program files\DS Clock\DSClock.exe
MSConfigStartUp-dvd43 - c:\program files\dvd43\dvd43_tray.exe
MSConfigStartUp-Facebook Update - c:\users\Elizabeth\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Google Update - c:\users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-iFunBox - c:\program files\i-Funbox DevTeam\iFunBox.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4288062432-252110514-3150149879-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4288062432-252110514-3150149879-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2016-02-26  11:46:22 - machine was rebooted
ComboFix-quarantined-files.txt  2016-02-25 22:46
.
Pre-Run: 45,895,045,120 bytes free
Post-Run: 47,433,928,704 bytes free
.
- - End Of File - - 6465D58805D1C788D33ED987B58569D2
5B5E648D12FCADC244C1EC30318E1EB9


#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 25 February 2016 - 06:53 PM

Good job !

 

Please do the following:

 

Please uninstall:
uTorrent
Free VPN

================================================

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

ClearJavaCache::
File::
c:\users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe
c:\users\ELIZAB~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys

Folder::
c:\users\Elizabeth\AppData\Roaming\denaf
c:\programdata\0a6335f2-62e1-0
c:\programdata\0a6335f2-6413-1
c:\program files\Common Files\qevrfwla
c:\programdata\0a6335f2-1f07-1
c:\programdata\0a6335f2-1723-0
c:\programdata\0a6335f2-2225-0
c:\programdata\4ac44f26-6e01-0
c:\programdata\0a6335f2-6e01-1
c:\programdata\4ac44f26-0853-0
c:\programdata\73fc048f
c:\programdata\{13eacfb8-6190-0}
c:\programdata\{0d1ed9c7-6190-1}
c:\programdata\{00c6aff5-4190-0}
c:\programdata\0a6335f2-5303-0
c:\programdata\0a6335f2-6bb5-1
c:\users\Elizabeth\AppData\Roaming\FreeVPN

registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKLM\~\startupfolder\C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=-
backup=-
backupExtension=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

driver::
F-Secure Standalone Minifilter

DDS::
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: vizzed.com\www

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running now and if there are any outstanding issues.

======================================================================================

 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Edited by olgun52, 25 February 2016 - 06:54 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 25 February 2016 - 09:49 PM

Hi and thank you!

 

I had already uninstalled Utorrent, and Free VPN i cant see in the add or removed programs..

 

Should i still have the firewall turned off? Microsoft security is still turned off also.

 

Combo fix Result log and malwarebytes scan result below that:     

 

ComboFix 16-02-23.01 - Elizabeth 26/02/2016  13:59:42.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.1913.1192 [GMT 13:00]
Running from: c:\users\Elizabeth\Desktop\ComboFix.exe
Command switches used :: c:\users\Elizabeth\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ELIZAB~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys"
"c:\users\Elizabeth\AppData\Roaming\uTorrent\uTorrent.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\qevrfwla
c:\program files\Common Files\qevrfwla\46266yqvguz5r.exe.config
c:\programdata\{00c6aff5-4190-0}
c:\programdata\{00c6aff5-4190-0}\BITACF4.tmp
c:\programdata\{0d1ed9c7-6190-1}
c:\programdata\{0d1ed9c7-6190-1}\BITAC95.tmp
c:\programdata\{13eacfb8-6190-0}
c:\programdata\{13eacfb8-6190-0}\BITACD4.tmp
c:\programdata\0a6335f2-1723-0
c:\programdata\0a6335f2-1f07-1
c:\programdata\0a6335f2-2225-0
c:\programdata\0a6335f2-5303-0
c:\programdata\0a6335f2-62e1-0
c:\programdata\0a6335f2-6413-1
c:\programdata\0a6335f2-6bb5-1
c:\programdata\0a6335f2-6e01-1
c:\programdata\4ac44f26-0853-0
c:\programdata\4ac44f26-6e01-0
c:\programdata\73fc048f
c:\users\Elizabeth\AppData\Roaming\denaf
c:\users\Elizabeth\AppData\Roaming\FreeVPN
c:\windows\system32\ICON.ico
c:\windows\system32\roboot.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F-SECURE_STANDALONE_MINIFILTER
-------\Service_F-Secure Standalone Minifilter
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-26 to 2016-02-26  )))))))))))))))))))))))))))))))
.
.
2016-02-26 01:15 . 2016-02-26 01:18 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2016-02-25 19:47 . 2015-11-25 10:43 9014120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AAF4059-AF6B-47EC-830D-53759499DF96}\mpengine.dll
2016-02-25 18:41 . 2016-02-25 18:41 179448 ----a-w- c:\windows\system32\drivers\zam32.sys
2016-02-25 18:41 . 2016-02-25 18:41 179448 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2016-02-25 18:41 . 2016-02-25 18:41 -------- d-----w- c:\program files\Zemana AntiMalware
2016-02-25 18:41 . 2016-02-25 18:41 -------- d-----w- c:\users\Elizabeth\AppData\Local\Zemana
2016-02-24 20:11 . 2016-02-24 22:44 -------- d-----w- C:\FRST
2016-02-24 06:49 . 2015-11-25 10:43 9014120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-22 23:39 . 2016-02-22 23:39 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-02-22 19:30 . 2016-02-23 20:35 290304 ----a-w- c:\windows\system32\subinacl.exe
2016-02-22 03:10 . 2016-02-22 03:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2016-02-14 23:07 . 2016-02-14 23:07 -------- d-----w- c:\program files\Games
2016-02-10 01:49 . 2016-01-11 18:47 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-10 01:49 . 2016-01-11 18:17 2062848 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-10 01:49 . 2016-01-11 18:14 573440 ----a-w- c:\windows\system32\wuapi.dll
2016-02-10 01:49 . 2016-01-11 18:47 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-10 01:49 . 2016-01-11 18:35 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-10 01:49 . 2016-01-11 18:14 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-10 01:49 . 2016-01-11 18:14 35840 ----a-w- c:\windows\system32\wups2.dll
2016-02-10 01:49 . 2016-01-11 18:14 136192 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-10 01:49 . 2016-01-11 18:14 30208 ----a-w- c:\windows\system32\wups.dll
2016-02-10 01:49 . 2016-01-11 18:14 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-10 01:49 . 2016-01-11 18:14 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-10 01:48 . 2016-01-11 14:07 1198080 ----a-w- c:\windows\system32\appraiser.dll
2016-02-10 01:48 . 2016-01-16 18:34 949760 ----a-w- c:\windows\system32\aeinv.dll
2016-02-10 01:48 . 2016-01-11 14:07 591360 ----a-w- c:\windows\system32\invagent.dll
2016-02-10 01:48 . 2016-01-11 14:07 544768 ----a-w- c:\windows\system32\generaltel.dll
2016-02-10 01:48 . 2016-01-11 14:07 424960 ----a-w- c:\windows\system32\devinv.dll
2016-02-10 01:48 . 2016-01-16 18:42 22464 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-10 01:48 . 2016-01-11 14:07 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-02-10 01:48 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\system32\ole32.dll
2016-02-10 01:47 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\explorer.exe
2016-02-10 01:47 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 01:47 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\system32\authui.dll
2016-02-10 01:47 . 2016-01-06 18:42 1225216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-10 01:47 . 2016-01-06 18:41 939520 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-10 01:47 . 2016-01-06 18:41 991232 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-02-10 01:47 . 2016-01-06 18:41 971776 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-02-10 01:47 . 2016-01-06 18:41 672768 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-02-10 01:47 . 2016-01-06 18:41 1415168 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-02-10 01:45 . 2016-01-07 17:35 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 00:56 . 2016-02-10 00:56 -------- d-----w- c:\program files\iPod
2016-02-10 00:56 . 2016-02-10 00:56 -------- d-----w- c:\program files\iTunes
2016-02-10 00:52 . 2016-02-10 00:52 -------- d-----w- c:\program files\Bonjour
2016-02-05 19:54 . 2015-07-01 00:04 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{300CE0DE-39A1-4C44-BF85-647DD8EC09FE}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-24 06:55 . 2015-08-23 02:20 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-10 18:20 . 2012-07-29 00:19 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-02-10 18:20 . 2011-06-15 20:08 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-09 03:39 . 2010-02-16 06:39 247976 ------w- c:\windows\system32\MpSigStub.exe
2015-12-08 21:54 . 2016-01-13 01:49 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 902144 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 815616 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-13 01:49 739328 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 740352 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 21:54 . 2016-01-13 01:49 1568768 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 665088 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 358400 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-13 01:49 1202688 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 21:54 . 2016-01-13 01:49 1325056 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-13 01:49 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-13 01:49 154112 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-13 01:49 338944 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 21:53 . 2016-01-13 01:49 206848 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-13 01:49 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 21:53 . 2016-01-13 01:49 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 21:53 . 2016-01-13 01:49 206848 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 21:53 . 2016-01-13 01:45 509952 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 21:53 . 2016-01-13 01:49 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-13 01:49 829952 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-13 01:49 241152 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 241152 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 79872 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 415744 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-13 01:49 3209728 ----a-w- c:\windows\system32\mf.dll
2015-12-08 21:53 . 2016-01-13 01:49 728576 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 21:53 . 2016-01-13 01:49 609280 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-13 01:49 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 21:53 . 2016-01-13 01:49 53248 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 21:53 . 2016-01-13 01:49 103424 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 21:53 . 2016-01-13 01:49 4608 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 21:53 . 2016-01-13 01:49 489984 ----a-w- c:\windows\system32\evr.dll
2015-12-08 21:53 . 2016-01-13 01:45 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 21:53 . 2016-01-13 01:49 67584 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 21:53 . 2016-01-13 01:49 153600 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-13 01:49 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 21:53 . 2016-01-13 01:49 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 21:53 . 2016-01-13 01:49 193536 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 21:50 . 2016-01-13 01:49 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 21:43 . 2016-01-13 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 21:11 . 2016-01-13 01:49 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 21:11 . 2016-01-13 01:49 5120 ----a-w- c:\windows\system32\drivers\drmkaud.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 4556048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 986872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-13 1085656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 157456]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2016-02-18 12831984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Elizabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 19:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 05:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2015-02-27 16:41 4556048 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-17 09:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 01:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 00:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-11 19:37 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-04 1135416]
R2 Update eye perform;Update eye perform;c:\program files\eye perform\updateeyeperform.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-02-22 19984]
R3 hwmobile;Huawei FP Handset USB Modem and USB Serial;c:\windows\system32\DRIVERS\hwusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-01-22 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-04 51928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-12 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-01-29 292816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-06-30 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-03 691696]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2016-02-25 179448]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [2016-02-25 179448]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files\Common Files\DVDVideoSoft\lib\app_updater.exe [2016-01-18 388968]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [2016-02-18 12831984]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1030928]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-04-10 25104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-04 23256]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-06-19 1117800]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 20:15 1088664 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 18:20]
.
2016-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-27 02:28]
.
2016-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-27 02:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Amazify this photo - c:\users\Elizabeth\AppData\Local\PixBrite\Amazifier\Extensions\ExtIE\AmazifyExt.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{32CCE8AF-FD2F-43D5-9BFF-70359E8002E6}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5CBCB0C-C464-4E1C-9AB7-64A8BD40202F}: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F5CBCB0C-C464-4E1C-9AB7-64A8BD40202F}\4586F6D637F6E6637353246483: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4288062432-252110514-3150149879-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4288062432-252110514-3150149879-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
**************************************************************************
.
Completion time: 2016-02-26  14:27:47 - machine was rebooted
ComboFix-quarantined-files.txt  2016-02-26 01:27
ComboFix2.txt  2016-02-25 22:46
.
Pre-Run: 47,443,324,928 bytes free
Post-Run: 47,134,584,832 bytes free
.
- - End Of File - - 9FD9A9D45E9F3EFCE931C18CA229F5BC
5B5E648D12FCADC244C1EC30318E1EB9
 
 
 
**********************RESULTS FROM MALWAREBYTES SCAN***********************************
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/02/2016
Scan Time: 2:51 p.m.
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.26.01
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Elizabeth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348096
Time Elapsed: 37 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Quarantined, [e06934312970979fbff20b635aaac739], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Quarantined, [94b55f0600999d993e733c32a1630cf4], 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update eye perform, Quarantined, [95b442238c0de74f182006f833cf6a96], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Linkury, C:\Users\Elizabeth\AppData\Roaming\Goldstock.tst, Quarantined, [dc6d293c0e8bab8bdb50dd21837f9c64], 
PUP.Optional.Linkury, C:\Users\Elizabeth\AppData\Roaming\Tam-Tone.tst, Quarantined, [f8512045aced9e981517d8264fb346ba], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 26 February 2016 - 06:08 PM

Thank you Buriedindream,
 

Should i still have the firewall turned off? Microsoft security is still turned off also.

You can run Microsoft security and firewall.
=========================================================
 

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Please follow the below steps to disable "Teredo" and report whether it helps.

 

:step1: Open an elevated "command prompt".

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

 

:step2: Type the below commands exactly and press "Enter" key.

      netsh interface teredo set state disabled

     Reboot the system when completed and check how the torrents works.

=====================================================================================

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

================================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

Please post a fresh FRST Log files for my check, (Frst.txt and Additional.txt)

================================================================

 

How is the machine running now and any issues ? Please let me know.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 26 February 2016 - 07:25 PM


 

Please follow the below steps to disable "Teredo" and report whether it helps.

 

:step1: Open an elevated "command prompt".

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

 

:step2: Type the below commands exactly and press "Enter" key.

      netsh interface teredo set state disabled

     Reboot the system when completed and check how the torrents works.

=====================================================================================

 

 

 

Ok, i created the elevated command prompt and rebooted the system, but i am confused about your next line "check how the torrents work"? I am sorry Olgun52 - i feel like I'm taking up all your time  :blush:  



#14 Buriedindream

Buriedindream
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:12 AM

Posted 26 February 2016 - 11:18 PM

I am just about to do the eset online scan, i followed instructions - checked the options they advised in the box but it wont start the scan when i click start the top two unchecked options just flash a little, for the scan to start should i check something here? Including screenshot, thank you so much (also i have again turned off microsoft security essentials as it said having another antivirus active may affect the scan)

Attached Files


Edited by Buriedindream, 26 February 2016 - 11:45 PM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 PM

Posted 27 February 2016 - 11:20 AM

"check how the torrents work"?
I never use this software. I did not need and i am sorry.

''I'm taking up all your time''
You're quite welcome and please feel.No problem.

''Again turned off microsoft security essentials''
Okay.
 

You can run Eset Online Scanner now.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users